7 Minute Security

Buckle up! This is one of my favorite episodes. Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the "crown jewels" data, so I thought this would be a fun and informative narrative to share. Below are some highlights of topics/tools/techniques discussed: Building a pentest dropbox The timing is perfect - my pal Paul (from Project7) and Dan (from PlexTrac) have a two-part Webinar series on building your own $500 DIY Pentest Lab, but the skills learned in the Webinars translate perfectly into making a pentest dropbox. Head to our webinars page for more info. Securing a pentest dropbox What I did with my Intel NUC pentest dropbox is build a few VMs as follows: Win 10 pro management box with Bitlocker drive encryption and Splashtop (not a sponsor) which I like because it offers 2FA and an additional per-machine password/PIN. I think I spent $100/year for it. Kali attack box with an encrypted dr