7 Minute Security
534 episodes - English - Latest episode: over 1 year ago - ★★★★★ - 63 ratings7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
7MS #532: Tales of Pentest Pwnage - Part 39
August 05, 2022 13:21 - 54 minutes - 50.1 MBHey friends, wow...we're up to thirty-nine episodes of pwnage? Should we make a cake when we hit the big 4-0?! Anyway, today's TLDL is this: If you get a nagging suspicion about something you find during enumeration, make sure to either come back to it later, or exhaust the path right away so you don't miss something! Because I did :-/ A tip that's been helping me speed along my use of CrackMapExec and other tools is by using Kerberos authentication. You can grab a ticket for your test A...
7MS #531: Interview with Christopher Fielder and Eugene Grant of Arctic Wolf
August 01, 2022 12:11 - 57 minutes - 52.6 MBToday we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know for many folks, compliance makes them want to bleach their eyeballs. But compliance is super important - especially because it is not the same as being secure. So we discuss the differences between security and compliance, and practical work we can do to actually be more compliant and secure, including: Knowing what you have (asset...
7MS #530: Tales of Pentest Pwnage - Part 38
July 22, 2022 21:35 - 47 minutes - 43.9 MBHey friends, we have another fun tale of pwnage for you today. I loved this one because I got to learn some new tools I hadn't used before, such as: Get-InternalSubnets.ps1 - for getting internal subnets Adalanche for grabbing Active Directory info (similar to SharpHound) This tool worked well for me with this syntax: adalanche-windows-x64-v2022.5.19.exe collect activedirectory --domain victim.domain --port=389 --tlsmode=NoTLS Copernic Desktop Search for pillaging through shares ...
7MS #529: Interview with Matthew Warner of Blumira
July 15, 2022 18:35 - 1 hour - 67.7 MBToday we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as this one) when Matt gave us a fountain of info on why out-of-the-box Windows logging isn't awesome, and how to get it turned up to 11! Today, we talk about a cool report that Blumira put out called 2022 Blumira's State of Detection & Response, and dive into some interesting topics within it, including: How do companies like Blumira (who we rely on to st...
7MS #528: Securing Your Family During and After a Disaster - Part 6
July 08, 2022 13:03 - 40 minutes - 37.6 MBIn today's episode, I try to get us thinking about our extended family's emergency/DR plan. Why? Because I recently had a close family member suffer a health scare, and it brought to light some questions we didn't have all the answers for: Do we have creds to log onto his computer? How about his email accounts? Do we have usernames/passwords for retirement accounts, bank accounts, etc.? For vehicles/ATVs/boats/etc. - do we have documentation about their service records? How about titl...
7MS #527: First Impressions of Purple Knight
July 01, 2022 13:00 - 52 minutes - 48.4 MBIn today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and did an informal compare-and-contrast of its detection capabilities versus PingCastle, which we talked about in depth in episode #489.
7MS #526: Tales of Pentest Pwnage - Part 37
June 24, 2022 13:00 - 34 minutes - 31.8 MBToday's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before: cached domain credentials. I also learned that you can at least partially protect against this type of hash being captured by checking out this article, which has you set the following setting in GPO: Under Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options set Interactive logon: Number of previous logons...
7MS #525: First Impressions of InsightIDR - Part 2
June 17, 2022 13:00 - 33 minutes - 30.7 MBToday we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks: Active Directory enumeration via SharpHound Password spraying through Rubeus Kerberoasting and ASREPRoasting via Rubeus Network protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi. Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping. Pass-the-hash attacks wit...
7MS #524: How to Update VMWare ESXi From the Command Line
June 10, 2022 22:07 - 33 minutes - 31.1 MBI'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by video: https://www.youtube.com/watch?v=0-XAO32LEPY Shortly after recording this video, I found this awesome article which walks you through a different way to tackle these updates: List all upgrade profiles: esxcli software sources profile list --depot=https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml Grep for jus...
7MS #523: Local Administrator Password Solution - RELOADED!
