These are the Slack channels featured on the 7 Minute Security Slack channel:
A channel for the 7MS User's Group, which is currently on hold for that pesky COVID stuff. Hoping to resume fall, 2021. Currently looking for interested sponsors, speakers and attendees!
Basically just a place to receive RSS notifications when the BPATTY project gets updated.
Trying to stop those pesky pentesters and other adversaries? Share your favorite defensive tools, tips, scripts and strategies!
In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off. This gist is the companion to that episode, and is broken down into the following two sections:
Questionnaire - a series of questions you can ask SIEM vendors to gather as many data points about their products and services as possible
SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about
In episode #341 of the 7 Minute Security podcast I talked about how to identify - and remediate - the unquoted service path vulnerabilities you might see pop up on a vulnerability scan. Here's the breakdown of resources that will help you understand and fix this pesky vuln:
Here's a great article describing unquoted service paths and why they're a risk to your enterprise.
If you want to create a fake service with unquoted service paths so you can then test fixing it, check out this gist which has you run something like the following:
New-Service -Name 'TotesFakeService' -BinaryPathName 'C:\program files\system32\something.exe' -DisplayName 'Totes Fake Dude' -StartupType Manual
Below is the cell phone agreement I have with my kids. It was largely inspired by this contract which had some excellent ideas.
I will silence and put away or turn off my phone:
This document is intended to help you create a GPO you can push to your Windows endpoints and start gathering much more rich, verbose logging data. As I recently discussed on the podcast, Windows is a bit lacking in how much information gets logged in its out-of-the-box config.
Note: much of these settings were discovered when using the great LOG-MD tool, which you can download for free.
Note: this set of GPOs accompany's a YouTube video all about building your own pentest lab
Personally, when I setup an internal/test/pentest Active Directory environment I like to leave some settings the way most client environments are setup - both for ease of management and easier attacks, so that includes spinning up the following GPOs:
Enable RDP on desktops Create a new GPO and link it whatever OU your workstations are in, and set Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections and set Allow users to connect remotely using Remote Desktop Services to Enable
Then, create a security group in AD, called RDP-peeps for example, that you want to allow to RDP into all workstations.
As heard on 7MS #357
Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line.
But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this:
This gist is a little long in the tooth, so your mileage my vary. We also covered NPK in a podcast episode.
This is an in-progress quick start install guide for NPK on Ubuntu 18.
From a new Ubuntu 18 box, install the essentials:
apt install unzip -y