Preview Mode Links will not work in preview mode

7 Minute Security

Jul 1, 2022

In today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and did an informal compare-and-contrast of its detection capabilities versus PingCastle, which we talked about in depth in 


Jun 24, 2022

Today's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before: cached domain credentials. I also learned that you can at least partially protect against this type of hash being captured by checking out this article, which has you set the following...


Jun 17, 2022

Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:

  • Active Directory enumeration via SharpHound

  • Password spraying through Rubeus

  • Kerberoasting and ASREPRoasting via Rubeus

  • Network protocol poisoning with Inveigh. Looking for a free way to detect protocol...


Jun 10, 2022

I'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by video:

https://www.youtube.com/watch?v=0-XAO32LEPY

Shortly after recording this video, I found this awesome article which walks you through a different way to tackle these...


Jun 3, 2022

Well friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - specifically, the last time was way back in 2017!

Lately I've been training some companies on how to install it by giving them a live walkthrough in our Light Pentest LITE lab, so I thought it would be a...