Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog2025-01-25T12:30:08-06:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #514: Tales of Pentest Pwnage – Part 34

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!Welcome to another fun tale of pentest pwnage! This one isn't a telling of one single pentest, but a collection of helpful tips and tricks I've been using on a bunch of [...]

By |March 30, 2022|Categories: podcast|Tags: |
Read More

7MS #513: Interview with Christopher Fielder and Jon Crotty of Arctic Wolf

Today we're joined by our friends Christopher Fielder and Jon Crotty from Arctic Wolf to talk about their interesting report on The State of Cybersecurity: 2022 Trends (note: you can get some of the report's key points here without needing to provide an email address). The three of us dig in to talk about some of the report's specific highlights, including:Many orgs are running the [...]

By |March 24, 2022|Categories: podcast|Tags: |
Read More

7MS #512: First Impressions of InsightIDR

This episode of 7 Minute Security is sponsored by Datadog. Now offering Cloud Security Posture Management (CPSM), Datadog provides one-click compliance posture. Built on the unified Datadog Agent and platform-wide cloud integrations, you can easily get set up minutes. Try it for yourself today and get a free Datadog t-shirt by going to https://datadog.com/7msToday I'm sharing some first impressions of the Rapid 7 InsightIDR as [...]

By |March 17, 2022|Categories: podcast|Tags: , |
Read More

7MS #511: How to Succeed in Business Without Really Crying – Part 10

Today we're continuing our series focused on [owning a security consultancy], talking specifically about:How not to give up on warm sales leads, even if they haven't panned out for 5+ years!Some cool Mac tools that help me manage 7MS - such as Craft and OmniFocusA sneak peek at a SIEM vendor that will soon be featured in an episode of Desperately Seeking a Super SIEM [...]

By |March 11, 2022|Categories: podcast|Tags: |
Read More

7MS #510: First Impressions of Tailscale

Today we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere." Is it really that cool and easy? Listen to today's episode to find out!

By |March 2, 2022|Categories: podcast|Tags: |
Read More

7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns – Part 4

Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do. This phishing page has served us well: <html><head><title>YourDomain.com - Office 365 Email Login</title> <style> body { background-image: url("https://YOURDOMAIN.com/static/backgroundimage.png"); background-repeat:no-repeat; background-size:cover; [...]

By |February 23, 2022|Categories: podcast|Tags: |
Read More

7MS #508: Tales of Pentest Pwnage – Part 33

Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack. We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion [...]

By |February 18, 2022|Categories: podcast|Tags: |
Read More

7MS #507: Interview with Matthew Warner of Blumira

Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendations, sysmon, sysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting Kerberoasting [...]

By |February 9, 2022|Categories: podcast|Tags: , , |
Read More

7MS #506: Tales of Pentest Pwnage – Part 32

Today's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always-under-construction list of things I try early in a pentest for maximum pwnage:Run PingCastleDo the SharpHound/BloodHound dumpsRun the DHCP poisoning module of ResponderCheck the ms-DS-MachineAccountQuota value in the domain - if its at the default (10), then any user can add machines to the [...]

By |February 3, 2022|Categories: podcast|Tags: |
Read More

7MS #505: Pwning Wifi PSKs and PMKIDs with Bettercap

Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Bettercap). For some background, I found that the Alfa Long-Range Dual-Band AC1200 Wireless USB 3.0 Wi-Fi Adapter w/2x 5dBi External Antennas – 2.4GHz 300Mbps/5GHz 867Mbps – 802.11ac & A, B, G, N works really [...]

By |January 28, 2022|Categories: podcast|Tags: , |
Read More

7MS #504: Monitoring All Your Cloud Thingies with UptimeRobot

Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing some fun tips to monitor your internal thingies as well - without the use of any extra agent software.A few tips:If you have a port like 80 or 443 that you have firewalled off to not allow any ol' host to hit, [...]

By |January 20, 2022|Categories: podcast|Tags: |
Read More

About Us

Services

Resources

© 2025 – 7 Minute Security

Go to Top