7MS #686: Our New Pentest Training Course is Almost Ready
7 Minute Security
Oh man, I’m so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.
info_outline
7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K
7 Minute Security
Today’s kind of a “story time with your friend Brian” episode: a tale of how my neighbor almost got scammed out of $13k. The story has a lot of red flags we can all keep in mind to keep ourselves (as well as kids/friends/parents/etc.) safer from these types of shenanigans.
info_outline
7MS #684: Pwning Ninja Hacker Academy
7 Minute Security
Hey friends, today we start pwning – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!
info_outline
7MS #683: What I'm Working on This Week - Part 4
7 Minute Security
This week I’m working on a mixed bag of fun security and marketing things: A pentest I’m stuck on My latest lab CTF obsession: A cool “about 7MinSec” marketing video that was recorded in a pro studio!
info_outline
7MS #682: Securing Your Family During and After a Disaster – Part 7
7 Minute Security
Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.
info_outline
7MS #681: Pentesting GOAD – Part 3
7 Minute Security
Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of : essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.
info_outline
7MS #680: Tips for a Better Purple Team Experience
7 Minute Security
Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context
info_outline
7MS #679: Tales of Pentest Pwnage – Part 73
7 Minute Security
In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday. I also talk about (and how it might break your pentest deployments if you use ).
info_outline
7MS #678: How to Succeed in Business Without Really Crying – Part 22
7 Minute Security
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!
info_outline
7MS #677: That One Time I Was a Victim of a Supply Chain Attack
7 Minute Security
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
info_outlineHola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things:
- adconnectdump – for all your ADSync account dumping needs!
- Adam Chester PowerShell script to dump MSOL service account
- dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass
- Looking to tighten up your Exchange permissions – check out this crazy detailed post