7MS #682: Securing Your Family During and After a Disaster – Part 7
7 Minute Security
Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.
info_outline
7MS #681: Pentesting GOAD – Part 3
7 Minute Security
Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of : essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.
info_outline
7MS #680: Tips for a Better Purple Team Experience
7 Minute Security
Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context
info_outline
7MS #679: Tales of Pentest Pwnage – Part 73
7 Minute Security
In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday. I also talk about (and how it might break your pentest deployments if you use ).
info_outline
7MS #678: How to Succeed in Business Without Really Crying – Part 22
7 Minute Security
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!
info_outline
7MS #677: That One Time I Was a Victim of a Supply Chain Attack
7 Minute Security
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
info_outline
7MS #676: Tales of Pentest Pwnage – Part 72
7 Minute Security
Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.
info_outline
7MS #675: Pentesting GOAD – Part 2
7 Minute Security
Hey friends! Today Joe “The Machine” Skeen and I tackled again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!
info_outline
7MS #674: Tales of Pentest Pwnage – Part 71
7 Minute Security
Today’s tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in ) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing (obfuscate it first!) A personal update on my frustration with ringing in my ears
info_outline
7MS #673: ProxmoxRox
7 Minute Security
Today we’re excited to release – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details . We did our second this week and showed you some local privesc techniques when you have local admin on an endpoint
info_outlineToday we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about:
- We’re going to get a third-party assessment on 7MinSec (the business)
- Tips for secure email backup/storage
- Limiting the retention of sensitive data you store in cloud places