Blog
Search all our posts or browse some of our most recent entries below:
7MS #696: Baby’s First Security Ticketing System
In today's episode: I got a new podcast doodad I really like JitBit as a security ticketing system (not a sponsor) The Threat Hunting with Velociraptor 2-day training was great. Highly recommend. I got inspired to take this class after watching the 1-hour primer here.
7MS #695: Tales of Pentest Pwnage – Part 78
Today's tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don't do this in prod...read this!) Don't forget to check out our weekly Tuesday TOOLSday - live every Tuesday at 10 a.m. over at 7MinSec.club!
7MS #694: Tales of Pentest Pwnage – Part 77
Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as well.
7MS #693: Pwning Ninja Hacker Academy – Part 3
This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2: We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had [...]
7MS #692: Tales of Pentest Pwnage – Part 76
Happy Friday! Today's another hot pile of pentest pwnage. To make it easy on myself I'm going to share the whole narrative that I wrote up for someone else: I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine folks here recommended I try [...]
7MS #691: Tales of Pentest Pwnage – Part 75
Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today's episode: Got an SA account to a SQL server through Snaffler-ing With that SA account, I learned how to coerce Web auth from within a SQL shell - read more about that [...]
7MS #690: Tales of Pentest Pwnage – Part 74
Today's tale of pentest pwnage is a classic case of "If your head is buried in the pentest sand, pop it out for a while, touch grass, and re-enumerate what you've already enumerated, because that can lead to absolute GOLD!"
7MS #689: Pwning Ninja Hacker Academy – Part 2
Hello friends! Today your friend and mine, Joe "The Machine" Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy! Today's pwnage includes: "Upgrading" our Sliver C2 connection to a full system shell using PrintSpoofer! Abusing nanodump to do an lsass minidump....and find our first cred. Analyzing BloodHound data to find (and own) excessive permissions against Active Directory objects
7MS #688: Building a Pentest Training Course Is Fun and Frustrating
Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very carefully so that every student can pwn it while also not breaking the domain for everybody else. I also talk about how three different flavors of AI failed me in [...]
7MS #687: A Peek into the 7MS Mail Bag – Part 5
Hi friends, we're doing something today we haven't done in a hot minute: take a dip into the 7MinSec mail bag! Today we cover these questions: If I'm starting a solo business venture as a security consultancy, is it a good idea to join forces with other solo security business owners and form a consortium of sorts? Have you ever had anything go catastrophically wrong [...]
7MS #686: Our New Pentest Training Course is Almost Ready
Oh man, I'm so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.