7 Minute Security

Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dancer son Atticus at DadOfADancer.com. Speaking of Atticus — he just landed a spot in Master Ballet Academy's summer program in Phoenix, and I am a very proud dance dad over here. OK, on to the pentest: A weird runas quirk: If your AD test account password ends in a percent sign, runas seems to misbehave (Claude thinks Windows is interpreting the % as a variable delimiter). Workaround: runascs.exe, which wraps your tool launch with creds inline. Worked like a champ — notes over on the 7MinSec.wiki. Standard first pass: PingCastle for the AD overview, then Snaffler for share crawling, with Chimas as a nicer web UI for searching the Snaffler JSON. The "Snaffler missed something" moment: Snaffler is great but it primarily uses pattern matching, so manual review of interesting directories still matters. I found a Powe