7 Minute Security
534 episodes - English - Latest episode: over 1 year ago - ★★★★★ - 63 ratings7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
7MS #34: The Hacker Playbook (audio)
November 14, 2014 07:00 - 7 minutes - 3.36 MBI found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook. Cheggitowt! Download: 7MS #34: The Hacker Playbook (audio)
7MS #33: ProXPN (audio)
November 07, 2014 07:00 - 7 minutes - 3.58 MBThis episode’s all about a cool product called ProXPN that I use to encrypt/anonymize my traffic for various reasons. Not a sponsored episode or anything like that, but I am a fan of this service :-). Download: 7MS #33: ProXPN (audio)
7MS #32: OSCP – part 3 (audio)
November 01, 2014 07:00 - 7 minutes - 3.38 MBBeen a while since I shared an update on OSCP progress. It’s going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: OSCP – part 3 (audio)
7MS #31: Network Detective (audio)
October 25, 2014 07:00 - 7 minutes - 3.45 MBNetwork Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more. Download: 7MS #31: Network Detective…
7MS #30: Managing Privileged Accounts (audio)
October 18, 2014 07:00 - 7 minutes - 3.77 MBMost organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem. Download: 7MS #30: Managing Privileged Accounts (audio)
7MS #29: Follow Up Then (audio)
October 11, 2014 07:00 - 7 minutes - 3.41 MBThis isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio)
7MS #28: Infosec for Kids? (audio)
September 27, 2014 07:00 - 7 minutes - 3.51 MBThis is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soaked world where there are constantly text/video/photos of them going online – to stay forever? Download: 7MS #28: Infosec for Kids?…
7MS #27: Backing Up with CrashPlan (audio)
September 20, 2014 07:00 - 7 minutes - 3.34 MBHey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Crashplan (audio)
7MS #26: The Importance of Training and Awareness (audio)
September 13, 2014 07:00 - 7 minutes - 3.64 MBTraining and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.” Download: 7MS #26:…
7MS #25: Writing Better Pentest Reports (audio)
August 23, 2014 07:00 - 8 minutes - 3.84 MBThis episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)
7MS #24: Why Wireless Scares Me (audio)
August 16, 2014 07:00 - 7 minutes - 3.34 MBThis episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio)
7MS #23: OSCP – part 2 (audio)
August 09, 2014 07:00 - 7 minutes - 3.36 MBIn this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you don’t do so hot on your final exam. Buffer overflows make…
7MS #22: Phishing with Black Squirrel (audio)
July 27, 2014 23:17 - 7 minutes - 3.72 MBIn this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool discussed in this podcast. I’ve been using it for phishing campaigns and it’s been excellent in that capacity.
7MS #21: OSCP – part 1 (audio)
July 20, 2014 12:25 - 7 minutes - 2.03 MBIn this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part, spoiler-free series about my experience with OSCP. With…
7MS #20: Moving from GoDaddy to DNSimple (audio)
July 15, 2014 13:56 - 7 minutes - 2.31 MBIn this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s humorous/awesome article pushed me over the edge and convinced me to give DNSimple a…
7MS #19: Kioptrix! (audio)
July 05, 2014 07:00 - 7 minutes - 2.07 MBIn this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…
7MS #18: Wireless Security 101 (audio)
June 22, 2014 17:56 - 7 minutes - 2.12 MBIn this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will demonstrate how easy it is to crack WEP. Stronger encryption such as WPA/WPA2…
7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)
June 14, 2014 07:00 - 7 minutes - 1.89 MBIn this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…
7MS #16: PwnPad Initial Impressions – part 2! (audio)
May 31, 2014 07:00 - 7 minutes - 1.83 MBIn this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…
7MS #15: PwnPad Initial Impressions (audio)
May 24, 2014 07:00 - 6 minutes - 1.61 MBIn this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad scripts/automates much of the “busy work” to capture WPA handshakes.
7MS #14: H8 4 Win8 (audio)
May 10, 2014 07:00 - 6 minutes - 1.65 MBIn this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn’t seem to auto-update on Win 8 unless you have updates set to auto download/install. I found a nifty script you can add as…
7MS #13: How to Get Pwned by HP (audio)
May 03, 2014 07:00 - 7 minutes - 1.73 MBIn this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show notes: My takeaways/recommendations from this experience: See a pic of my FortiClient picking up on…
7MS #12: Why My Domains Have Gan to Gandi (audio)
April 28, 2014 07:00 - 7 minutes - 1.71 MBIn this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Gan to Gandi (audio) Show notes: This episode is all about this article (https://medium.com/cyber-security/24eb09e026dd) in which a Twitter user…
7MS #11: Overtraining your iPhone Touch ID (video)
April 12, 2014 07:00 - 3 minutes - 27.2 MB VideoIn this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show notes: I first read about this from Steve Gibson of GRC at https://www.grc.com/sn/sn-440.htm. But I was listening to the audio-only version…
7MS #10: Information Security for the Whole Family – part 2 (audio)
April 05, 2014 07:00 - 7 minutes - 6.88 MBIn this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for the Whole Family – part 2 (audio) Show notes: If you have kids and are considering a tablet for them,…
7MS #9: Information Security for the Whole Family (audio)
March 29, 2014 07:00 - 7 minutes - 6.68 MBIn this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in your household, I’d recommend making sweeping network changes when your family members aren’t around (i.e. changing the wifi password :-)…
7MS #8: CISSP – Is That the Cert for Me? (audio)
March 22, 2014 07:00 - 7 minutes - 6.57 MBIn this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes with a whole slew of companion materials like a pre-assessment test, flashcards and 3 full practice exams.…
7MS #7: External Vulnerabilities that Byte (audio)
March 15, 2014 07:00 - 7 minutes - 6.63 MBEpisode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk that we find just about anywhere SSL is used, but in…
7MS #6: Fun Firewall Rules – part 2 (audio)
March 08, 2014 07:00 - 7 minutes - 6.49 MBIn this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external servers you use). Anytime a firewall rule is changed, perform a vulnerability scan…
7MS #5: Fun Firewall Rules – part 1 (audio)
March 01, 2014 07:00 - 7 minutes - 6.66 MBIn this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a third party mail filter like Postini or Securence, ensure that…
7MS #4: Patch Strategies: Part Deux (audio)
February 22, 2014 07:00 - 6 minutes - 6.38 MBIn this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to enterprise gear patching (like routers, switches, firewalls). 1. If it ain’t broke, don’t…
7MS #3: Patch Strategies: Part 1 (audio)
February 13, 2014 14:47 - 7 minutes - 6.43 MBIn this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house patched well – but the third party apps (Java/Flash/Reader/etc.)? Not so much…but that’s just…
7MS #2: The Importance of Logging and Alerting! (audio)
February 01, 2014 18:50 - 7 minutes - 6.43 MBIn this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show notes: Public-facing terminal servers without 2FA basically have a sign on their back that…
7MS #1: Epic Introduction! (audio)
February 01, 2014 16:17 - 7 minutes - 6.42 MBIn this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-). Download Episode 1: Epic Introduction to 7MS (MP3) I’ll…