7MS #352: Recap of Rad Red Team Training
7 Minute Security14 Mars 2019

7MS #352: Recap of Rad Red Team Training

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series.

TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end.

If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including:

  • Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit), and the creds might come pouring in!

  • Get potential usable creds from old breaches (Adobe, Ashley Madison, LinkedIn, Spotify)

  • Password spraying is often really effective to get you your first set of creds - check out Spray or DomainPasswordSpray

  • When creating phishing payloads, Veil will help you craft something to bypass AV

  • When you're in a network and have grabbed your first set of creds, run BloodHound or SharpHound to map the Active Directory and find your high-value targets

  • Check systems for MS17-010 for some potential easy wins

  • Look for potential accounts that you can Kerberoast

For more info visit today's show notes on 7ms.us

Avsnitt(702)

7MS #38: OFFTOPIC – Health and Infosec (audio)

7MS #38: OFFTOPIC – Health and Infosec (audio)

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I'm interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape. 7MS…

17 Jan 20157min

7MS #37: Keimpx (audio)

7MS #37: Keimpx (audio)

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)

10 Jan 20157min

7MS #36: OSCP – Part 5 (audio)

7MS #36: OSCP – Part 5 (audio)

More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)

3 Jan 20157min

7MS #35: OSCP – Part 4 (audio)

7MS #35: OSCP – Part 4 (audio)

This is the 4th thrilling installment in our exciting series about the awesome, challenging, rage-inducing, but ultimately rewarding training and certification called OSCP. Download: 7MS #35: OSCP – Part 4 (audio)

27 Dec 20146min

7MS #34: The Hacker Playbook (audio)

7MS #34: The Hacker Playbook (audio)

I found a great bit of reading that walks you through the "plays" of hacking – enumeration, exploitation, post-exploitation, etc. It's a great (and affordable) book called The Hacker Playbook. Cheggitowt! Download: 7MS #34: The Hacker Playbook (audio)

14 Nov 20147min

7MS #33: ProXPN (audio)

7MS #33: ProXPN (audio)

This episode's all about a cool product called ProXPN that I use to encrypt/anonymize my traffic for various reasons. Not a sponsored episode or anything like that, but I am a fan of this service :-). Download: 7MS #33: ProXPN (audio)

7 Nov 20147min

7MS #32: OSCP – part 3 (audio)

7MS #32: OSCP – part 3 (audio)

Been a while since I shared an update on OSCP progress. It's going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: OSCP – part 3 (audio)

1 Nov 20147min

7MS #31: Network Detective (audio)

7MS #31: Network Detective (audio)

Network Detective is a tool we've been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren't working right, and a whole lot more. Download: 7MS #31: Network Detective…

25 Okt 20147min

Populärt inom Politik & nyheter

svenska-fall
motiv
p3-krim
rss-krimstad
fordomspodden
flashback-forever
aftonbladet-krim
blenda-2
rss-viva-fotboll
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
rss-krimreportrarna
dagens-eko
rss-frandfors-horna
olyckan-inifran
grans
rss-flodet
krimmagasinet
rss-aftonbladet-krim