7MS #699: Pre-Travel Security Tips
Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/testing backups and restores Ensuring your auto coverage is up to snuff
31 Okt 30min
7MS #698: Baby's First ProjectDiscovery
Today I give a quick review of the cloud version of ProjectDiscovery (not a sponsor!).
24 Okt 24min
7MS #697: Pwning Ninja Hacker Academy – Part 4
Today your pal and mine Joe "The Machine" Skeen pwn one of the two Ninja Hacker Academy domains! This pwnage included: Swiping service tickets in the name of high-priv users Dumping secrets from wmorkstations Disabling AV Extracting hashes of gMSA accounts We didn't get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind. Going forward, I'm thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish. My first thought would be to do one long livestream where we complete NHA start to finish. Would you be interested? Let me know at 7MinSec.club, as I'm thinking this could be an interesting piece of bonus content.
18 Okt 13min
7MS #696: Baby's First Security Ticketing System
In today's episode: I got a new podcast doodad I really like JitBit as a security ticketing system (not a sponsor) The Threat Hunting with Velociraptor 2-day training was great. Highly recommend. I got inspired to take this class after watching the 1-hour primer here.
10 Okt 27min
7MS #695: Tales of Pentest Pwnage - Part 78
Today's tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don't do this in prod…read this!) Don't forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at 7MinSec.club!
3 Okt 15min
7MS #694: Tales of Pentest Pwnage – Part 77
Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as well.
26 Sep 33min
7MS #693: Pwning Ninja Hacker Academy – Part 3
This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2: We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU We useddacledit.py to give ourselves too much permission on the Computers OU Today we: Did an RBCD attack against the WEB box Requested a service ticket to give us local admin superpowers on WEB Performed a secretsdump against WEB Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could've just done the mimikatz dump because I had local admin access! Oh well, we'll pick things up again during part 4 next month!)
19 Sep 28min
