PLAY PODCASTS
7MS #525: First Impressions of InsightIDR - Part 2

7MS #525: First Impressions of InsightIDR - Part 2

7 Minute Security · Brian Johnson

June 17, 202233m 25s

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:

  • Active Directory enumeration via SharpHound

  • Password spraying through Rubeus

  • Kerberoasting and ASREPRoasting via Rubeus

  • Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.

  • Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.

  • Pass-the-hash attacks with CrackMapExec

In today's episode I share some emails and conversations we had with Rapid7 about these tests and their results. I'm also thrilled to share with you the articles themselves:

← All episodes of 7 Minute Security