Today’s tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address. When you’re ready to fire off a t

7MS #631: Tales of Pentest Pwnage – Part 58

6 days ago 15m 57s

Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud’homme – fantastic resource for learning all about attack

7MS #630: Epic Road Trip Served with Security Sprinkles

13 days ago 45m 27s

Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including: Family members who don’t care about their personal security Weakpass – a cool collection of word lists for brute-forcing an

7MS #629: Interview with Stu Musil of Ambient Consulting

20 days ago 46m 23s

Today we have a fun featured interview with my new friend Stu Musil of Ambient Consulting I had a great time talking with Stu about bashing come common misconceptions people have about working with recruiters, plus tackling some frequently aske

7MS #628: How to Succeed in Business Without Really Crying – Part 17

29 days ago 9m 36s

Hey friends, today we talk about some not-so-glamorous but ever-so-important stuff related to running a cybersecurity consultancy, including: Taking an inventory of all the SaaS stuff your business uses – to keep an eye on spending, know when

7MS #627: Migrating from vCenter to Proxmox – Part 2

Jun 10th, 2024 35m 36s

Hey friends, today we continue our series all about migrating from VMWare to the world Proxmox! Specifically: Getting my first Proxmox-based NUCs out in the field for live engagements! Pulling the trigger on two bare-metal Proxmox servers to

7MS #626: Web Pentesting Pastiche

May 31st, 2024 50m 10s

Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about: Burp Suite Enterprise Caido – a lightweight alternative to Burp wfuzz – Web fuzzer. Using a proxy:wfuzz -c -z file,/usr/share/wfuz

7MS #625: A Peek into the 7MS Mail Bag - Part 4

May 24th, 2024 44m

Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag! Today’s questions include: How do you price internal network

7MS #624: Tales of Pentest Pwnage – Part 57

May 17th, 2024 29m 4s

Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off. But I d

7MS #623: Prelude to a Tale of Pentest Pwnage

May 10th, 2024 24m 52s

Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to 7minsec.com to see the notes in all their g

7MS #622: Migrating from vCenter to Proxmox - Part 1

May 5th, 2024 16m 31s

Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increa

7MS #621: Eating the Security Dog Food - Part 6

Apr 26th, 2024 23m 37s

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about: We’re going to get a third-party assessment on 7MinSec (the business) Tips for secure emai

7MS #620: Securing Your Mental Health - Part 5

Apr 21st, 2024 22m 54s

Today we’re talking about tips to deal with stress and anxiety: It sounds basic, but take breaks – and take them in a different place (don’t just stay in the office and do more screen/doom-scrolling) I’ve never gotten to a place in my workload

7MS #619: Tales of Pentest Pwnage – Part 56

Apr 14th, 2024 7m 2s

We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create “trap” files that coerce authentication, I’ve found way bett

7MS #618: Writing Savage Pentest Reports with Sysreptor

Apr 5th, 2024 38m 30s

Today’s episode is all about writing reports in Sysreptor. It’s awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module W

7MS #617: Tales of Pentest Pwnage – Part 55

Mar 29th, 2024 36m 19s

Hey friends, today we’ve got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say

7MS #616: Interview with Andrew Morris of GreyNoise

Mar 22nd, 2024 59m 4s

Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about: Young Andrew’s early adventures in hacking his school’s infrastructure (note: don’t try this at home, kids!) Meeting a pe

7MS #615: Tales of Pentest Pwnage – Part 54

Mar 19th, 2024 21m 48s

Hey friends, sorry I’m so late with this (er, last) week’s episode but I’m back! Today is more of a prep for tales of pentest pwnage, but topics covered include: Make sure when you’re snafflin‘ that you check for encrypted/obfuscated logins a

7MS #614: How to Succeed in Business Without Really Crying - Part 16

Mar 8th, 2024 36m 21s

How much fun I had attending and speaking at Netwrix Connect Being a sales guy in conference situations without being an annoying sales guy in conference situations A recap of the talk I co-presented about high profile breaches and lessons we

7MS #613: Tales of Pentest Pwnage – Part 53

Mar 1st, 2024 33m 24s

Today’s tale of pentest covers: Farming for credentials (don’t forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus

7MS #612: Pentestatonix - Part 2

Feb 25th, 2024 32m 23s

Hello friends, we’re still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we’ve been learning along the way: Snaffler – pairs nicely with PowerHuntShares to find juicy tidbits within file/folder shares

7MS #611: Pentestatonix

Feb 19th, 2024 34m 3s

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagemen

7MS #610: DIY Pentest Dropbox Tips – Part 9

Feb 9th, 2024 20m 25s

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL: The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files,

7MS #609: First Impressions of Sysreptor

Feb 2nd, 2024 30m 51s

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike

7MS #608: New Tool Release - EvilFortiAuthenticator

Jan 26th, 2024 43m 46s

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subse