7MS #302: Bunnies and Bloodhounds

7 Minute Security - A podcast by Brian Johnson - Fridays

Categories:

I've had a fun week with a mixed bag of security related stuff happening, so I thought I'd throw it all in a big stew and cook it up for today's episode. Here are the highlights: Bash bunny preso I had a fun opportunity this week to speak to some property managers about the threats the Bash Bunny poses to an environment. Specifically I showed the one-two punch of: How BB can steal your wireless network pre-shared keys that are saved to your PC How BB can go into "Responder mode" to capture credentials From the comfort of my mom's basement I can steal all this stuff, have it emailed to me, then drive up to your parking lot and join your wifi network with valid network creds! Sneaky bunnies FTW! Bloodhound I got to run this on a big AD environment this week and the results were super interesting. I'm working on a down and dirty Bloodhound quick start guide for BPATTY (coming soon). Brian's botched wireless Lesson learned this week: doing large Nessus scans from your home network can crush your ERX so scan with care (specifically, go into your Nessus policy and don't scan as many hosts simultaneously - I cranked mine down from like 100 hosts at a time to 5).