June 03, 2022 13:25 - 38 minutes - 35.1 MBWell friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - specifically, the last time was way back in 2017! Lately I've been training some companies on how to install it by giving them a live walkthrough in our Light Pentest LITE lab, so I thought it would be a good time to write up a refreshed, down and dirty install guide. Here we go! (See the show notes for today's episode for more details!)
7MS #523: Local Administrartor Password Solution - RELOADED!
June 03, 2022 13:25 - 38 minutes - 35.1 MBWell friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - specifically, the last time was way back in 2017! Lately I've been training some companies on how to install it by giving them a live walkthrough in our Light Pentest LITE lab, so I thought it would be a good time to write up a refreshed, down and dirty install guide. Here we go! (See the show notes for today's episode for more details!)
7MS #522: Pwning Wifi PSKs and PMKIDs with Bettercap - Part 2
May 27, 2022 13:08 - 35 minutes - 32.4 MBHey friends, a while back in episode #505 we talked about pwning wifi PSKs and PMKIDs with Bettercap. Today I'm revisiting that with even some more fun command line kung fu to help you zero in on just the networks you're interested in and filter out a bunch of noisy events from bettercap in the process.
7MS #521: Tales of Pentest Pwnage - Part 36
May 20, 2022 12:16 - 57 minutes - 52.5 MBHey friends! Today's another swell tale of pentest pwnage, and it's probably my favorite one yet (again)! This tale involves resource based constrained delegation, which is just jolly good evil fun! Here are my quick notes for pwning things using RBCD: # From non-domain joined machine, get a cmd.exe running in the context of a user with ownership rights over a victim system: runas /netonly /user:domain\some.user cmd.exe # Make new machine account: New-MachineAccount -MachineAccount EVIL7...
7MS #520: How to Succeed in Business Without Really Crying - Part 11
May 13, 2022 14:40 - 48 minutes - 44.4 MBHey friends, today we're giving another peek behind the curtain of what it's like to run a cybersecurity consultancy. Topics include: Setting the right communication cadence - and communication channels - with a customer during a pentest. Tips for collaborating well with contractors so that the customer experience feels like "a single human pane of glass" (insert barf emoji here). How we're using Intercom to publish self-help/FAQ articles for 7MS.
7MS #519: Tales of Pentest Pwnage - Part 35
May 07, 2022 13:16 - 46 minutes - 42.7 MBHey friends, it's another fun tale of pentest pwnage today! This one talks about cool things you can do when you have full rights over an OU in Active Directory. Important links to review: BloodHound edges DACL Trouble: Generic All on OUs AD prep bug in Windows Server 2016
7MS #518: Interview with Amanda Berlin of Blumira
April 27, 2022 13:52 - 57 minutes - 52.9 MBToday we're pumped to share a featured interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira. You might already be familiar with Amanda's awesome Defensive Security Handbook or fine work with Mental Health Hackers. We polled our Slack friends and structured this interview as an AAA (Ask Amanda Anything). That resulted in a really fun chat that covered many things technical and not technical! Questions we posed to Amanda include: Can you tell us more about your infosec su...
7MS #517: DIY Pentest Dropbox Tips - Part 6
April 22, 2022 15:58 - 46 minutes - 43 MBToday we're continuing a series we haven't done in a while (click here to see the whole series) all about building and deploying pentest dropboxes for customers. Specifically, we cover: Auto installing Splashtop This can be done automatically by downloading your splashtop.exe install and issuing this command: splashtop.exe prevercheck /s /i confirm_d=0,hidewindow=1,notray=0,req_perm=0,sec_opt=2 Auto installing Ninite This can be done in a batch script like so: agent.msi /quiet ni...
7MS #516: Tips to Travel More Securely
April 14, 2022 12:54 - 45 minutes - 41.9 MBIn today's episode I talk about a cool self-defense class I took a while ago which was all about less lethal methods of protecting/defending yourself. I also talk about some safer ways to handle/hide cash while traveling on vacation.
