7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
https://7ms.us/
7MS #400: Tales of Internal Pentest Pwnage - Part 14
Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I've got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a "poop-petrator." Key moments and takeaways include:
-
Your target network might have heavy egress filtering in place. I recommend doing full apt-get update and apt-get upgrade and grabbing all the tools you need (may I suggest my script for this?).
-
If the CrackMapExec --sam flag doesn't work for you, give secretsdump a try, as I ran it on an individual Win workstation and it worked like a champ!
-
If the latest mimikatz release doesn't rip out passwords for you, try the release from last August. For whatever reason (thanks 0xdf) for the tip!
-
If your procdumps of lsass appear to be small, endpoint protection might be getting in the way! You might be able to figure out what's running - and stop the service(s) - with CrackMapExec and the -x 'tasklist /v' flag.
-
If you need to bypass endpoint protection, don't be afraid to go deep into the Google search results. Unfortunately, I think that's all I can say about that, as vendors seem to get snippy about talking about bypasses publicly.
Has 7MS helped you in your IT and security career? Please consider buying me a coffee!