7MS #640: Tales of Pentest Pwnage – Part 63
7 Minute Security7 Sep 2024

7MS #640: Tales of Pentest Pwnage – Part 63

This was my favorite pentest tale of pwnage to date! There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here:

  • Sprinkled farmer files around the environment
  • Found high-priv boxes with WebClient enabled
  • Added “ghost” machine to the Active Directory (we’ll call it GHOSTY)
  • RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting
  • Use net.py to add myself to local admin on the victim host
  • Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style!
  • Pulled the TGT from a host not protected with Credential Guard
  • Figured out the stolen user’s account has some “write” privileges to a domain controller
  • Use rbcd.py to delegate from GHOSTY and to the domain controller
  • Request a TGT for GHOSTY
  • Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname)
  • Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group

Avsnitt(682)

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed. 7MS #66: I’m Excited to Go Phishing – Part 2 (audio)

4 Juni 20158min

7MS #65: OFFTOPIC-Still Alice (audio)

7MS #65: OFFTOPIC-Still Alice (audio)

Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice. Yep. That happened. 7MS #65: OFFTOPIC-Still Alice (audio)

3 Juni 20157min

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way. 7MS #64: Wifi Sniffing is Fun-Part 1 (audio)

28 Maj 20157min

7MS #63: I’m Excited to Go Phishing (audio)

7MS #63: I’m Excited to Go Phishing (audio)

This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person? 7MS #63: I’m Excited to…

21 Maj 20157min

7MS #62: You Should Run LAPS (audio)

7MS #62: You Should Run LAPS (audio)

I’m excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience. 7MS #62: You Should Run LAPS…

19 Maj 20157min

7MS #61: Why Local Admin Rights Suck (audio)

7MS #61: Why Local Admin Rights Suck (audio)

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)

14 Maj 20158min

7MS #60: How Not to Suck at Customer Service (audio)

7MS #60: How Not to Suck at Customer Service (audio)

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach? 7MS #60: How Not to Suck at Customer Service (audio)

12 Maj 20158min

7MS #59: Traveling with a Red Giant – Part 2 (audio)

7MS #59: Traveling with a Red Giant – Part 2 (audio)

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode’s about some cool things I learned about it. 7MS #59: Traveling with a Red Giant – Part 2 (audio)

7 Maj 20157min

Populärt inom Politik & nyheter

p3-krim
flashback-forever
rss-viva-fotboll
svd-dokumentara-berattelser-2
olyckan-inifran
rss-vad-fan-hande
svenska-fall
rss-sanning-konsekvens
aftonbladet-daily
fordomspodden
motiv
krimmagasinet
blenda-2
rss-krimstad
rss-frandfors-horna
dagens-eko
spar
spotlight
rss-expressen-dok
svd-nyhetsartiklar