Blog
Search all our posts or browse some of our most recent entries below:
7MS #488: How to Succeed in Business Without Really Crying – Part 10
Today we continue our series focused on building a security consultancy and talk about:A phishing campaign that went off the rails, and lessons learned from itFirst impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor)A tangent story about how my wife brought some thieves to justice!
7MS #487: Light Pentest eBook Announcement!
Hey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical, step-by-step playbook for internal network penetration testing - is now available for purchase!Note: this eBook and the Light Pentest LITE training are two separate things, but do cover some of the same topics.The Light Pentest eBook covers:Grabbing and analyzing packet capturesAbusing insecure network protocolsExploiting (the [...]
7MS #486: Interview with Matt Quammen of Blue Team Alpha
Today our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Blue Team Alpha to talk about all things incident response! Topics covered include:Top 5 things to do and not do during ransomware eventChallenges when responding to ransomware eventsOpportunities to break into infosec/IRThe value of tabletop exercises, and some great ideas for conducting your ownIncident response stress and success storiesCyber insurance [...]
7MS #485: Interview with Christopher Fielder
Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet soup terms (like SIEM, SOC, EDR/MDR/XDR, ML, AI and more!), optimizing your SOC to "see" as much as possible, tackling vendor/customer communication problems, and simplifying security product pricing to make purchases less stressful for customers!And don't forget to check out [...]
7MS #484: Desperately Seeking a Super SIEM for SMBs – Part 3
This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msToday we're continuing our series called Desperately Seeking a Super SIEM for [...]
7MS #483: Desperately Seeking a Super SIEM for SMBs – Part 2
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!Today we continue our series we started recently (part 1 is here about finding a super SIEM for SMBs. Specifically I have some updates on (and frustrations with) Arctic Wolf, Elastic, Milton [...]
7MS #482: Creating Kick-Butt Credential-Capturing Phishing Campaigns – Part 3
Today we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital black hole if you're not careful!As I mentioned last week, I've been heavy into spinning up and tearing down phishing campaigns, so I finally got around to documenting everything in episode 481.This week I ran into a bizarre issue where test phishes to [...]
7MS #481: Creating Kick-Butt Credential-Capturing Phishing Campaigns – Part 2
Today we're revisiting how to make a kick-butt cred-capturing phishing campaign with Gophish, Amazon Lightsail, LetsEncrypt, ExpiredDomains.net and a special little extra something that makes creating phishing landing pages waaaaaaayyyyyyyyyy easier!For some quicker review, you can check out part 1 and also the complementary YouTube video, but I wanted to revisit this kick-butt process and update a few items:First, this SingleFile extension is amaaaaaaaazing for [...]
7MS #480: Desperately Seeking a Super SIEM for SMBs
This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msToday we're talking about the SIEM bake-off for SMBs that we've recently [...]
7MS #479: A Prelude to PwnTown
Hey friends, today we're talking about a new security training offering 7MinSec has created called Light Pentest LITE - Live Interactive Training Experience. It's a 3-day course (with each class session being 3 hours long) consisting of live (via Zoom), hands-on, instructor-led sessions that are focused on teaching you how to find, exploit and defend against common Active Directory weaknesses!Check out today's episode to learn [...]
7MS #478: Password Cracking in the Cloud – Part 4
This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msHey friends, today we're continuing our discussion of password cracking by sharing [...]