7MS #515: Securing Your Family During and After a Disaster - Part 5
April 06, 2022 14:00 - 35 minutes - 32.1 MBToday we continue the series we started a few years ago called Security Your Family During and After a Disaster (the last part in this series was from a few years ago. In today's episode we focus on some additional things you should be thinking about to strengthen the "in case of emergency" document you share with your close friends and family.
7MS #514: Tales of Pentest Pwnage - Part 34
March 30, 2022 15:27 - 50 minutes - 45.9 MBWelcome to another fun tale of pentest pwnage! This one isn't a telling of one single pentest, but a collection of helpful tips and tricks I've been using on a bunch of different tests lately. These tips include: I'm seeing nmap scans get flagged a bit more from managed SOC services. Maybe a "quieter" nmap scan will help get enough ports to do a WitnessMe run, but still fly under the logging/alerting radar? Something like: nmap -p80,443,8000,8080 subnet.i.wanna.scan/24 -oA outputfile Using...
7MS #513: Interview with Christopher Fielder and Jon Crotty of Arctic Wolf
March 23, 2022 22:45 - 55 minutes - 50.7 MBToday we're joined by our friends Christopher Fielder and Jon Crotty from Arctic Wolf to talk about their interesting report on The State of Cybersecurity: 2022 Trends (note: you can get some of the report's key points here without needing to provide an email address). The three of us dig in to talk about some of the report's specific highlights, including: Many orgs are running the bare minimum (or nothing!) for endpoint protection Cyber insurance costs are going up, and some customers a...
7MS #512: First Impressions of InsightIDR
March 17, 2022 14:24 - 51 minutes - 47.1 MBToday I'm sharing some first impressions of the Rapid 7 InsightIDR as kind of a teaser for an eventual new chapter in our Desperately Seeking a Super SIEM for SMBs series. Disclaimer: remember these are first impressions. There may be some missed detections I talk about today that are a me problem and not the technology. I hope to get to the root of those unresolved issues by the time I talk more formally about InsightIDR in a future episode. Enjoy!
7MS #511: How to Succeed in Business Without Really Crying - Part 10
March 11, 2022 01:39 - 36 minutes - 33.7 MBToday we're continuing our series focused on [owning a security consultancy], talking specifically about: How not to give up on warm sales leads, even if they haven't panned out for 5+ years! Some cool Mac tools that help me manage 7MS - such as Craft and OmniFocus A sneak peek at a SIEM vendor that will soon be featured in an episode of Desperately Seeking a Super SIEM for SMBs
7MS #510: First Impressions of Tailscale
March 02, 2022 22:06 - 42 minutes - 39 MBToday we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere." Is it really that cool and easy? Listen to today's episode to find out!
7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 4
February 23, 2022 19:39 - 34 minutes - 32 MBToday we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do.
7MS #508: Tales of Pentest Pwnage - Part 33
February 18, 2022 01:01 - 46 minutes - 42.7 MBHey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack. We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion with colleagues, we were pointed to nanodump, which I believe is intended for use with Cobalt Strike, but you can comp...
7MS #507: Interview with Matthew Warner of Blumira
February 09, 2022 19:27 - 1 hour - 64.5 MBToday's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendations, sysmon, sysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting Kerberoasting and simplifying Windows log collection and ongoing management with Poshim...
7MS #506: Tales of Pentest Pwnage - Part 32
February 03, 2022 02:19 - 52 minutes - 48 MBToday's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always-under-construction list of things I try early in a pentest for maximum pwnage: Run PingCastle Do the SharpHound/BloodHound dumps Run the DHCP poisoning module of Responder Check the ms-DS-MachineAccountQuota value in the domain - if its at the default (10), then any user can add machines to the domain. Why is the ability to add machin...
7MS #505: Pwning Wifi PSKs and PMKIDs with Bettercap
January 28, 2022 15:08 - 48 minutes - 44.6 MBHey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Bettercap).
