SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Yeahhhhhh! Today’s another fun tale of pentest pwnage, including:

• The importance of starting your pentest with an AD account that actually has access to…ya know…stuff

• The importance of starting your pentest plugged into a network that actually has…you know…systems connected to it!

• This BHIS article is awesome for finding treasures in SMB shares

• PowerUpSQL audits are a powerful way to get pwnage on a pentest – check out this presentation for some practical how-to advice

• IPMI/BMCs often have weak creds and/or auth bypasses so don’t forget to check for them. Rapid7 has a slick blog on the topic.

• Don’t forget to check for vulnerable VMWare versions because some of them have major vulnerabilities