Blog
Search all our posts or browse some of our most recent entries below:
7MS #679: Tales of Pentest Pwnage – Part 73
In today's tale of pentest pwnage I talk about a cool ADCS ESC3 attack - which I also did live on this week's Tuesday TOOLSday. I also talk about Exegol's licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).
7MS #678: How to Succeed in Business Without Really Crying – Part 22
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!
7MS #677: That One Time I Was a Victim of a Supply Chain Attack
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
7MS #676: Tales of Pentest Pwnage – Part 72
Today's fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect...until it's too late.
7MS #675: Pentesting GOAD – Part 2
Hey friends! Today Joe "The Machine" Skeen and I tackled GOAD (Game of Active Directory) again - this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!
7MS #674: Tales of Pentest Pwnage – Part 71
Today's tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all "branches" of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears
7MS #673: ProxmoxRox
Today we're excited to release ProxmoxRox - a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint
7MS #672: Tales of Pentest Pwnage – Part 70
Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.
7MS #671: Pentesting GOAD
Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat
7MS #670: Adventures in Self-Hosting Security Services
Hi friends, today I'm kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today's episode with a short live video over at 7MinSec.club.
7MS #669: What I’m Working on This Week – Part 3
Hi friends, in this edition of what I'm working on this week: 3 pulse-pounding pentests that had...problems Something I'm calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I'm going to try next week