7MS #475: Tales of Internal Network Pentest Pwnage - Part 27
7 Minute Security · Brian Johnson
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Yeahhhhhh! Today's another fun tale of pentest pwnage, including:
-
The importance of starting your pentest with an AD account that actually has access to...ya know...stuff
-
The importance of starting your pentest plugged into a network that actually has...you know...systems connected to it!
-
This BHIS article is awesome for finding treasures in SMB shares
-
PowerUpSQL audits are a powerful way to get pwnage on a pentest - check out this presentation for some practical how-to advice
-
IPMI/BMCs often have weak creds and/or auth bypasses so don't forget to check for them. Rapid7 has a slick blog on the topic.
-
Don't forget to check for vulnerable VMWare versions because some of them have major vulnerabilities