300 Folgen

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

7 Minute Security Brian Johnson

    • Technologie

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

    7MS #397: OPSEC Tips for Security Consultants

    7MS #397: OPSEC Tips for Security Consultants

    This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.


    I'm working on a new security song called Don't Let the Internet Get You Down, and the chorus will go something like this:

    Don't let the Internet get you down
    It's full of trolls and 10 year olds and adolescent clowns
    So let their words roll off of you, like water off a duck
    To prove to them that you don't give a darn

    On a more serious note, here are some opsec tips that hopefully will help you as a security consultant:


    Good contracts - make sure your SOWs have lots of CYA verbiage to protect you in case something breaks, your assessment schedule needs to be adjusted, etc. Also, consider verbiage that says you'll only retain client testing artifacts (hashes, vuln scans, etc.) for a finite amount of time.



    Scope - make sure you talk about scope, both in written and verbal form, often! Also, a Nessus scanning tip: use the nessusd.rules file to not scan any IPs the client doesn't want touched. That way Nessus won't scan those IPs even if you try to force it to!



    Send information to/from clients safely - consider forcing MFA on your file-sharing portals, as well as a retention policy so that files "self destruct" after X days.


    ....and more on today's episode (see 7ms.us for more show notes)!

    Has 7MS helped you in your IT and security career? Please consider buying me a coffee!

    • 36 Min.
    7MS #396: Tales of Internal Pentest Pwnage - Part 13

    7MS #396: Tales of Internal Pentest Pwnage - Part 13

    This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.


    In last week's episode I was very close to potentially synching up some very sensitive data with my super secret back door account. In this episode, we resolve the cliffhanger and talk about:


    How I don't remember lyrics or titles to songs - even the ones I love - such as My Prerogative. That's why Jack Black is my spirit animal, and he's awesome for singing Elton John songs right to Elton John



    If you get DA (relatively) quickly, consider pivoting to a network assessment and crack hashes with secretsdump, test egress filtering, run Network Detective and more



    Once you've cracked all the hashes you can, run it through hashcombiner and Pipal like this:


    python /opt/hashcombiner/hash_combiner.py user_hash hash_password | sort > combined.txt
    cut -d ':' -f 2 combined.txt > passwords.txt
    ruby /opt/pipal/pipal.rb passwords.txt > pip.txt
    The procdump + lsass trick is still really effective (though sometimes AV gobbles it)
    (See full show notes at 7ms.us!)

    • 53 Min.
    7MS #395: Tales of Internal Pentest Pwnage - Part 12

    7MS #395: Tales of Internal Pentest Pwnage - Part 12

    This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.


    In today's tale of pentest pwnage I got to try some tools and tricks for the first time! Here are the key points/takeaways from this test:


    It's great to have additional goals to achieve in a network pentest outside of just "get DA"



    PayloadsAllTheThings has a great section on Active Directory attacks



    Using mitm6 and ntlmrelayx is now my new favorite thing thanks to The Cyber Mentor's fantastic video showing us exactly how to launch this attack!



    If you're scared of running mitm6 and accidentally knocking folks off your network, setup your Kali box to reboot in a few minutes just to be safe. Do something like:


    shutdown -r +15 "Rebooting in 15 minutes just in case I mitm6 myself right off this box!"


    When mitm6+ntlmrelay dumps out a series of html/json files with lists of users, groups, etc., read through them! Sometimes they can include treats...like user passwords in the comment fields!



    Use crackmapexec smb IP.OF.DOMAIN.CONTROLLER -u username -p password to verify if your domain creds are good!


    There are a bunch of people I need to thank because their tools/encouragement/advice played a part in making the test successful. See today's show notes on 7ms.us for more info!

    • 1 Std. 5 Min.
    7MS #394: DIY Pwnagotchi

    7MS #394: DIY Pwnagotchi

    This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.


    Sung to the tune of "Do You Wanna Build a Snowman"

    Do you wanna build a Pwnagotchi?
    Even though you thought you never would?
    I really hope mine doesn't ever break
    It grabs wifi handshakes
    It does it really good!

    Today's episode is all about Pwnagotchi, a cute little device whose sole purpose in life is to gobble WPA handshakes! Check out today's episode to learn more about the device (as well as some pwn-a-gotchas that you should be aware of), and then come to the next 7MS user group meeting to build your own! If you can't make this meeting I'll also do a Webinar version of the presentation - likely in February or March, so stay tuned to our Webinars page.

    At the end of today's episode I talk about my troll foot. I fractured my ankle on Christmas Eve and was basically this lady. At the end of the day I received an avulsion fracture and it kinda made my Christmas stink. But 2020 is gonna absolutely rip, friends!

    • 43 Min.
    7MS #393: Interview with Peter Kim

    7MS #393: Interview with Peter Kim

    SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!


    Peter Kim of The Hacker Playbook series joins me today to talk about all things hacking! Peter runs a popular west coast hacker meetup, and I was fortunate enough to attend his Real World Red Team training, which I wrote a review about here. Peter sat down with me over Skype to talk about:

    The origin story of The Hacker Playbook series (btw please buy it, don't steal it! :-)
    How do you balance work and family life when trying to pwn all the things and have a personal life and significant other?
    How do you break into security when your background is in something totally different, like a mechanic, artist or musician?
    What are some good strategies when approaching a red team engagement - do you always start "fresh" from the perimeter? Do you assume compromise and throw a dropbox on the network? Some combination of both?
    What are some other low-hanging fruit organizations can use to better defend their networks?
    Do you run across some of these good defenses - like honeypots - in your engagements?
    If you could put on a wizard hat and solve one security problem (be it technical, personnel or something else) what would it be?
    ...and more!

    • 1 Std. 24 Min.
    7MS #392: LAPS Reloaded

    7MS #392: LAPS Reloaded

    Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.


    Today's episode is all about LAPS - Microsoft's Local Administrator Password solution. In a nutshell, LAPS strengthens and randomizes the local administrator password on the systems across your enterprise. We talked about it way back in episode 252 but figured it was worth a revisit because:


    It's awesome



    It's free



    People still haven't heard of it when I share info about it during conference talks!



    I've got a full write-up of how to install LAPS here



    At a recent conference people asked me two awesome edge case questions:


    What if I aggressively delete inactive machines from my AD - does the LAPS attribute go with it?



    What do I do if I use Deep Freeze and the LAPS password attribute in AD keeps getting out of sync with the actual password on systems because of Deep Freeze's freeze/thaw times?

    • 24 Min.

Top‑Podcasts in Technologie

Zuhörer haben auch Folgendes abonniert: