Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog2025-01-25T12:30:08-06:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #570: How to Build a Vulnerable Pentest Lab – Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!In today's episode we staged an NTLM relay attack using a vulnerable SQL server.First we used CrackMapExec (see our two part series on Cracking and Mapping and Execing with CrackMapExec - part [...]

By |May 5, 2023|Categories: podcast|Tags: , |
Read More

7MS #569: Interview with Jim Simpson of Blumira

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like Duo. Blumira and 7 Minute Security have a shared love for helping SMBs be more secure, so it was great to chat with Jim about the IT/security [...]

By |April 28, 2023|Categories: podcast|Tags: |
Read More

7MS #568: Lets Play With the 2023 Local Administrator Password Solution!

Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesome, it's a necessary blue team control for any size company, and you should basically stop reading this and install LAPS now.

By |April 21, 2023|Categories: podcast|Tags: , |
Read More

7MS #567: How to Build an Intentionally Vulnerable SQL Server

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:Download SQL Server hereInstall SQL via config .ini fileOr, install SQL via pure command lineDeploy SQL with a service account while also starting TCP/IP and named pipes automagically:setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION="install" /FEATURES=SQL /INSTANCENAME=MSSQLSERVER /TCPENABLED=1 /NPENABLED=1 /SQLSVCACCOUNT="YOURDOMAIN\YOUR-SERVICE-ACCOUNT" /SQLSVCPASSWORD="YOUR PASSWORD" /SQLSYSADMINACCOUNTS="YOURDOMAIN\administrator" "YOURDOMAIN\domain users"Run PowerUpSQL to [...]

By |April 14, 2023|Categories: podcast|Tags: |
Read More

7MS #566: Tales of Pentest Pwnage – Part 47

Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to a new trick that one of our favorite old tools can do:rubeus.exe monitor /interval:5 /nowrap /runfor:60 /registry:SOFTWARE\MONITOR

By |March 31, 2023|Categories: podcast|Tags: |
Read More

7MS #565: How to Simulate Ransomware with a Monkey

Hey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way to show your team and execs just how quick and deadly an infection can be to your business. You can feed the monkey a list of usernames and passwords/hashes to use for lateral movement, test network segmentation, set a UNC path of files to [...]

By |March 24, 2023|Categories: podcast|Tags: , |
Read More

7MS #564: First Impressions of OVHcloud Hosted vCenter

Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR:It runs on vCenter, my first and only virtualization love!Unlimited VM "powered on" time and unlimited bandwidthIntergration with PowerShell so you can run a single script to "heal" your environment to a gold imageEasy integration with pfSense to be able to manage [...]

By |March 17, 2023|Categories: podcast|Tags: |
Read More

7MS #563: Cracking and Mapping and Execing with CrackMapExec – Part 2

Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover: # Enumerate where your user has local admin rights: cme smb x.x.x.x/24 -u user -p password # Set wdigest flag: cme smb x.x.x.x -u user -p password -M wdigest -o ACTION=enable # Dump AD creds: cme smb IP.OF.DOMAIN.CONTROLLER -u user -p password --ntds [...]

By |March 10, 2023|Categories: podcast|Tags: |
Read More

7MS #562: Cracking and Mapping and Execing with CrackMapExec

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically: # General enumeration to see if your account works, and where: cme smb x.x.x.x -u username [...]

By |March 3, 2023|Categories: podcast|Tags: |
Read More

7MS #561: Interview with Chris Furner of Blumira

Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today at blumira.com/7ms!Today I sat down with Chris Furner of Blumira to talk about all things cyber insurance. Many of 7MinSec's clients are renewing their policies this time of [...]

By |February 24, 2023|Categories: podcast|Tags: |
Read More

7MS #560: 7MOOCH – Dolphin Rides Are Done Dude

Hey friends, I took a mental health break this week and pre-podcasted this episode of a new series called 7MOOCH: 7 Minutes of Only Chuckles. In today's story, we unpack a situation in Hawaii that made me exclaim the following quite loudly: "Dolphin rides are done, dude!"

By |February 17, 2023|Categories: podcast|Tags: |
Read More

About Us

Services

Resources

© 2025 – 7 Minute Security

Go to Top