7 Minute Security

Brian Johnson
  • ٤٫٧ (٦٨)
  • التكنولوجيا
  • يتم التحديث أسبوعيًا
7 Minute Security

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

  1. ١٥ ربيع الآخر

    7MS #646: Baby’s First Incident Response with Velociraptor

    Hey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment.  Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task.  The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano, who also was kind enough to publish a handout to accompany the presentation.  And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA.  More to come on XINTRA’s offering, but so far I’m very impressed!

    ١٦ من الدقائق

  2. ١١ ربيع الآخر

    7MS #645: How to Succeed in Business Without Really Crying - Part 18

    Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.

    ٣١ من الدقائق

  3. ١ ربيع الآخر

    7MS #644: Tales of Pentest Pwnage – Part 64

    Hey!  I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester!  Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate!  It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!

    ٤١ من الدقائق

  4. ٢٤ ربيع الأول

    7MS #643: DIY Pentest Dropbox Tips – Part 11

    Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox!  I also share some love for exegol as an all-in-one Active Directory pentesting platform.

    ٢٧ من الدقائق

  5. ٢٠ ربيع الأول

    7MS #642: Interview with Ron Cole of Immersive Labs

    Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE

    ٤٢ من الدقائق

  6. ١٠ ربيع الأول

    7MS #641: DIY Pentest Dropbox Tips – Part 10

    Today we’re revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level.  Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!

    ٢٨ من الدقائق

  7. ٤ ربيع الأول

    7MS #640: Tales of Pentest Pwnage – Part 63

    This was my favorite pentest tale of pwnage to date!  There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here: Sprinkled farmer files around the environment Found high-priv boxes with WebClient enabled Added “ghost” machine to the Active Directory (we’ll call it GHOSTY) RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting Use net.py to add myself to local admin on the victim host Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style! Pulled the TGT from a host not protected with Credential Guard Figured out the stolen user’s account has some “write” privileges to a domain controller Use rbcd.py to delegate from GHOSTY and to the domain controller Request a TGT for GHOSTY Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname) Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group

    ٤٣ من الدقائق

  8. ٣٠ صفر

    7MS #639: Tales of Pentest Pwnage - Part 62

    Today’s tale of pentest pwnage talks about the dark powers of the net.py script from impacket.

    ٧ من الدقائق
مشاهدة الكل (٦٤٥)

٤٫٧
من ٥
‫٦٨ من التقييمات‬

حول

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

المعلومات

  • صناع العمل
    Brian Johnson
  • سنوات النشاط
    ١٤٣٥ هـ - ١٤٤٦ هـ
  • الحلقات
    ٦٤٥
  • التقييم
    ملائم
  • حقوق النشر
    © Brian Johnson
  • موقع البرنامج على الويب
    7 Minute Security

قد يعجبك أيضًا

للاستماع إلى حلقات ذات محتوى فاضح، قم بتسجيل الدخول.

اطلع على آخر مستجدات هذا البرنامج

قم بتسجيل الدخول أو التسجيل لمتابعة البرامج وحفظ الحلقات والحصول على آخر التحديثات.
تحديد بلد أو منطقة

أفريقيا والشرق الأوسط، والهند

آسيا والمحيط الهادئ

أوروبا

أمريكا اللاتينية والكاريبي

الولايات المتحدة وكندا