Blog
Search all our posts or browse some of our most recent entries below:
7MS #718: Fun Professional and Personal AI Project Ideas
Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better - still recovering, but appetite's back and she's got some pep again. Thanks so much to everyone who sent kind messages.) Today I'm gushing about how AI has been making my IT and security life way more efficient: Firewall migration: [...]
7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)
Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip to Punta Cana, and in the chaos of navigating a foreign hospital at 2 a.m. with zero sleep and a pile of Spanish medical documents, I threw every privacy best practice I've [...]
7MS #716: Tales of Pentest Pwnage – Part 83
Today is my favorite pentest pwnage tale of 2026 - and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share This post featured interesting use of the Responder -N option
7MS #715: Tales of Pentest Pwnage – Part 82
Hola friends! Today's another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific reference in today's podcast that may be helpful to you is setting up ntlmrelayx to listen on port 3128.
7MS #714: Tales of Pentest Pwnage – Part 81
Hello friends! We're back with a fun tale of internal network pentest pwnage. This one highlights how AI can be used (with some guardrails!) to automate the boring stuff - and even help you pick part DLLs to find gold nuggets! P.S. - I do recommend you check out our last three episodes that are all about securing your community, and please check out this [...]
7MS #713: How to Secure Your Community – Part 3
Hello friends, in today's edition of How to Secure Your Community, I give a brief recap of part 1 and part 2, and then dive into some cool phone shortcuts you can setup so that with a single tap, you can alert friends/family that you're having an encounter with law enforcement and may need an assist. Here's the things/links discussed: This great Rolling Stone article [...]
7MS #712: How to Secure Your Community – Part 2
Hello friends. Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support Haven Watch. They give [...]
7MS #711: How to Secure Your Community
Hello friends, it's good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge. Today I share how my family and community has been affected by it. And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper [...]
7MS #710: I’m Taking a Break
Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club. It's a temporary break, so please don't unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want [...]
7MS #709: Second Impressions of Twingate
Hey friends, in episode #649 I gave you my first impressions of Twingate. It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don't forget: Our pentest class is coming up at the end of the month - more [...]
7MS #708: Tales of Pentest Fail – Part 6
After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I'd keep this momentum up and share another story of fail with you - this time about a Web app pentest [...]