7 Minute Security

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!

7 Minute Security

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

7 Minute Security

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

7 Minute Security

Hey friends! Today Joe “The Machine” Skeen and I tackled  again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

7 Minute Security

Today’s tale of pentest pwnage is another great one!  We talk about: The SPNless RBCD attack (covered in more detail in ) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing  (obfuscate it first!) A personal update on my frustration with ringing in my ears

7 Minute Security

Today we’re excited to release  – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs.  Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14!  More details . We did our second  this week and showed you some local privesc techniques when you have local admin on an endpoint

7 Minute Security

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using  and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

7 Minute Security

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting .  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

7 Minute Security

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about . By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at .

7 Minute Security

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week