Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog2025-01-25T12:30:08-06:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe "The Machine" Skeen and I tackled GOAD (Game of Active Directory) again - this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

By |May 16, 2025|Categories: podcast|Tags: |

7MS #674: Tales of Pentest Pwnage – Part 71

 Today's tale of pentest pwnage is another great one!  We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all "branches" of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

By |May 9, 2025|Categories: podcast|Tags: |

7MS #673: ProxmoxRox

 Today we're excited to release ProxmoxRox - a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs.  Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14!  More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

By |May 3, 2025|Categories: podcast|Tags: , , |

7MS #672: Tales of Pentest Pwnage – Part 70

Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

By |April 25, 2025|Categories: podcast|Tags: |

7MS #671: Pentesting GOAD

Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

By |April 18, 2025|Categories: podcast|Tags: |

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I'm kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today's episode with a short live video over at 7MinSec.club.

By |April 11, 2025|Categories: podcast|Tags: |

7MS #668: Tales of Pentest Pwnage – Part 69

 Hola friends! Today's tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump - for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action 'write' -rights 'FullControl' -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip [...]

By |March 28, 2025|Categories: podcast|Tags: |

7MS #667: Pentesting GOAD SCCM – Part 2!

 Hey friends, our good buddy Joe "The Machine" Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again!  Spoiler alert: this time we get DA!  YAY! Definitely check out these handy SCCM resources to help you - whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager - tremendous resource for [...]

By |March 21, 2025|Categories: podcast|Tags: |

7MS #666: Tales of Pentest Pwnage – Part 68

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space - for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

By |March 15, 2025|Categories: podcast|Tags: |
Go to Top