7 Minute Security
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
info_outline
7MS #729: Pwning Dracarys
07/04/2026
7MS #729: Pwning Dracarys
Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we’re diving into baby’s first ! (Yes, I’m probably pronouncing that wrong. Yes, I’m going to keep saying it anyway.) Quick housekeeping: A few days ago I published a mini-series episode from our series, where I shared the news that my dad passed away last Friday. So many of you reached out with condolences — thank you from the bottom of my heart. I’ll share a little life update at the end of this episode. But first — Dracarys! I didn’t know it existed until recently. If you knew about it and didn’t tell me, I’m mad at you. But we made up. We’re friends forever. Here’s what we cover: What is Dracarys? It’s a smaller, CTF-style Active Directory pentesting lab from the same crew that brought us Game of Active Directory (GOAD), GOAD-SCCM, GOAD-Light, and Ninja Hacker Academy. Where GOAD holds your hand through the vulnerabilities, Dracarys and Ninja Hacker Academy take more of a “here’s your starting point, now figure it out” approach — which I love. The lab setup: One Linux VM, a Windows domain controller, and a Windows application server. Your only hint? Start with the Linux box. That’s it. Good luck! TuesdayTOOLSday preview: Over on , I did a TuesdayTOOLSday episode walking through initial setup — getting your hosts file configured, running a NetExec sweep to map out the attack surface, and doing some light enumeration on that Linux box. No big spoilers, just enough to get your Kali box ready to rock. What I’ve learned since: After the TuesdayTOOLSday recording, I kept digging. My methodology has been: nmap to identify open ports and service versions, then research whether any of those versions have known exploits. Once I spotted an interesting web service, AI pointed me toward FeroxBuster for directory and file enumeration — a tool I hadn’t used before but am now a huge fan of. It’s fast, configurable, and once I got my scan tuned properly… I found a jewel. That jewel feels like the next step deeper into this lab. More on that in future TuesdayTOOLSday episodes! Shameless plug: All of this walkthrough content lives at . Subscriptions are free, and subscribing just means you get an email when I publish new content. No spam, no sales pitches — just hacking stuff. (And if you want to financially support the show, there’s a paid tier too. Just sayin’.) Life update: We’ve moved into funeral planning mode. My dad, thankfully, had already mapped out his whole service — the pastor, the verses, everything — which has made things a little easier. We’re picking photos for a tribute slideshow and I’ve been asked to share some words and sing a song. The song I chose is “Jesus, Savior, Pilot Me” — which my dad once described as “that song about Jesus flying airplanes.” (He wasn’t wrong. Sort of.) I’ve been practicing it all week and can barely make it through verse two. Prayers, good vibes, and a large supply of Kleenex would be appreciated. Again, you can find the Dracarys lab . And if you’re not already on , come hang out — that’s where the deeper dives live.
/episode/index/show/7minsec/id/41958325
info_outline
7MS #728: Securing Your Family During and After a Disaster – Part 8
06/30/2026
7MS #728: Securing Your Family During and After a Disaster – Part 8
Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our “Securing Your Family During and After a Disaster” series. I talk pretty raw and transparently today about loss, grief, and the practical stuff that makes a hard situation just a little less hard. Fair warning: it’s about death and dying, so if that’s not where your head is today, it’s totally okay to duck out – we’ll catch you next week. Here’s what I cover: My dad’s last day — He spent Thursday doing all his favorite things: chainsaws, ATVs, trap-shooting, mowing, and weed-whipping. Then Chinese food with the family and marveling at modern video games for the first time since the Atari 5200. It was, by all accounts, a perfect day for him. How we found out — My son Cameron, who’s finishing up paramedic school, was visiting and sprung into EMT mode when my dad was found unresponsive Friday morning. He did CPR for 10 straight minutes — on his grandpa, who was his favorite person in the world. That’s the stuff that’s going to stay with Cam (and me) for a long time. Getting some closure — Cameron had the presence of mind to ask the paramedics to leave my dad in place so I could have a few minutes with him when we arrived. That was both devastating and, in its own way, healing. Why pre-planning your funeral is a gift to your family — My parents had nearly everything already picked out: the pastor, Bible verses, music, the military honors ceremony, photos for the display board, and even a time limit on service length (45 minutes and no more!). My dad had pre-written his own obituary. When we sat down with the funeral home, the heavy lifting was already done — and that was a genuine gift to all of us in an incredibly hard moment. Storyworth — seriously, do this — Years ago we signed my dad up for , a service that sends your loved one a weekly question via email (things like “What’s your earliest childhood memory?” or “Do you have any regrets?”) and compiles their answers into a hardcover book. It runs about $100. Reading