Preview Mode Links will not work in preview mode

7 Minute Security

Jul 26, 2024

Hi, today’s tale of pentest pwnage covers a few wins and one loss:

  1. A cool opportunity to drop Farmer “crops” to a domain admin’s desktop folder via PowerShell remote session
  2. Finding super sensitive data by dumpster-diving into a stale C:\Users\Domain-Admin profile
  3. Finding a vCenter database backup and being...


Jul 19, 2024

Hey friends, we’re doing a little departure from our normal topics and focusing on how to create a security knowledgebase (is that one word or two?) using Docusaurus!  It’s cool, it’s free, it’s from Meta and you can get up and going in just a few commands – check out their getting started guide to get...


Jul 12, 2024

Today’s tale of pentest pwnage includes some fun stuff, including:

    • SharpGPOAbuse helps abuse vulnerable GPOs!  Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address.  When you’re ready to fire off a task that coerces SMB auth, try certutil...


Jul 7, 2024

Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting!


Jul 1, 2024

Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including:

  • Family members who don’t care about their personal security
  • Weakpass – a cool collection of word lists for brute-forcing and spraying that I’d never heard of
  • Working on two security Webinars for...