Blog
Search all our posts or browse some of our most recent entries below:
7MS #494: Interview with Josh Burnham of Liquid Web
Today we chat with Josh Burnham, Security Operations Manager at Liquid Web. As someone who helps support and secure a hosted environment, Josh sleeps with one eye open :-). We talked about:How security in a hosting environment has changed from "back in the day" to todayTips for running a successful bug bounty programWhy your organization might want to utilize a security.txt fileTips on dealing with [...]
7MS #493: 7MOIST – Part 2
Hey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back with the second edition of 7MOIST and have some cool pentesting and general IT tips that will hopefully make your life a little awesome-r:Stuck on a pentest because EDR keeps gobbling your payloads? SharpCradle might just save the day!CrackMapExec continues to [...]
7MS #492: Tales of Pentest Pwnage – Part 29
Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using:Manual "open heart surgery" on the root of the Active Directory domainThe new totally rad DHCP poisoning module of ResponderAn opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago [...]
7MS #491: Interview with Louis Evans of Arctic Wolf
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including:History on cyber insurance - who's buying it, what it does and doesn't cover, and [...]
7MS #490: Desperately Seeking a Super SIEM for SMBs – Part 4
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to [...]
7MS #489: Ping Castle
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! [...]
7MS #488: How to Succeed in Business Without Really Crying – Part 10
Today we continue our series focused on building a security consultancy and talk about:A phishing campaign that went off the rails, and lessons learned from itFirst impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor)A tangent story about how my wife brought some thieves to justice!
7MS #487: Light Pentest eBook Announcement!
Hey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical, step-by-step playbook for internal network penetration testing - is now available for purchase!Note: this eBook and the Light Pentest LITE training are two separate things, but do cover some of the same topics.The Light Pentest eBook covers:Grabbing and analyzing packet capturesAbusing insecure network protocolsExploiting (the [...]
7MS #486: Interview with Matt Quammen of Blue Team Alpha
Today our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Blue Team Alpha to talk about all things incident response! Topics covered include:Top 5 things to do and not do during ransomware eventChallenges when responding to ransomware eventsOpportunities to break into infosec/IRThe value of tabletop exercises, and some great ideas for conducting your ownIncident response stress and success storiesCyber insurance [...]
7MS #485: Interview with Christopher Fielder
Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet soup terms (like SIEM, SOC, EDR/MDR/XDR, ML, AI and more!), optimizing your SOC to "see" as much as possible, tackling vendor/customer communication problems, and simplifying security product pricing to make purchases less stressful for customers!And don't forget to check out [...]
7MS #484: Desperately Seeking a Super SIEM for SMBs – Part 3
This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msToday we're continuing our series called Desperately Seeking a Super SIEM for [...]