Blog
Search all our posts or browse some of our most recent entries below:
7MS #610: DIY Pentest Dropbox Tips – Part 9
Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL: The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files, I decided it would be more efficient to have the Kali ISO call that preseed file directly over HTTP (rather than make a [...]
7MS #609: First Impressions of Sysreptor
Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. It is easy to stand up with Docker, has built-in MFA and a great hybrid WYSIWYG/code editor. The only scary part? There is no export to Word (insert suspenseful music [...]
7MS #608: New Tool Release – EvilFortiAuthenticator
Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts! We talk about BulletsPassView [...]
7MS #607: How to Succeed in Business Without Really Crying – Part 15
Today we talk about some business-y things like: A *pre* first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects
7MS #606: Hacking OWASP Juice Shop (2024 edition)
Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today:Found the score boardBullied the chatbotFired a DOM XSSLocated a confidential documentGave the Juice Shop [...]
7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira
Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024!P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588.Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024!
7MS #604: A Two Tool Teaser
Today we tease two upcoming tool releases (shooting for Q1, 2024):TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, [...]
7MS #603: Monitoring Your Tailscale Network with Uptime Kuma
Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in [...]
7MS #602: How to Succeed in Business Without Really Crying – Part 14
Today we're talkin' business! Specifically:How to (gently) say "no" to (some) client projectsHow to (politely) challenge end-of-year deadlinesAn idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma
7MS #601: Breaking Up With Active Directory
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers:Why would you want to consider removing AD from your environment?What are common items to plan for?What steps should you take to efficiently plan a migration?What common challenges or considerations will you face?
7MS #600: First Impressions of Using AI on Penetration Tests
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox.Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic [...]