7MS #377: DIY Pentest Dropbox Tips
1 min read Podcast, Pentesting, dropbox, diy

7MS #377: DIY Pentest Dropbox Tips

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

In today's episode I cover some of the nasty "gotchas" I've run into when sending my pentest dropboxes around the country. Curious on how to setup your own portable pentest dropboxes (and/or pentest lab environments)? Check out part 1 and part 2 of the DIY Pentest Lab video series.

Here are some of the pain points I cover today:

  • Turn the firewall off
    Set Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Protect all network connections to Disabled. Do the same for the Standard Profile by changing Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Standard Profile > Windows Firewall: Protect all network connections to Disabled.

  • Disable Windows Defender
    Navigate to Computer Configuration > Administrative Templates > Windows Components > Windows Defender and choose Turn Off Windows Defender.

  • Disable power sleep settings
    To stop computers from snoozing on the job, head to Computer Configuration > Policies > Administrative Templates > System > Power Management > Sleep Settings and set Allow standby states (S1-S3) when sleeping (plugged in) to Disabled

  • Create a second disk on the Windows management VM and install BitLocker to Go

  • Snooze windows updates (for a reasonable amount of time) during a pentest so the box doesn't auto-reboot

  • Set a static DNS entry of something popular/public like 1.1.1.1 or 4.2.2.2 or 8.8.8.8 to ensure your dropbox can reach the Internet once connected.

Oh and if you wanna see the "Yeah!" mom I talked about in today's episode, head [here]!(https://twitter.com/bkkirby/status/1160469222297702400)