![7 Minute Security artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts123/v4/3f/c5/49/3fc5493b-b356-27bd-8751-e475bff2af75/mza_1008268055653442910.jpg/100x100bb.jpg)
7MS #261: Blind Network Security Assessments
7 Minute Security
English - June 07, 2017 22:24 - 10 minutes - 14.9 MB - ★★★★★ - 63 ratingsTechnology News Tech News information security security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
This week I had the fun opportunity to do a "blind" network security assessment - where basically we had to step into a network we'd never seen before and make some security posture recommendations. I've found that the following software/hardware is quite helpful for this type of assessment:
The PwnPulse helps a ton in scanning wired and wireless networks...and even Bluetooth! I've covered the Pulse in past episodes - check out part 1 and part 2.
Network Detective will do a ton of helpful Active Directory enumeration and point out potential red flags, such as:
Accounts that haven't been logged into for a long time Accounts with passwords that haven't been refreshed in a long time Privileged groups that need review (Domain Admins, Enterprise Admins, etc.)AD policy issues (*warning: by default Network Detective only pulls back a few policies by default. Check out scripts such as my Environment Check to grab a dump of all GPOs.
Thycotic Privileged Account Discovery is a free tool that can crawl AD workstations and enumerate the local administrator accounts on each machine. It makes a good case for implementing LAPS.