loader from loading.io

7MS #621: Eating the Security Dog Food - Part 6

7 Minute Security

Release Date: 04/26/2024

7MS #626: Web Pentesting Pastiche show art 7MS #626: Web Pentesting Pastiche

7 Minute Security

Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about:  – a lightweight alternative to Burp  – Web fuzzer.  Using a proxy:wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc 200 “https://somedomain.com/shopping?&qty=%2FUZZ” -p 10.0.7.11:8080  – for XSS testing – pairs nicely with this wrapper:  In the tangent dept, I moan about how I hate some things about Proxmox but am also starting to love it. In the tangent #2 department, I talk about tinnitus and acupuncture!

info_outline 7MS #625: A Peek into the 7MS Mail Bag - Part 4 show art 7MS #625: A Peek into the 7MS Mail Bag - Part 4

7 Minute Security

Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag!  Today’s questions include: How do you price internal network penetration tests? Have you ever had to deal with a difficult client situation, and how did you resolve it? Are you done going after certs?  Spoiler: no – I’m interested in doing the  (not sure if it includes a cert) Do you provide managed services or just stick with more “one and done” assessment work? You said the...

info_outline 7MS #624: Tales of Pentest Pwnage – Part 57 show art 7MS #624: Tales of Pentest Pwnage – Part 57

7 Minute Security

Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode  that actually ended up being a full episode all about the attack, and even step by step commands to pull it off.  But I didn’t want today’s episode to just be “Hey friends, check out the YouTube version of this attack!” so I also cover: Our first first impressions of  Why I have a real hard time believing you have to follow  to install Kali on Proxmox

info_outline 7MS #623: Prelude to a Tale of Pentest Pwnage show art 7MS #623: Prelude to a Tale of Pentest Pwnage

7 Minute Security

Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation).  The show notes don't format well here in the podcast notes, so head to to see the notes in all their glory.

info_outline 7MS #622: Migrating from vCenter to Proxmox - Part 1 show art 7MS #622: Migrating from vCenter to Proxmox - Part 1

7 Minute Security

Sadly, the  has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available.  To add insult to injury, our  got a huge price gouge (due to license cost increase; not OVH’s fault).  Now we’re exploring  as an alternative hypervisor, so we’re using today’s episode to kick off a series about the joys and pains of this migration process.

info_outline 7MS #621: Eating the Security Dog Food - Part 6 show art 7MS #621: Eating the Security Dog Food - Part 6

7 Minute Security

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus!  Specifically we talk about: We’re going to get a third-party assessment on 7MinSec (the business) Tips for secure email backup/storage Limiting the retention of sensitive data you store in cloud places

info_outline 7MS #620: Securing Your Mental Health - Part 5 show art 7MS #620: Securing Your Mental Health - Part 5

7 Minute Security

Today we’re talking about tips to deal with stress and anxiety: It sounds basic, but take breaks – and take them in a different place (don’t just stay in the office and do more screen/doom-scrolling) I’ve never gotten to a place in my workload where I go “Ahhh, all caught up!” so I should stop striving to hit that invisible goal. Chiropractic and back massages have done wonders for the tightness in my neck and shoulders For me, video games where you punch and kick things relieves stress as well (including a specific game that’s definitely not for kids!)

info_outline 7MS #619: Tales of Pentest Pwnage – Part 56 show art 7MS #619: Tales of Pentest Pwnage – Part 56

7 Minute Security

We did something crazy today and recorded an episode that was 7 minutes long!  Today we talk about some things that have helped us out in recent pentests: When using  to create “trap” files that coerce authentication, I’ve found way better results using Windows Search Connectors (.searchConnector-ms) files This  of “can I relay this to that” has been super helpful, especially early in engagements

info_outline 7MS #618: Writing Savage Pentest Reports with Sysreptor show art 7MS #618: Writing Savage Pentest Reports with Sysreptor

7 Minute Security

Today’s episode is all about writing reports in .  It’s awesome!  Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the  Warning: Sysreptor only exports to PDF (no Word version option!) Sysreptor has helped us write reports faster without sacrificing quality

info_outline 7MS #617: Tales of Pentest Pwnage – Part 55 show art 7MS #617: Tales of Pentest Pwnage – Part 55

7 Minute Security

Hey friends, today we’ve got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)! Making sure you go after  Attacking SCCM –  is an absolute gem to read, and  with Gabriel Prud’homme is an absolute gem to see.  Also, check out  for all your SCCM pwnage needs.

info_outline
 
More Episodes

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus!  Specifically we talk about:

  • We’re going to get a third-party assessment on 7MinSec (the business)
  • Tips for secure email backup/storage
  • Limiting the retention of sensitive data you store in cloud places