7MS #525: First Impressions of InsightIDR - Part 2
7 Minute Security
English - June 17, 2022 13:00 - 33 minutes - 30.7 MB - ★★★★★ - 63 ratingsTechnology News Tech News information security security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 7MS #524: How to Update VMWare ESXi From the Command Line
Next Episode: 7MS #526: Tales of Pentest Pwnage - Part 37
Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:
Active Directory enumeration via SharpHound
Password spraying through Rubeus
Kerberoasting and ASREPRoasting via Rubeus
Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.
Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.
Pass-the-hash attacks with CrackMapExec
In today's episode I share some emails and conversations we had with Rapid7 about these tests and their results. I'm also thrilled to share with you the articles themselves:
Getting Started with Rapid7 InsightIDR: A SIEM Tutorial Testing & Evaluating SIEM Systems: A Review of Rapid7 InsightIDR