Hello friends! This week I'm talking about what I'm working on this week, including:

• Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium.
• Playing with Lithnet AD password protection (I will show this live on next week's Tuesday TOOLSday).
• The Light Pentest logo contest has a winner!

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time!

The topic of today's episode is Pretender (which you can download here and read a lot more about here). The tool authors explain the motivation behind the tool: "We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of mitm6 and only the name resolution spoofing portion of Responder."

On a recent pentest, I used Pretender's "dry run" mode to find a hostname (that didn't exist) that a ton of machines were querying for, and poisoned requests just for that host. This type of targeted poisoning snagged me some helpful hashes that I was able to crack/relay, all while minimizing the risk of broader network disruption!

Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include:

• Updating the family DR/BCP plan
• Lightening your purse/wallet
• Validating/testing backups and restores
• Ensuring your auto coverage is up to snuff