This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to 7 Minute Security
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
P
Peak Travel
1 You Can Visit All Seven Continents. But Should You? 26:46
26:46 
Play Later 
Play Later 
Lists 
Like 
Liked26:46
Play Later
Play Later
Lists
Like
LikedFor many travelers, Antarctica is a bucket-list destination, a once-in-a-lifetime opportunity to touch all seven continents. In 2023, a record-breaking 100,000 tourists made the trip. But the journey begs a fundamental question: What do we risk by traveling to a place that is supposed to be uninhabited by humans? And as the climate warms, should we really be going to Antarctica in the first place? SHOW NOTES: Kara Weller: The Impossible Dilemma of a Polar Guide Marilyn Raphael: A twenty-first century structural change in Antarctica’s sea ice system Karl Watson: First Time in Antarctica Jeb Brooks : 7 Days in Antarctica (Journey to the South Pole) Metallica - Freeze 'Em All: Live in Antarctica Learn about your ad choices: dovetail.prx.org/ad-choices…
7MS #663: Pentesting GOAD SCCM
Manage episode 467808599 series 1288763
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager! Attacks include:
- Unauthenticated PXE attack
- PXE (with password) attack
- Relaying the machine account of the MECM box over to the SQL server to get local admin
669 episodes
ShareManage episode 467808599 series 1288763
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager! Attacks include:
- Unauthenticated PXE attack
- PXE (with password) attack
- Relaying the machine account of the MECM box over to the SQL server to get local admin
669 episodes
All episodes
×
7
7 Minute Security
1 7MS #670: Adventures in Self-Hosting Security Services 36:48
36:48 Play Later Play Later Lists Like Liked36:48
Play Later Play Later Lists Like LikedHi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip . By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today’s episode with a short live video over at 7MinSec.club .…
7
7 Minute Security
1 7MS #669: What I’m Working on This Week – Part 3 42:37
42:37 Play Later Play Later Lists Like Liked42:37
Play Later Play Later Lists Like LikedHi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week
7
7 Minute Security
1 7MS #668: Tales of Pentest Pwnage – Part 69 30:22
30:22 Play Later Play Later Lists Like Liked30:22
Play Later Play Later Lists Like LikedHola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post…
7
7 Minute Security
Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1 !) tackling GOAD SCCM again! Spoiler alert: this time we get DA! YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL…
7
7 Minute Security
1 7MS #666: Tales of Pentest Pwnage – Part 68 45:35
45:35 Play Later Play Later Lists Like Liked45:35
Play Later Play Later Lists Like LikedToday we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRM ing!…
7
7 Minute Security
1 7MS #665: What I'm Working on This Week - Part 2 28:49
28:49 Play Later Play Later Lists Like Liked28:49
Play Later Play Later Lists Like LikedHello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords
7
7 Minute Security
In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality…
7
7 Minute Security
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager ! Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin
7
7 Minute Security
Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise). I talk about what a blast I'm having hunting APTs in XINTRA LABS , and two cool tools I'm building with the help of Cursor : A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler -captured files to zero in even closer on interesting things such as usernames and passwords in clear text.…
7
7 Minute Security
1 7MS #661: Baby’s First Hetzner and Ludus – Part 2 37:53
37:53 Play Later Play Later Lists Like Liked37:53
Play Later Play Later Lists Like LikedToday we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range! Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – you can get a version of pxethief that runs in Linux !…
7
7 Minute Security
I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives). Once I got past that , though, I got my first taste of the amazing world of Ludus.cloud , where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it. Can’t say enough good things about Ludus.cloud, but I certainly tried in this episode!…
7
7 Minute Security
1 7MS #659: Eating the Security Dog Food - Part 8 28:29
28:29 Play Later Play Later Lists Like Liked28:29
Play Later Play Later Lists Like LikedToday I’m excited about some tools/automation I’ve been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for “last update” changes using a basic Python script…
7
7 Minute Security
Hey friends, today we cover: The shiny new 7MinSec Club BPATTY updates A talk-through of the WPA3 downgrade attack, complemented by the YouTube livestream
7
7 Minute Security
1 7MS #657: Writing Rad Security Documentation with Retype 20:36
20:36 Play Later Play Later Lists Like Liked20:36
Play Later Play Later Lists Like LikedHello friends! Today we’re talking about a neat and quick-to-setup documentation service called Retype . In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus , but I think Retype definitely gives it a run for its money.…
7
7 Minute Security
1 7MS #656: How to Succeed in Business Without Really Crying - Part 21 45:01
45:01 Play Later Play Later Lists Like Liked45:01
Play Later Play Later Lists Like LikedHappy new year friends! Today we talk about business/personal resolutions, including: New year’s resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Daily Deals
Similar to 7 Minute Security
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Daily cybersecurity news for practitioners. Vulnerabilities, defenses, threats, network security insight, research and more to make you sound smarter as you get to the office in the morning. New each weekday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
