Blog
Search all our posts or browse some of our most recent entries below:
7MS #712: How to Secure Your Community – Part 2
Hello friends. Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support Haven Watch. They give [...]
7MS #711: How to Secure Your Community
Hello friends, it's good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge. Today I share how my family and community has been affected by it. And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper [...]
7MS #710: I’m Taking a Break
Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club. It's a temporary break, so please don't unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want [...]
7MS #709: Second Impressions of Twingate
Hey friends, in episode #649 I gave you my first impressions of Twingate. It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don't forget: Our pentest class is coming up at the end of the month - more [...]
7MS #708: Tales of Pentest Fail – Part 6
After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I'd keep this momentum up and share another story of fail with you - this time about a Web app pentest [...]
7MS #707: Our New Pentest Course Has Launched!
Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 - Thursday, January 29 (9:00 a.m. - 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com. Today I talk about who should sign up for the course, what you should [...]
7MS #706: Tales of Pentest Pwnage – Part 80
I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the 7MinSec Club episode we did on the topic this week. Also, our January Light Pentest LITE:GOAD class is open for registration here!
7MS #705: A Phishing Campaign Fail Tale
This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing campaign that had plenty of "bites" but got immediately shut down - for reasons I still don't understand.
7MS #704: DIY Pentest Dropbox Tips – Part 12
Hola friends! My week has very much been about trying to turnaround pentest dropboxes as quickly as possible. In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a persistent remote access method Writing a Proxmox post-deployment script that installs Splashtop on the Windows VM, and resets the admin passwords on both VMs, all from the Proxmox SSH console without touching [...]
7MS #703: Tales of Pentest Pwnage – Part 79
Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pentesting puppet! Muahahahahaah!!!! Also: This week over at 7MinSec.club we looked at how to defend against some common SQL attacks We're very close to offering our brand new LPLITE:GOAD 3-day pentest course (likely in [...]
7MS #702: Should You Hire AI to Run Your Next Pentest?
Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?" It's not a pro-AI celebration, nor is it an anti-AI bashing. Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.