Preview Mode Links will not work in preview mode

7 Minute Security

Sep 7, 2024

This was my favorite pentest tale of pwnage to date!  There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here:

  • Sprinkled farmer files around the environment
  • Found high-priv boxes with WebClient enabled
  • Added “ghost” machine to the Active Directory (we’ll call...


Sep 3, 2024

Today’s tale of pentest pwnage talks about the dark powers of the net.py script from impacket.


Aug 23, 2024

Today we’re talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges:

  • Check the C: drive! If you get local admin and the system itself looks boring, check root of C – might have some interesting scripts or folders with tools that have creds in them.
  • Also look at Look...


Aug 17, 2024

Hello friends, I’m excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian’s Pentesting and Technical Tips for You! It’s a knowledge base of IT and security bits that help me do a better job doing security stuff! Today I do an ACTUAL 7-minute episode (GASP…what a...


Aug 12, 2024

Artificial hype alert!  I’m working on a NEW version of BPATTY (Brian’s Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation.  It’s weird.  But in the meantime I want to talk about the project (which is a pentest documentation library built on...