Preview Mode Links will not work in preview mode

7 Minute Security

Nov 22, 2024

Hey friends, we’ve got a short but sweet tale of pentest pwnage for you today. Key lessons learned:

  • Definitely consider BallisKit for your EDR-evasion needs
  • If you get local admin to a box, enumerate, enumerate, enumerate!  There might be a delicious task or service set to run as a domain admin that can quickly...


Nov 15, 2024

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest!  I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the...


Nov 8, 2024

Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we’d like them to be)!  It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit here.  In other news, we’ve moved from Teachable to Coursestack, so...


Nov 1, 2024

Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.