Blog
Search all our posts or browse some of our most recent entries below:
7MS #361: Logging Made Easy
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!Today we're talking about Logging Made Easy, a project that, as its name implies...makes logging easy! I love it. It offers a simple, digestible walkthrough of several short "chapters" to get started. These chapters include:Chapter 1 - Set up Windows Event ForwardingChapter 2 – Sysmon InstallChapter 3A [...]
7MS makes Detectify’s “Recommended Web Security Podcasts for 2018” list
7MS is honored to be on Detectify's "Web security podcasts we are currently listening to" list.
7MS #360: Active Directory Security 101 – Part 2
This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. For more information, visit netwrix.com.In today's program we continue a series on fundamental Active Directory security that we started [...]
7MS #359: Windows 10 Security Baselining
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a hardening standard and/or baseline. Specifically, I cover:NIST STIG for Windows 10Heimdal Security - Windows 10 Hardening GuideCenter for Internet Security's security benchmarksWindows Security [...]
7MS #358: 4 Ways to Write a Better Pentest Report
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them:Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too [...]
7MS #357: 7 Minutes of IT and Security Tips
Today I'm launching an ongoing series called 7MOIST. It stands for:7MinutesofITandSecurityTipsThe wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long!I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right.Basically, this is my way of going old school and getting [...]
7MS #356: Faster Hard Drive Forensics with CyLR and CDQR
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources talked about on today's podcast include:Forensics 101 - a talk I did for the 7MS user group in JanuaryThe Digital Forensics Survival Podcast is a [...]
7MS #355: Mousejacking!
This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime.In this episode, we talk about the Mousejacking attack, which allows someone with a crazy radio (or other similar device) to inject keystrokes into vulnerable keyboards [...]
7MS #354: Tales of Internal Pentest Pwnage – Part 2
Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!):Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!)Got DA but stuck to find hot leads to where the crown jewels [...]
7MS #353: Tales of Internal Pentest Pwnage – Part 1
Buckle up! This is one of my favorite episodes.Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the "crown jewels" data, so I thought this would be a fun and informative narrative to share. Below are some highlights of topics/tools/techniques discussed:Building a [...]
7MS #352: Recap of Rad Red Team Training
I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series.TLDR and TLDL (too long don't listen): go take this training. Please. Now. The end. :-)If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the [...]