loader from loading.io

7MS #649: First Impressions of Twingate

7 Minute Security

Release Date: 11/08/2024

7MS #678: How to Succeed in Business Without Really Crying – Part 22 show art 7MS #678: How to Succeed in Business Without Really Crying – Part 22

7 Minute Security

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!

info_outline 7MS #677: That One Time I Was a Victim of a Supply Chain Attack show art 7MS #677: That One Time I Was a Victim of a Supply Chain Attack

7 Minute Security

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

info_outline 7MS #676: Tales of Pentest Pwnage – Part 72 show art 7MS #676: Tales of Pentest Pwnage – Part 72

7 Minute Security

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

info_outline 7MS #675: Pentesting GOAD – Part 2 show art 7MS #675: Pentesting GOAD – Part 2

7 Minute Security

Hey friends! Today Joe “The Machine” Skeen and I tackled  again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

info_outline 7MS #674: Tales of Pentest Pwnage – Part 71 show art 7MS #674: Tales of Pentest Pwnage – Part 71

7 Minute Security

Today’s tale of pentest pwnage is another great one!  We talk about: The SPNless RBCD attack (covered in more detail in ) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing  (obfuscate it first!) A personal update on my frustration with ringing in my ears

info_outline 7MS #673: ProxmoxRox show art 7MS #673: ProxmoxRox

7 Minute Security

Today we’re excited to release  – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs.  Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14!  More details . We did our second  this week and showed you some local privesc techniques when you have local admin on an endpoint

info_outline 7MS #672: Tales of Pentest Pwnage – Part 70 show art 7MS #672: Tales of Pentest Pwnage – Part 70

7 Minute Security

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using  and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

info_outline 7MS #671: Pentesting GOAD show art 7MS #671: Pentesting GOAD

7 Minute Security

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting .  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

info_outline 7MS #670: Adventures in Self-Hosting Security Services show art 7MS #670: Adventures in Self-Hosting Security Services

7 Minute Security

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about . By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at .

info_outline 7MS #669: What I’m Working on This Week – Part 3 show art 7MS #669: What I’m Working on This Week – Part 3

7 Minute Security

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

info_outline
 
More Episodes

Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we’d like them to be)!  It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit here.  In other news, we’ve moved from Teachable to Coursestack, so if you’ve bought training/ebooks with us before, you should’ve received some emails from us last Friday and can access our new training portal here.  (If you THINK you should’ve received enrollment emails from CourseStack and didn’t, drop us a line here.)

In the tangent portion of our program, I give a health update on my mom and dad, and talk about some resources I’m exploring to reduce stress and anxiety after what has been a tough week for many of us.