7 Minute Security

Happy Thanksgiving week friends! Today we’re celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using  to hijack a GPO and turn it into our pentesting puppet!  Muahahahahaah!!!!  Also: This week over at  we looked at how to defend against some common SQL attacks We’re very close to offering our brand new LPLITE:GOAD 3-day pentest course (likely in mid-January). It will get announced on  first, so please make sure you’re subscribed there (it’s free!) Did you miss our talk called...

7 Minute Security

Hello friends, in today’s episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called “Should You Hire AI to Run Your Next Pentest?”  It’s not a pro-AI celebration, nor is it an anti-AI bashing.  Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.

7 Minute Security

Hello friends!  This week I’m talking about what I’m working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the . Playing with  (I will show this live on next week’s ). The Light Pentest logo contest has a winner!

7 Minute Security

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn’t think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time! The topic of today’s episode is Pretender (which you can download  and read a lot more about ).  The tool authors explain the motivation behind the tool: “We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of  and only the name resolution...

7 Minute Security

Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/testing backups and restores Ensuring your auto coverage is up to snuff

7 Minute Security

Today I give a quick review of the cloud version of  (not a sponsor!).

7 Minute Security

Today your pal and mine Joe “The Machine” Skeen pwn one of the two  domains!  This pwnage included: Swiping service tickets in the name of high-priv users Dumping secrets from wmorkstations Disabling AV Extracting hashes of gMSA accounts We didn’t get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind.  Going forward, I’m thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish.  My first thought would be to do one long livestream where...

7 Minute Security

In today’s episode: I got a new  I really like  as a security ticketing system (not a sponsor) The  2-day training was great.  Highly recommend.  I got inspired to take this class after watching the 1-hour primer .

7 Minute Security

Today’s tale of pentest pwnage involves: Using  to dump sensitive goodies out of SCCM Using a specific fork of  to find machines I could force password resets on (warning: don’t do this in prod…read !) Don’t forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at !

7 Minute Security

Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The  will help bring this to life as well.