Welcome! 7 Minute Security podcast episode show notes are here, our “third Thursday” YouTube livestream is here, and our Light Pentest eBook is here.

Blog/Podcast2024-09-13T09:35:51-05:00

Blog

Search all our posts or browse some of our most recent entries below:

7MS #577: Tales of Pentest Pwnage – Part 48

Holy schnikes - this episode is actually 7 minutes long! What a concept!Anyway, today I give you a couple tips that have helped me pwn some internal networks the last few weeks, including:Getting a second (and third?) opinion on Active Directory Certificate Services vulnerabilities!Analyzing the root domain object in BloodHound to find some misconfigs that might equal instant domain admin access!

By |June 16, 2023|Categories: podcast|

7MS #575: Annoying Attackers with ADHD – Part 2

Hey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! The tools covered today include: PHP-HTTP-TARPIT A tool to confuse and waste bot/scanner/hacker time. Grab it here and check out our setup instructions: sudo git clone https://github.com/msigley/PHP-HTTP-Tarpit.git /opt/tarpit cd /opt/tarpit sudo mv la_brea.php /var/www/html/index.php cd /var/www/html/ # Delete [...]

By |June 9, 2023|Categories: podcast|Tags: , |

7MS #574: Annoying Attackers with ADHD

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Hey friends! Today we're looking at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! ADHD gets you up and running with [...]

By |June 2, 2023|Categories: podcast|Tags: , |

7MS #573: Securing Your Mental Health – Part 4

Today we're talking about reducing anxiety by hacking your mental health with these tips:Using personal automation to text people important remindersUsing Remind to create a personal communication "class" with your family membersUsing Smartsheet (not a sponsor) to create daily email "blasts" to yourself about all the various project todos you need to tackle

By |May 26, 2023|Categories: podcast|Tags: |

7MS #571: Simple Ways to Test Your SIEM – Part 2

Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit and built a refreshed a two-part GitHub gist that covers:Questions you can ask a prospective SIEM/SOC solution to figure out which one is the right fit for youAll [...]

By |May 12, 2023|Categories: podcast|Tags: |

7MS #570: How to Build a Vulnerable Pentest Lab – Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!In today's episode we staged an NTLM relay attack using a vulnerable SQL server.First we used CrackMapExec (see our two part series on Cracking and Mapping and Execing with CrackMapExec - part [...]

By |May 5, 2023|Categories: podcast|Tags: , |

7MS #569: Interview with Jim Simpson of Blumira

Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like Duo. Blumira and 7 Minute Security have a shared love for helping SMBs be more secure, so it was great to chat with Jim about the IT/security [...]

By |April 28, 2023|Categories: podcast|Tags: |

7MS #568: Lets Play With the 2023 Local Administrator Password Solution!

Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesome, it's a necessary blue team control for any size company, and you should basically stop reading this and install LAPS now.

By |April 21, 2023|Categories: podcast|Tags: , |

7MS #567: How to Build an Intentionally Vulnerable SQL Server

Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:Download SQL Server hereInstall SQL via config .ini fileOr, install SQL via pure command lineDeploy SQL with a service account while also starting TCP/IP and named pipes automagically:setup.exe /Q /IACCEPTSQLSERVERLICENSETERMS /ACTION="install" /FEATURES=SQL /INSTANCENAME=MSSQLSERVER /TCPENABLED=1 /NPENABLED=1 /SQLSVCACCOUNT="YOURDOMAIN\YOUR-SERVICE-ACCOUNT" /SQLSVCPASSWORD="YOUR PASSWORD" /SQLSYSADMINACCOUNTS="YOURDOMAIN\administrator" "YOURDOMAIN\domain users"Run PowerUpSQL to [...]

By |April 14, 2023|Categories: podcast|Tags: |

7MS #566: Tales of Pentest Pwnage – Part 47

Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to a new trick that one of our favorite old tools can do:rubeus.exe monitor /interval:5 /nowrap /runfor:60 /registry:SOFTWARE\MONITOR

By |March 31, 2023|Categories: podcast|Tags: |
Go to Top