that book the last few nights has been incredibly comforting — including finding out my dad started smoking at age 8 using used cigarette butts rolled in toilet paper. Gross! Get your end-of-life wishes in writing — My wife’s mom had verbally told us she wanted to be cremated, but it wasn’t documented, and other family members made a different call. My dad put “cremation” right in his paperwork, no ambiguity. My recommendation: have this conversation with your loved ones, write their wishes down and make them official. Funeral home “upsell” moment — I had no idea there were apparently 627 ways to incorporate your loved one’s remains into keepsakes — pendants, rings, necklaces with fingerprints, biodegradable urns for water scattering, etc. Some family members were very into this. I was not quite ready to turn my dad into an Atari cartridge, but your mileage may vary. On grief itself — Everybody handles it differently, at different speeds and intensities. My approach is to head straight into it rather than put on a happy face and deal with unprocessed grief years later. I encourage everyone — especially the kids — to not hold back. Ask the questions. Tell the stories. Cry if you need to. Give each other grace. Coming up next week — Back to pentesting content! I’ll share details on a new lab from the folks who brought us Game of Active Directory, and I’m getting back on the CARTP (Certified Azure Red Team Professional) horse. I’m also tentatively eyeing the third Thursday of July for an unedited livestream of owning Ninja Hacker Academy from start to finish — Kali setup, tools, Mythic C2, BallisKit obfuscation, the whole thing. More details to come. If you’re the thoughts, prayers, and/or good vibes type, I’d really appreciate you sending some my family’s way over the next few weeks.
/episode/index/show/7minsec/id/41895850
info_outline
7MS #727: Securing Your Mental Health – Part 7
06/19/2026
7MS #727: Securing Your Mental Health – Part 7
Hello friends! It’s been over a year since we did a dedicated mental health episode, so today I’m doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of this is professional medical advice (I am most definitely not a doctor or therapist — well, actually, I am in therapy, but that’s tip #5), so take what’s useful and leave what isn’t. Terms and conditions apply. Here’s my current mental health toolkit: Drink a ton of water — I try to chug a full Yeti thermos before my morning mint hot cocoa, then keep it going throughout the day. I taper off around dinnertime to minimize, uh, nighttime tinkle stops. Science agrees this does good things for your brain. Brick your phone — I’ve been using a little Bluetooth device called that hooks into your phone’s screen time features so you can block distracting apps on demand or on a schedule. I’ve got a “Brian Needs Sleepy” timer set for 9 p.m. every night — pretty much everything except the clock app goes dark. Outlook, Gmail, all the socials — gone. It’s not revolutionary advice, but it turns out doing what people have been telling you to do for years actually works. Get enough sleep — Directly related to the Brick. Phone goes dark at 9 p.m., I yap with Mrs. 7 or we watch a show, and by 10:30 p.m. my peepers are drooping. I feel more refreshed and less anxiety-ridden during the day. Supplements — I’m not here to hawk some magic elixir with 47 mystery ingredients. What I’m currently trying is — a powder you mix into water. It’s got magnesium glycinate, L-theanine, vitamin D3, and ashwagandha. I thought it was placebo at first, but kept it up for a week and noticed a legit mood/pep boost. Your mileage may vary, but it’s doing something for me. Therapy — I’ve been in therapy since 2019 when my house burned down (link to those episodes if you want to get thoroughly bummed out). If I could go back, I’d have started way earlier. The biggest benefit for me isn’t some parade of uplifting affirmations — it’s having a neutral third party with no stake in my life help me see situations from different angles and cut myself some slack. Take care of the TMJ — A few years back I started getting tinnitus bad. ENTs were basically like “yep, try not to think about it” — super helpful, guys. Eventually a jaw specialist found an irregularity on the left side of my jaw and fitted me with a heavy-duty custom mouth guard. That alone made a monumental difference in the ear ringing. But I also picked up a on a chiropractor’s recommendation — it’s a 3D-printed vibrating/heated massager specifically designed for jaw muscles. Looks exactly like a vape (fun times at the airport), but it’s been worth every penny of its ~$200 price tag. Between the mouth guard and the TMJ Pen, I wake up feeling way less like I survived a Saving Private Ryan scene. Forced fun — After a full work day plus all the dad/house stuff, my go-to is to be a blob on the couch. Nothing wrong with that sometimes. But I’ve found that the things that actually recharge me — like singing and playing guitar — require a little push to get started. So tip #7 is basically a note to future tired Brian: go downstairs, plug in the guitar, and start playing. You’ll be glad you did. Got mental health tips that work for you? I’d genuinely love to hear them — this is the kind of conversation I want to be two-way. Find me and all things 7MS at , our Substack at , and our constantly growing pentesting wiki at .
