7 Minute Security

Hello friends!  This week I’m talking about what I’m working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the . Playing with  (I will show this live on next week’s ). The Light Pentest logo contest has a winner!

7 Minute Security

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn’t think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time! The topic of today’s episode is Pretender (which you can download  and read a lot more about ).  The tool authors explain the motivation behind the tool: “We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of  and only the name resolution...

7 Minute Security

Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/testing backups and restores Ensuring your auto coverage is up to snuff

7 Minute Security

Today I give a quick review of the cloud version of  (not a sponsor!).

7 Minute Security

Today your pal and mine Joe “The Machine” Skeen pwn one of the two  domains!  This pwnage included: Swiping service tickets in the name of high-priv users Dumping secrets from wmorkstations Disabling AV Extracting hashes of gMSA accounts We didn’t get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind.  Going forward, I’m thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish.  My first thought would be to do one long livestream where...

7 Minute Security

In today’s episode: I got a new  I really like  as a security ticketing system (not a sponsor) The  2-day training was great.  Highly recommend.  I got inspired to take this class after watching the 1-hour primer .

7 Minute Security

Today’s tale of pentest pwnage involves: Using  to dump sensitive goodies out of SCCM Using a specific fork of  to find machines I could force password resets on (warning: don’t do this in prod…read !) Don’t forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at !

7 Minute Security

Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The  will help bring this to life as well.

7 Minute Security

This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning .  To review where we’ve been in parts 1 and 2: We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU We useddacledit.py to give ourselves too much permission on the Computers OU Today we: Did an RBCD attack against the WEB box Requested a service ticket...

7 Minute Security

Happy Friday! Today’s another hot pile of pentest pwnage. To make it easy on myself I’m going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine folks here recommended I try relaying to something NOT SMB, like MSSQL. This article had good context on that: . I relayed the DA account to a SQL box that BloodHound said had a “session” from another DA. One part I can’t explain is the first relay got me a shell in...