Blog
Search all our posts or browse some of our most recent entries below:
7MS #657: Writing Rad Security Documentation with Retype
Hello friends! Today we're talking about a neat and quick-to-setup documentation service called Retype. In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus, but I think Retype definitely gives it a run for its money.
7MS #656: How to Succeed in Business Without Really Crying – Part 21
Happy new year friends! Today we talk about business/personal resolutions, including: New year's resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident
7MS #655: Happy Hacking Holidays
Today we're doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with cursor.ai, and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy. Links discussed today: AWUS036ACH wifi card (not my favorite anymore) Panda PAU09 N600 (love this one!) The very important Github issue that helped me better understand BPFs and WPA3 attacks TrustedSec [...]
7MS #654: Tales of Pentest Pwnage – Part 67
Today we've got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored cherry on top is a tale of [...]
7MS #653: How to Succeed in Business Without Really Crying – Part 20
Hey friends, today we're talking about tips to effectively present your technical assessment to a variety of audiences - from lovely IT and security nerds to C-levels, the board and beyond!
7MS #652: Securing Your Mental Health – Part 6
Today's episode talks about some things that helped me get through a stressful and hospital-visit-filled Thanksgiving week, including: Journaling Meditation (An activity I'm ashamed of but has actually done wonders for my mental health)
7MS #651: Tales of Pentest Pwnage – Part 66
Hey friends, we've got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate! There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!
7MS #650: Tales of Pentest Pwnage – Part 65
Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a "hidden" SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I've missed on past pentests....SIGH! Check out the awesome BloodHound gang thread about this here. Also, can't get Rubeus monitor [...]
7MS #649: First Impressions of Twingate
Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we'd like them to be)! It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we've talked about quite a bit here. In other news, we've moved from Teachable to Coursestack, so if you've bought training/ebooks with us before, you should've received [...]
7MS #648: First Impressions of Level.io
Hey friends, today I'm sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.
7MS #647: How to Succeed in Business Without Really Crying – Part 19
Today we're talkin' business - specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).