November 15, 2024

7MS #650: Tales of Pentest Pwnage - Part 65

Listen Later

53 minutes

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here.

Also, can’t get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead:

rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log

In the tangent department, I talk about a personal music project I’m resurrecting to help my community.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

7 Minute Security

By Brian Johnson

4.7

6868 ratings

November 15, 2024

7MS #650: Tales of Pentest Pwnage - Part 65

Listen Later

53 minutes

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here.

Also, can’t get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead:

rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log

In the tangent department, I talk about a personal music project I’m resurrecting to help my community.

...more

More shows like 7 Minute Security

Security Now (Audio) by TWiT

Security Now (Audio)

1,990 Listeners

Risky Business by Patrick Gray

Risky Business

367 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

640 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

370 Listeners

Hacked by Hacked

Hacked

183 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,020 Listeners

Smashing Security by Graham Cluley

Smashing Security

317 Listeners

Click Here by Recorded Future News

Click Here

404 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,976 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

173 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Hacking Humans by N2K Networks

Hacking Humans

314 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

77 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

129 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

44 Listeners