Blog
Search all our posts or browse some of our most recent entries below:
7MS #533: Tales of Pentest Pwnage – Part 40
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I [...]
7MS #532: Tales of Pentest Pwnage – Part 39
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Hey friends, wow...we're up to thirty-nine episodes of pwnage? Should we make a cake when we hit the big 4-0?! Anyway, today's TLDL is this: If you get a nagging suspicion [...]
7MS #531: Interview with Christopher Fielder and Eugene Grant of Arctic Wolf
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know [...]
7MS #530: Tales of Pentest Pwnage – Part 38
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Hey friends, we have another fun tale of pwnage for you today. I loved this one because I got to learn some new tools I hadn't used before, such as:Get-InternalSubnets.ps1 - [...]
7MS #529: Interview with Matthew Warner of Blumira
Today we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as this one) when Matt gave us a fountain of info on why out-of-the-box Windows logging isn't awesome, and how to get it turned up to 11!Today, we talk about a cool report that Blumira put out called 2022 Blumira's State of Detection & [...]
7MS #528: Securing Your Family During and After a Disaster – Part 6
Today's episode is sponsored by Blumira!In today's episode, I try to get us thinking about our extended family's emergency/DR plan. Why? Because I recently had a close family member suffer a health scare, and it brought to light some questions we didn't have all the answers for:Do we have creds to log onto his computer?How about his email accounts?Do we have usernames/passwords for retirement accounts, [...]
7MS #527: First Impressions of Purple Knight
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!In today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and [...]
7MS #526: Tales of Pentest Pwnage – Part 37
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before: cached domain credentials. I also learned that you can [...]
7MS #525: First Impressions of InsightIDR – Part 2
Today we're sharing an updates to episode #512 where we ran Rapid7's InsightIDR through a bunch of attacks:Active Directory enumeration via SharpHoundPassword spraying through RubeusKerberoasting and ASREPRoasting via RubeusNetwork protocol poisoning with Inveigh. Looking for a free way to detect protocol poisoning? Check out CanaryPi.Hash dumping using Impacket. I also talk about an interesting Twitter thread that discusses the detection of hash dumping.Pass-the-hash attacks with [...]
7MS #524: How to Update VMWare ESXi From the Command Line
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.I'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by video:Shortly after recording this video, I found this awesome [...]
7MS #523: Local Administrator Password Solution – RELOADED!
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!Well friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - specifically, the last time was way back in 2017!Lately I've been training some companies [...]