Blog
Search all our posts or browse some of our most recent entries below:
7MS #666: Tales of Pentest Pwnage – Part 68
Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space - for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!
7MS #665: What I’m Working on This Week – Part 2
Hello there friends, I'm doing another "what I'm working on this week" episode which includes: BPATTY v1.6 release - big/cool/new content to share here PWPUSH - this looks to be an awesome way (both paid and free) to securely share files and passwords Also, 7 Minute Security was featured on WebsitePlanet.com this week to discuss: Our business origin story Services we offer Emerging trends in [...]
7MS #664: What I’m Working on This Week
In today's episode I talk about what I'm working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec's MSSQL upload/download functionality
7MS #663: Pentesting GOAD SCCM
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager! Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin
7MS #662: Pentesting Potatoes – Part 2
Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise). I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help [...]
7MS #661: Baby’s First Hetzner and Ludus – Part 2
Today we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range! Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM - you can get a version of pxethief that runs in [...]
7MS #660: Baby’s First Hetzner and Ludus
I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives). Once I got past that, though, I got my first taste of the amazing world of Ludus.cloud, where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it. Can't say enough good things about [...]
7MS #659: Eating the Security Dog Food – Part 8
Today I'm excited about some tools/automation I've been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for "last update" changes using a basic Python script
7MS #658: WPA3 Downgrade Attacks
Hey friends, today we cover: The shiny new 7MinSec Club BPATTY updates A talk-through of the WPA3 downgrade attack, complemented by the YouTube livestream
7MS #657: Writing Rad Security Documentation with Retype
Hello friends! Today we're talking about a neat and quick-to-setup documentation service called Retype. In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus, but I think Retype definitely gives it a run for its money.
7MS #656: How to Succeed in Business Without Really Crying – Part 21
Happy new year friends! Today we talk about business/personal resolutions, including: New year's resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident