7MS #681: Pentesting GOAD – Part 3
7 Minute Security
Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of : essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.
info_outline
7MS #680: Tips for a Better Purple Team Experience
7 Minute Security
Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context
info_outline
7MS #679: Tales of Pentest Pwnage – Part 73
7 Minute Security
In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday. I also talk about (and how it might break your pentest deployments if you use ).
info_outline
7MS #678: How to Succeed in Business Without Really Crying – Part 22
7 Minute Security
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!
info_outline
7MS #677: That One Time I Was a Victim of a Supply Chain Attack
7 Minute Security
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
info_outline
7MS #676: Tales of Pentest Pwnage – Part 72
7 Minute Security
Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.
info_outline
7MS #675: Pentesting GOAD – Part 2
7 Minute Security
Hey friends! Today Joe “The Machine” Skeen and I tackled again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!
info_outline
7MS #674: Tales of Pentest Pwnage – Part 71
7 Minute Security
Today’s tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in ) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing (obfuscate it first!) A personal update on my frustration with ringing in my ears
info_outline
7MS #673: ProxmoxRox
7 Minute Security
Today we’re excited to release – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details . We did our second this week and showed you some local privesc techniques when you have local admin on an endpoint
info_outline
7MS #672: Tales of Pentest Pwnage – Part 70
7 Minute Security
Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.
info_outlineToday we’re doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with cursor.ai, and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy. Links discussed today: