7 Minute Security

Happy new year friends! Today we talk about business/personal resolutions, including: New year’s resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering  as a communications platform A mental health booster that I came across mostly by accident

7 Minute Security

Today we’re doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with , and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy.  Links discussed today:

7 Minute Security

Today we’ve got some super cool stuff to cover today!  First up,  is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from  An updated tutorial on using  for phishing campaigns The cocoa-flavored cherry on top is a tale of pentest pwnage that includes: Abusing SCCM Finding gold in SQL configuration/security audits

7 Minute Security

Hey friends, today we’re talking about tips to effectively present your technical assessment to a variety of audiences – from lovely IT and security nerds to C-levels, the board and beyond!

7 Minute Security

Today’s episode talks about some things that helped me get through a stressful and hospital-visit-filled Thanksgiving week, including: Journaling Meditation (An activity I’m ashamed of but has actually done wonders for my mental health)

7 Minute Security

Hey friends, we’ve got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider  for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate!  There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!

7 Minute Security

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of  that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest!  I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this . Also, can’t get  monitor mode to capture TGTs to the registry?  Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60...

7 Minute Security

Today we take a look at a zero-trust / ditch-your-VPN solution called  (not a sponsor but we’d like them to be)!  It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit .  In other news, we’ve moved from Teachable to Coursestack, so if you’ve bought training/ebooks with us before, you should’ve received some emails from us last Friday and can access our new training portal .  (If you THINK you should’ve received enrollment emails from CourseStack and didn’t, drop us a...

7 Minute Security

Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.

7 Minute Security

Today we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).