Blog
Search all our posts or browse some of our most recent entries below:
7MS #532: Tales of Pentest Pwnage – Part 39
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Hey friends, wow...we're up to thirty-nine episodes of pwnage? Should we make a cake when we hit the big 4-0?! Anyway, today's TLDL is this: If you get a nagging suspicion [...]
7MS #531: Interview with Christopher Fielder and Eugene Grant of Arctic Wolf
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know [...]
7MS #530: Tales of Pentest Pwnage – Part 38
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Hey friends, we have another fun tale of pwnage for you today. I loved this one because I got to learn some new tools I hadn't used before, such as:Get-InternalSubnets.ps1 - [...]
7MS #529: Interview with Matthew Warner of Blumira
Today we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as this one) when Matt gave us a fountain of info on why out-of-the-box Windows logging isn't awesome, and how to get it turned up to 11!Today, we talk about a cool report that Blumira put out called 2022 Blumira's State of Detection & [...]
7MS #528: Securing Your Family During and After a Disaster – Part 6
Today's episode is sponsored by Blumira!In today's episode, I try to get us thinking about our extended family's emergency/DR plan. Why? Because I recently had a close family member suffer a health scare, and it brought to light some questions we didn't have all the answers for:Do we have creds to log onto his computer?How about his email accounts?Do we have usernames/passwords for retirement accounts, [...]
7MS #527: First Impressions of Purple Knight
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!In today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and [...]
7MS #526: Tales of Pentest Pwnage – Part 37
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before: cached domain credentials. I also learned that you can [...]
7MS #525: First Impressions of InsightIDR – Part 2
Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:Active Directory enumeration via SharpHoundPassword spraying through RubeusKerberoasting and ASREPRoasting via RubeusNetwork protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.Pass-the-hash attacks with [...]
7MS #524: How to Update VMWare ESXi From the Command Line
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.I'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by video:Shortly after recording this video, I found this awesome [...]
7MS #523: Local Administrator Password Solution – RELOADED!
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!Well friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - specifically, the last time was way back in 2017!Lately I've been training some companies [...]
7MS #522: Pwning Wifi PSKs and PMKIDs with Bettercap – Part 2
Hey friends, a while back in episode #505 we talked about pwning wifi PSKs and PMKIDs with Bettercap. Today I'm revisiting that with even some more fun command line kung fu to help you zero in on just the networks you're interested in and filter out a bunch of noisy events from bettercap in the process: # In ESXI, shut down the host, then add a new USB device and choose [...]