Blog
Search all our posts or browse some of our most recent entries below:
7MS #725: Building a Bulletproof Backup Solution
Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — and honestly pretty bulletproof — backup setup for both home and work. Claude played a big role in helping me sort it all out. Here's what we get into: [...]
7MS #724: Tales of Pentest Pwnage – Part 85
Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back external assessments, so it felt like a good time to talk about it. Here's what we get into: Scoping headaches — why the old "count your public IPs and multiply by a big [...]
7MS #723: CARTP – Cloud Red Team Tactics for Attacking and Defending Azure – Part 1
Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren't your thing! The security part: starting CARTP I've started the Certified Azure Red Team Professional course from Altered Security (enterprisesecurity.io). It's the Azure follow-up to CRTP, [...]
7MS #722: I Turned My Phone Into a Brick
Hey friends! Quasi-vacation week over here, so today's episode is lighter and more personal: just a story about how I turned my phone into a "brick" (kind of) and what that's done for my mental health over the past week. The product is called Brick (getbrick.com). Not sponsored, no discount code — just something I've genuinely been enjoying. It's a $50 NFC dongle + [...]
7MS #721: Fun Professional and Personal AI Project Ideas – Part 2
Hello friends! Picking up the AI-automation series from a couple weeks back — here's another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had to upgrade to Claude Max. No, I'm not trying to automate myself out of a job — just freeing up bandwidth for the more interesting parts of work/life. QuickBooks invoice automation: Got [...]
7MS #720: Tales of Pentest Pwnage – Part 84
Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dancer son Atticus at DadOfADancer.com. Speaking of Atticus — he just landed a spot in Master Ballet Academy's summer program in Phoenix, and I am a very proud dance dad [...]
7MS #719: Baby’s First OpenClaw
Hey friends! This week's episode is "Baby's First OpenClaw" – basically me shouting into the void hoping a smart listener will DM me and explain why this thing is supposed to be life-changing. Because right now? I'm a little underwhelmed. Here's the journey so far: The Mac mini quest: After seeing OpenClaw all over my feeds (people curing diseases! solving crimes!), I caved and [...]
7MS #718: Fun Professional and Personal AI Project Ideas
Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better - still recovering, but appetite's back and she's got some pep again. Thanks so much to everyone who sent kind messages.) Today I'm gushing about how AI has been making my IT and security life way more efficient: Firewall migration: [...]
7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)
Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip to Punta Cana, and in the chaos of navigating a foreign hospital at 2 a.m. with zero sleep and a pile of Spanish medical documents, I threw every privacy best practice I've [...]
7MS #716: Tales of Pentest Pwnage – Part 83
Today is my favorite pentest pwnage tale of 2026 - and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share This post featured interesting use of the Responder -N option
7MS #715: Tales of Pentest Pwnage – Part 82
Hola friends! Today's another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific reference in today's podcast that may be helpful to you is setting up ntlmrelayx to listen on port 3128.