Blog
Search all our posts or browse some of our most recent entries below:
7MS #648: First Impressions of Level.io
Hey friends, today I'm sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.
7MS #647: How to Succeed in Business Without Really Crying – Part 19
Today we're talkin' business - specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).
7MS #646: Baby’s First Incident Response with Velociraptor
Hey friends, today I'm putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment. Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to "phone home" to you [...]
7MS #645: How to Succeed in Business Without Really Crying – Part 18
Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.
7MS #644: Tales of Pentest Pwnage – Part 64
Hey! I'm speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today's tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn't super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!
7MS #643: DIY Pentest Dropbox Tips – Part 11
Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.
7MS #642: Interview with Ron Cole of Immersive Labs
Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE
7MS #641: DIY Pentest Dropbox Tips – Part 10
Today we're revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level. Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!
7MS #640: Tales of Pentest Pwnage – Part 63
This was my favorite pentest tale of pwnage to date! There's a lot to cover in this episode so I'm going to try and bullet out the TLDR version here: Sprinkled farmer files around the environment Found high-priv boxes with WebClient enabled Added "ghost" machine to the Active Directory (we'll call it GHOSTY) RBCD attack to be able to impersonate a domain admin using the [...]
7MS #639: Tales of Pentest Pwnage – Part 62
Today's tale of pentest pwnage talks about the dark powers of the net.py script from impacket.
7MS #638: Tales of Pentest Pwnage – Part 61
Today we're talking pentesting - specifically some mini gems that can help you escalate local/domain/SQL privileges: Check the C: drive! If you get local admin and the system itself looks boring, check root of C - might have some interesting scripts or folders with tools that have creds in them. Also look at Look at Get-ScheduledTasks Find ids and passwords easily in Snaffler output [...]