Blog
Search all our posts or browse some of our most recent entries below:
7MS #621: Eating the Security Dog Food – Part 6
Today we revisit a series about eating the security dog food - in other words, practicing what we preach as security gurus! Specifically we talk about: We're going to get a third-party assessment on 7MinSec (the business) Tips for secure email backup/storage Limiting the retention of sensitive data you store in cloud places
7MS #620: Securing Your Mental Health – Part 5
Today we're talking about tips to deal with stress and anxiety: It sounds basic, but take breaks - and take them in a different place (don't just stay in the office and do more screen/doom-scrolling) I've never gotten to a place in my workload where I go "Ahhh, all caught up!" so I should stop striving to hit that invisible goal. Chiropractic and back massages have [...]
7MS #619: Tales of Pentest Pwnage – Part 56
We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create "trap" files that coerce authentication, I've found way better results using Windows Search Connectors (.searchConnector-ms) files This matrix of "can I relay this to that" has been super helpful, especially early in engagements
7MS #618: Writing Savage Pentest Reports with Sysreptor
Today's episode is all about writing reports in Sysreptor. It's awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module Warning: Sysreptor only exports to PDF (no Word version option!) Sysreptor has helped us write reports faster without sacrificing quality
7MS #617: Tales of Pentest Pwnage – Part 55
Hey friends, today we've got a tale of pentest pwnage that covers: Passwords - make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)! Making sure you go after cached credentials Attacking SCCM - Misconfiguration Manager is an absolute gem [...]
7MS #616: Interview with Andrew Morris of GreyNoise
Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about: Young Andrew's early adventures in hacking his school's infrastructure (note: don't try this at home, kids!) Meeting a pentester for the first time, and getting his first pentesting job Spinning up a box on the internet, having it get popped instantly, and wondering..."Are all [...]
7MS #615: Tales of Pentest Pwnage – Part 54
Hey friends, sorry I'm so late with this (er, last) week's episode but I'm back! Today is more of a prep for tales of pentest pwnage, but topics covered include: Make sure when you're snafflin' that you check for encrypted/obfuscated logins and login strings - it might not be too tough to decrypt them! On the defensive side, I've found myself getting *blocked* doing things [...]
7MS #614: How to Succeed in Business Without Really Crying – Part 16
Today we're talkin' business again - specifically as it relates to: How much fun I had attending and speaking at Netwrix Connect Being a sales guy in conference situations without being an annoying sales guy in conference situations A recap of the talk I co-presented about high profile breaches and lessons we can learn from them
7MS #613: Tales of Pentest Pwnage – Part 53
Today's tale of pentest covers: Farming for credentials (don't forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus
7MS #612: Pentestatonix – Part 2
Hello friends, we're still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we've been learning along the way: Snaffler - pairs nicely with PowerHuntShares to find juicy tidbits within file/folder shares Group3r - helps you find interesting and potentially abusable Group Policy Object configurations Farmer - totally awesome toolkit for dropping tricky files on shares that will [...]
7MS #611: Pentestatonix
Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagements: GraphRunner - awesome PowerShell toolkit for interacting with Microsoft Graph API. From a pentesting perspective, it may [...]