Blog
Search all our posts or browse some of our most recent entries below:
7MS #604: A Two Tool Teaser
Today we tease two upcoming tool releases (shooting for Q1, 2024):TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, [...]
7MS #603: Monitoring Your Tailscale Network with Uptime Kuma
Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in [...]
7MS #602: How to Succeed in Business Without Really Crying – Part 14
Today we're talkin' business! Specifically:How to (gently) say "no" to (some) client projectsHow to (politely) challenge end-of-year deadlinesAn idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma
7MS #601: Breaking Up With Active Directory
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers:Why would you want to consider removing AD from your environment?What are common items to plan for?What steps should you take to efficiently plan a migration?What common challenges or considerations will you face?
7MS #600: First Impressions of Using AI on Penetration Tests
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox.Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic [...]
7MS #599: Baby’s First Responsible Disclosure
Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of:BulletsPassViewMITMsmtpmitmproxy
7MS #598: Hacking Billy Madison – Part 4
Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I:Find Eric's secret SSH back doorLocate and decrypt a hidden file with Billy's homeworkBuild wordlists with cewlSave Billy from the evil clutches of Eric Gordon!!!
7MS #597: Let’s JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy) with Robert McCurdy
Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment and much more! From a pentesting POV, you can whip up an Android pentesting environment, BloodHound/SharpHound combo, Burp Suite...give it a spin!
7MS #596: How to Succeed in Business Without Really Crying – Part 13
After about a year break (last edition of this series was in October, 2022, we're back with an updated episode of How to Succeed in Business Without Really Crying. We cover:Why we're not planning on selling the business any time soonFast Google Dorks ScanUsing ProtonVPN via command lineOur pre first impressions of a pentesting SaaS tool you've almost definitely heard of
7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira
Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR related? Can you get them all from one vendor - and should you? Do you run them on-prem, in the cloud, or both? Join us as Matt answers these [...]
7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes
Today we're talking about how you can use PatchMyPC to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest patches!