Blog
Search all our posts or browse some of our most recent entries below:
7MS #510: First Impressions of Tailscale
Today we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere." Is it really that cool and easy? Listen to today's episode to find out!
7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns – Part 4
Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do. This phishing page has served us well: <html><head><title>YourDomain.com - Office 365 Email Login</title> <style> body { background-image: url("https://YOURDOMAIN.com/static/backgroundimage.png"); background-repeat:no-repeat; background-size:cover; [...]
7MS #508: Tales of Pentest Pwnage – Part 33
Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack. We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion [...]
7MS #507: Interview with Matthew Warner of Blumira
Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendations, sysmon, sysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting Kerberoasting [...]
7MS #506: Tales of Pentest Pwnage – Part 32
Today's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always-under-construction list of things I try early in a pentest for maximum pwnage:Run PingCastleDo the SharpHound/BloodHound dumpsRun the DHCP poisoning module of ResponderCheck the ms-DS-MachineAccountQuota value in the domain - if its at the default (10), then any user can add machines to the [...]
7MS #505: Pwning Wifi PSKs and PMKIDs with Bettercap
Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Bettercap). For some background, I found that the Alfa Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi Adapter w/2x 5dBi External Antennas – 2.4GHz 300Mbps/5GHz 867Mbps – 802.11ac & A, B, G, N works really [...]
7MS #504: Monitoring All Your Cloud Thingies with UptimeRobot
Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing some fun tips to monitor your internal thingies as well - without the use of any extra agent software.A few tips:If you have a port like 80 or 443 that you have firewalled off to not allow any ol' host to hit, [...]
7MS #503: First Impressions of Brute Ratel
Today's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup, and much easier to use (IMHO) than Cobalt Strike. I also talk specifically about some of my favorite command line features, how slick and simple lateral movement is, and the "killer feature" that makes me giggle like the bad guy from Sonic the Hedgehog.In the tangent [...]
7MS #502: Building a Pentest Lab in Azure
Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the [...]
7MS #501: Tales of Pentest Pwnage – Part 31
Today's episode is brought to us by Manscaped. Get 20% off your order + free shipping with the code 7MS at Manscaped.com Today we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory details on this attack path, see the [...]
7MS #500: Interview with John Strand
HAPPY 500 EPISODES, FRIENDS! That's right, 7MS turned 5-0-0 today, and so we asked John Strand of Black Hills Information Security to join us and talk about all things security, including the John/BHIS superhero origin story, the future of pentesting, the (perceived) cybersecurity talent shortage, how to get started with good security practices in your organization, and more! P.S. check out John's first visit to [...]