Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?" It's not a pro-AI celebration, nor is it an anti-AI bashing. Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.

Hello friends! This week I'm talking about what I'm working on this week, including:

• Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium.
• Playing with Lithnet AD password protection (I will show this live on next week's Tuesday TOOLSday).
• The Light Pentest logo contest has a winner!

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time!

The topic of today's episode is Pretender (which you can download here and read a lot more about here). The tool authors explain the motivation behind the tool: "We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of mitm6 and only the name resolution spoofing portion of Responder."

On a recent pentest, I used Pretender's "dry run" mode to find a hostname (that didn't exist) that a ton of machines were querying for, and poisoned requests just for that host. This type of targeted poisoning snagged me some helpful hashes that I was able to crack/relay, all while minimizing the risk of broader network disruption!