Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog2025-01-25T12:30:08-06:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #512: First Impressions of InsightIDR

This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msToday I'm sharing some first impressions of the Rapid 7 InsightIDR as [...]

By |March 17, 2022|Categories: podcast|Tags: , |
Read More

7MS #511: How to Succeed in Business Without Really Crying – Part 10

Today we're continuing our series focused on [owning a security consultancy], talking specifically about:How not to give up on warm sales leads, even if they haven't panned out for 5+ years!Some cool Mac tools that help me manage 7MS - such as Craft and OmniFocusA sneak peek at a SIEM vendor that will soon be featured in an episode of Desperately Seeking a Super SIEM [...]

By |March 11, 2022|Categories: podcast|Tags: |
Read More

7MS #510: First Impressions of Tailscale

Today we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere." Is it really that cool and easy? Listen to today's episode to find out!

By |March 2, 2022|Categories: podcast|Tags: |
Read More

7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns – Part 4

Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do. This phishing page has served us well: <html><head><title>YourDomain.com - Office 365 Email Login</title> <style> body { background-image: url("https://YOURDOMAIN.com/static/backgroundimage.png"); background-repeat:no-repeat; background-size:cover; [...]

By |February 23, 2022|Categories: podcast|Tags: |
Read More

7MS #508: Tales of Pentest Pwnage – Part 33

Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack. We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion [...]

By |February 18, 2022|Categories: podcast|Tags: |
Read More

7MS #507: Interview with Matthew Warner of Blumira

Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendations, sysmon, sysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting Kerberoasting [...]

By |February 9, 2022|Categories: podcast|Tags: , , |
Read More

7MS #506: Tales of Pentest Pwnage – Part 32

Today's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always-under-construction list of things I try early in a pentest for maximum pwnage:Run PingCastleDo the SharpHound/BloodHound dumpsRun the DHCP poisoning module of ResponderCheck the ms-DS-MachineAccountQuota value in the domain - if its at the default (10), then any user can add machines to the [...]

By |February 3, 2022|Categories: podcast|Tags: |
Read More

7MS #505: Pwning Wifi PSKs and PMKIDs with Bettercap

Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Bettercap). For some background, I found that the Alfa Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi Adapter w/2x 5dBi External Antennas – 2.4GHz 300Mbps/5GHz 867Mbps – 802.11ac & A, B, G, N works really [...]

By |January 28, 2022|Categories: podcast|Tags: , |
Read More

7MS #504: Monitoring All Your Cloud Thingies with UptimeRobot

Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing some fun tips to monitor your internal thingies as well - without the use of any extra agent software.A few tips:If you have a port like 80 or 443 that you have firewalled off to not allow any ol' host to hit, [...]

By |January 20, 2022|Categories: podcast|Tags: |
Read More

7MS #503: First Impressions of Brute Ratel

Today's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup, and much easier to use (IMHO) than Cobalt Strike. I also talk specifically about some of my favorite command line features, how slick and simple lateral movement is, and the "killer feature" that makes me giggle like the bad guy from Sonic the Hedgehog.In the tangent [...]

By |January 12, 2022|Categories: podcast|Tags: , , |
Read More

7MS #502: Building a Pentest Lab in Azure

Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the [...]

By |January 5, 2022|Categories: podcast|Tags: |
Read More

About Us

Services

Resources

© 2025 – 7 Minute Security

Go to Top