7MS #611: Pentestatonix

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures.  I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagements: GraphRunner - awesome PowerShell toolkit for interacting with Microsoft Graph API.  From a pentesting perspective, it may help you bridge the "gap" between LAN-side AD and Azure and find some goodies - like files with and XSLX extension containing the word password. PowerUpSQL -I typically use this to make SQL servers cough me up a hash via SMB using stored procedures, but I learned this week that I'll deeeefffffinitely use the Invoke-SQLAudit -Verbose functionality going forward.

Om Podcasten

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.