Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog/Podcast2024-09-13T09:35:51-05:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #651: Tales of Pentest Pwnage – Part 66

Hey friends, we've got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate!  There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!

By |November 22, 2024|Categories: podcast|Tags: |

7MS #650: Tales of Pentest Pwnage – Part 65

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a "hidden" SQL account, and that account ended up being the key to the entire pentest!  I wonder how many hidden SQL accounts I've missed on past pentests....SIGH! Check out the awesome BloodHound gang thread about this here. Also, can't get Rubeus monitor [...]

By |November 15, 2024|Categories: podcast|Tags: |

7MS #649: First Impressions of Twingate

Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we'd like them to be)!  It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we've talked about quite a bit here.  In other news, we've moved from Teachable to Coursestack, so if you've bought training/ebooks with us before, you should've received [...]

By |November 8, 2024|Categories: podcast|Tags: , |

7MS #646: Baby’s First Incident Response with Velociraptor

 Hey friends, today I'm putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment.  Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to "phone home" to you [...]

By |October 18, 2024|Categories: podcast|Tags: |

7MS #644: Tales of Pentest Pwnage – Part 64

Hey!  I'm speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester!  Today's tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate!  It also emphases that cracking NETLM/NETNTLMv1 isn't super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!

By |October 4, 2024|Categories: podcast|Tags: |

7MS #642: Interview with Ron Cole of Immersive Labs

Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE

By |September 23, 2024|Categories: podcast|Tags: |
Go to Top