This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit to learn more.

Yay! It's time for another tale of pentest pwnage! Highlights include:

  • Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.

  • Why lsassy is my new best friend.

  • I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here's my script to quickly give Ubuntu a Kali-like flair:

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install openssh-server -y

sudo apt-get install nmap curl dnsrecon git net-tools open-vm-tools-desktop python3.8 python3-pip unzip wget xsltproc -y

#Aha helps take output from and make it nice and HTML-y
sudo git clone /opt/aha

#Awesome-nmap-grep makes it easy to grep nmap exports for just the data you need!
sudo git clone /opt/awesome-nmap-grep

#bpatty is...well...bpatty!
sudo git clone /opt/bpatty

#CrackMapExec is...awesome 
sudo mkdir /opt/cme
cd /opt/cme
sudo curl -L -o
sudo unzip
sudo chmod +x ./cme

#eyewitness is a nice recon tool for putting some great visualization behind nmap scans
sudo git clone /opt/eyewitness
cd /opt/eyewitness/Python/setup
sudo ./

#impacket is "a collection of Python classes for working with network protocols"
#I currently primarily use it for
sudo git clone /opt/impacket
cd /opt/impacket
sudo pip3 install .

#mitm6 is a way to tinker with ip6 and get around some ip4-level protections
sudo git clone /opt/mitm6
cd /opt/mitm6
sudo pip3 install -r requirements.txt

# install service-identity
sudo pip3 install service-identity

# lsassy
sudo python3 -m pip install lsassy

#nmap-bootstrap-xsl turns nmap scan output into pretty HTML
sudo git clone /opt/nmap-bootstrap-xsl

#netcreds "Sniffs sensitive data from interface or pcap"
sudo git clone /opt/netcreds

#PCCredz parses pcaps for sensitive data
sudo git clone /opt/pcredz

#Powersploit is "a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment"
sudo git clone /opt/powersploit

#PowerupSQL is a tool for discovering, enumerating and potentially pwning SQL servers!
sudo git clone /opt/powerupsql

#responder is awesome for LLMNR, NBT-NS and MDNS poisoning
sudo git clone /opt/responder