7MS #504: Monitoring All Your Cloud Thingies with UptimeRobot
January 20, 2022 17:58 - 40 minutes - 37.4 MBHey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing some fun tips to monitor your internal thingies as well - without the use of any extra agent software.
7MS #503: First Impressions of Brute Ratel
January 12, 2022 18:28 - 37 minutes - 34.6 MBToday's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup, and much easier to use (IMHO) than Cobalt Strike. I also talk specifically about some of my favorite command line features, how slick and simple lateral movement is, and the "killer feature" that makes me giggle like the bad guy from Sonic the Hedgehog. In the tangent department, Mrs. 7MS makes an appearance via phone and I bore you to tears about my continued iFly addiction.
7MS #502: Building a Pentest Lab in Azure
January 05, 2022 18:24 - 51 minutes - 47.6 MBHappy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the cloud. Things I like No longer relying on a single point of failure (Intel NUC, switch, ISP, etc.) You can schedule VMs t...
7MS #501: Tales of Pentest Pwnage - Part 31
December 29, 2021 05:34 - 44 minutes - 40.5 MBToday we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory details on this attack path, see the Certified Pre-Owned paper from the SpecterOps crew. The TLDR/TLDL version of how I abused this path is as follows: Grab Certi Grab Certify Run Certify.exe find /vulnerable, and if you get some findings, review the Certified Pre-Owned paper and the Certify readme fil...
7MS #500: Interview with John Strand
December 22, 2021 18:22 - 58 minutes - 53.3 MBHAPPY 500 EPISODES, FRIENDS! That's right, 7MS turned 5-0-0 today, and so we asked John Strand of Black Hills Information Security to join us and talk about all things security, including the John/BHIS superhero origin story, the future of pentesting, the (perceived) cybersecurity talent shortage, how to get started with good security practices in your organization, and more! P.S. check out John's first visit to the show here.
7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6
December 16, 2021 16:17 - 21 minutes - 19.8 MBToday we have some cool updates on this SIEM-focused series we've been doing for a while. Specifically, I want to share that one of these solutions can now detect three early (and important!) warning signs that bad things are happening in your environment: ASREPRoasting WDigest flag getting flipped (reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1) Restricted admin mode getting enabled (reg add HKLM\System\CurrentControlSet\Co...
7MS #498: Securing Your Mental Health - Part 2
December 13, 2021 20:12 - 17 minutes - 16 MBHi everybody, today we're continuing a series we started way back in June called Securing Your Mental Health. Today I talk about some easy and relatively cheap things I'm doing to try and shutdown negative thoughts, punch imposter syndrome in the face, and be an overall happier and more positive person.
7MS #497: The Stress and Satisfaction of Offering Live Security Training
December 02, 2021 13:15 - 51 minutes - 47.1 MBHey friends, today I'm giving you a peek behind the curtain of our Light Pentest LITE training to talk about the software/hardware we use to make it sing, the growing pains - and OMG(!) moments - that forced us to build in more infrastructure redundancy, and the cool (and expensive!) cloud options we're considering to offer a self-paced version of the course.
7MS #496: Tales of Pentest Pwnage - Part 30
November 24, 2021 14:00 - 48 minutes - 44.6 MBToday's tale of pentesting has a bunch of tips to help you maximize your pwnage, including: The new Responder DHCP poisoning module All the cool bells and whistles from CrackMapExec which now include new lsass-dumping modules! Speaking of lsass dumping, here's a new trick that works if you have Visual Studio installed (I bet it will be detected soon). I close out today's episode with a story about how my Cobalt Strike beacons got burned by a dating site!
