7MS #354: Tales of Internal Pentest Pwnage - Part 2


Manage episode 230000591 series 1288763
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!):

  • Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!)

  • Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through people's files, folders and...bookmark caches! (evil grin #2!)

  • If your nmap/eyewitness scan turns up Web sites with simply an IIS default landing page or "It works!" Apache page on it, there's probably more there than meets the eye.

We also talk about lessons learned from this pentest - both things done well and things the org can do to make the next pentester's job a lot harder.

364 episodes available. A new episode about every 6 days averaging 34 mins duration .