7 Minute Security

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about . By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at .

7 Minute Security

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

7 Minute Security

Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things:  – for all your ADSync account dumping needs! Adam Chester  to dump MSOL service account  (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this 

7 Minute Security

Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out !) tackling  again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life):  – tremendous resource for enumerating/attacking/privesc-ing within SCCM will help you decrypt SCCM creds stored in SQL

7 Minute Security

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with  The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and ing!

7 Minute Security

Hello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share  – this looks to be an awesome way (both paid and free) to securely share files and passwords

7 Minute Security

In today’s episode I talk about what I’m working on this week, including: Playing with  and pairing it with  Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s 

7 Minute Security

Today we live-hack an SCCM server via  using some attack guidance from !  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

7 Minute Security

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise).  I talk about what a blast I'm having hunting APTs in , and two cool tools I'm building with the help of : A wrapper for that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of -captured files to zero in even closer on interesting things such as usernames and passwords in clear text.

7 Minute Security

Today we continue our journey from  where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range!  Topics include: Building a  (this  was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – you can get a !