7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5
November 17, 2021 21:00 - 39 minutes - 36.3 MBToday we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect: RDP from public IPs Password spraying Kerberoasting Mimikatz Recon net commands Hash dumping Hits on a "honey domain admin" account Users with non-expiring passwords Hits on the SSH/FTP/HTTP honeypot
7MS #494: Interview with Josh Burnham of Liquid Web
November 10, 2021 14:00 - 45 minutes - 41.3 MB7MS #493: 7MOIST - Part 2
November 04, 2021 01:30 - 7 minutes - 3.87 MBHey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back with the second edition of 7MOIST and have some cool pentesting and general IT tips that will hopefully make your life a little awesome-r: Stuck on a pentest because EDR keeps gobbling your payloads? SharpCradle might just save the day! CrackMapExec continues to learn new awesome tricks - including a module called slinky that plants hash-grabbing files...
7MS #492: Tales of Pentest Pwnage - Part 29
October 28, 2021 21:00 - 56 minutes - 52 MBHello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using: Manual "open heart surgery" on the root of the Active Directory domain The new totally rad DHCP poisoning module of Responder An opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago in episode 441)
7MS #491: Interview with Louis Evans of Arctic Wolf
October 20, 2021 13:00 - 52 minutes - 47.6 MBToday we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it, what it does and doesn't cover, and when it started to be something you didn't want to leave home without What are insurance companies asking/demanding of customers before writing a cyber insurance policy? What basic things organizations can do to reduce malware/ransomware incidents (whether they are considering a cyber insurance policy or not...
7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4
October 13, 2021 20:18 - 42 minutes - 38.8 MBHey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to our attention: Blumira (not a sponsor, but I'm really digging what I'm seeing/hearing/experiencing thus far)!
7MS #489: Ping Castle
October 06, 2021 23:23 - 58 minutes - 54 MBToday we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! It's wonderful for both red and blue teamers. Some of Ping Castle's cool features include being able find: Kerberoastable and ASREPRoastable users Plain text passwords lingering in Group Policy Objects Users with never-expiring passwords Non-supported versions of Windows M...
7MS #488: How to Succeed in Business Without Really Crying - Part 10
September 29, 2021 13:00 - 43 minutes - 39.7 MBToday we continue our series focused on building a security consultancy and talk about: A phishing campaign that went off the rails, and lessons learned from it First impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor) A tangent story about how my wife brought some thieves to justice!
7MS #487: Light Pentest eBook Announcement!
September 28, 2021 18:38 - 7 minutes - 6.49 MBHey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical, step-by-step playbook for internal network penetration testing - is now available for purchase! Note: this eBook and the Light Pentest LITE training are two separate things, but do cover some of the same topics. The Light Pentest eBook covers: Grabbing and analyzing packet captures Abusing insecure network protocols Exploiting (the lack of) SMB signing Cap...
7MS #486: Interview with Matt Quammen of Blue Team Alpha
September 22, 2021 13:00 - 39 minutes - 36.5 MBToday our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Blue Team Alpha to talk about all things incident response! Topics covered include: Top 5 things to do and not do during ransomware event Challenges when responding to ransomware events Opportunities to break into infosec/IR The value of tabletop exercises, and some great ideas for conducting your own Incident response stress and success stories Cyber insurance - worth it or not?
7MS #485: Interview with Christopher Fielder
September 15, 2021 13:00 - 52 minutes - 48.5 MBToday our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet soup terms (like SIEM, SOC, EDR/MDR/XDR, ML, AI and more!), optimizing your SOC to "see" as much as possible, tackling vendor/customer communication problems, and simplifying security product pricing to make purchases less stressful for customers! And don't forget to check out Christopher's first, second and third interviews with 7MS.
7MS #484: Desperately Seeking a Super SIEM for SMBs - Part 3
September 08, 2021 20:38 - 46 minutes - 42.8 MBToday we're continuing our series called Desperately Seeking a Super SIEM for SMBs - this time with a focus on a new contender in our bake-off: Perch Security! It might help you to go back and take in part 1 and part 2, but today we're focusing on the first experience I had chatting with the sales/technical folks at Perch. TLDL: I really liked a lot of things I was hearing and seeing. Pros (perceived) include: Simple pricing model Easy to use dashboard Cool "marketplace" of integrat...