7MS #302: Bunnies and Bloodhounds
Below are show notes for an episode of the 7 Minute Security podcast, a weekly podcast I publish that focuses on topics such as penetration testing, network configuration, blue-teaming and career advice. I welcome you to subscribe in your favorite podcast app so you don't miss an episode!
I've had a fun week with a mixed bag of security related stuff happening, so I thought I'd throw it all in a big stew and cook it up for today's episode. Here are the highlights:
Bash bunny preso
I had a fun opportunity this week to speak to some property managers about the threats the Bash Bunny poses to an environment. Specifically I showed the one-two punch of:
How BB can steal your wireless network pre-shared keys that are saved to your PC
How BB can go into "Responder mode" to capture credentials
From the comfort of my mom's basement I can steal all this stuff, have it emailed to me, then drive up to your parking lot and join your wifi network with valid network creds! Sneaky bunnies FTW!
I got to run this on a big AD environment this week and the results were super interesting. I'm working on a down and dirty Bloodhound quick start guide for BPATTY (coming soon).
Brian's botched wireless
Lesson learned this week: doing large Nessus scans from your home network can crush your ERX so scan with care (specifically, go into your Nessus policy and don't scan as many hosts simultaneously - I cranked mine down from like 100 hosts at a time to 5).