Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!

This week I’m working on a mixed bag of fun security and marketing things:

• A pentest I’m stuck on
• My latest lab CTF obsession: Ninja Hacker Academy
• A cool “about 7MinSec” marketing video that was recorded in a pro studio!

Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore:

• Living will
• Buried vs. cremated?
• Funeral plans
• Funeral PHOTOS?

I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

Today I share some tips on creating a better purple team experience for your customers, including:

• Setting up communication channels and cadence
• Giving a heads-up on highs/criticals during testing (not waiting until report time)
• Where appropriate, record videos of attacks to give them more context

In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday.  I also talk about Exegol’s licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including:

• Knowing your audience before you touch PowerPoint
• Understanding your presentation physical hookups and presentation surfaces
• A different way to screen-share via Teams that makes resolution/smoothness way better!

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering:

• SQL link abuse between two domains
• Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local!

Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!