/episode/index/show/7minsec/id/41613835
info_outline
7MS #726: Baby’s First Hermes
06/12/2026
7MS #726: Baby’s First Hermes
Hello friends! I’ve been on a bit of an AI agent journey lately, and today I’m sharing my experience ditching OpenClaw and going all-in on — a self-hosted AI agent built by . A sold me on it, I wiped my Mac Mini (again), and baby’s first Hermes adventure began! Here’s what we get into today: Why I left OpenClaw — After getting the Mac Mini set up, OpenClaw left me feeling pretty meh: burning through API requests, random mid-conversation shutdowns, and a marketplace where the top listings were flagged as “potentially malicious.” Hard pass. Network Chuck’s five reasons Hermes rocks — His video summarized why Hermes stands out: (1) Nous Research has serious open source model cred predating OpenClaw, (2) more flexible persistent memory via markdown files + optional Honcho integration for building a profile of you over time, (3) a mission around humanistic and democratic AI, (4) a self-improvement loop where it writes its own skills after figuring things out, and (5) it just doesn’t break — it feels like a product, not a project. The install — I used Claude to build a Mac Mini install guide from the Network Chuck transcript, and had Hermes up and running in about 15 minutes (one small Ollama hiccup aside). The install wizard lets you choose cloud models like Claude or ChatGPT, or go fully local with something like Gemma — I’m planning a hybrid setup with two Telegram bots. First real-world use: sitting in a truck running errands — With Hermes running on the Mac Mini and connected via Telegram, I asked it what it could do. It suggested Uptime Kuma for LAN monitoring — weirdly well-timed since I’d just been thinking about flaky IoT devices. I said “go install it,” and it did — narrating its own troubleshooting out loud the whole time like a little robot intern. Remote access and Home Assistant — Had it install Home Assistant for smarthome control too, with plans to wire up TwinGate for remote access (it had a TailScale skill ready to fire in about two seconds, but I’m trying to keep VPN services consolidated). Daily digest via email — Hooked Hermes into a dedicated Gmail account and set up a 6 a.m. cron job that sends me a personalized morning digest: weather for my watched locations, recent breach/CVE news from select sites, and a summary of my favorite pentesting-focused Mastodon accounts. Needs tuning, but the first digest landed this morning and it’s really good! The privacy angle — The real long-term win I see here is a hybrid model: feed raw, unsanitized pentest data to a local private model, let it analyze and sanitize, then hand off the clean version to a cloud model for deeper insight. Best of both worlds without the data exposure anxiety. Check out the that started it all, and as always, if you’re doing cool AI + security stuff, I’d love to hear about it. Find our pentesting services and training at , pentesting tips and scripts at , and if you want to support the show, head over to .
/episode/index/show/7minsec/id/41613605
info_outline
7MS #725: Building a Bulletproof Backup Solution
06/05/2026
7MS #725: Building a Bulletproof Backup Solution
Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I’m sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — and honestly pretty bulletproof — backup setup for both home and work. Claude played a big role in helping me sort it all out. Here’s what we get into: The backup history tour — I’ve been through CrashPlan, Dropbox, Backblaze (which saved my bacon after my in 2019!), and a mystery one that may or may not have had “Panda” in the name. These days I’m settled on for personal backups — dead simple, backs up to just about everything (Dropbox, OneDrive, Google Drive, even their own ARQ Cloud for ~$80/year), and all data is encrypted at rest. Not a sponsor, but they should be. The 3-2-1 rule — I actually asked Siri mid-episode, and she initially thought it was a grounding/anxiety technique. (Valid, I guess?) The real answer: three copies, two different media, one offline. I’ve got a local copy plus OneDrive, Google Drive, and Dropbox — so I think I’m covered. The work side: Proxmox + PBS — My “data center” is a beefy Hetzner Proxmox box with about a dozen VMs. I had Proxmox Backup Server (PBS) set up on a secondary Hetzner box, happily cranking away… until it ran out of disk space and started yelling at me every night. Claude to the rescue — I spun up a Claude project, fed it terminal output and retention configs, and it gave me a straight-up honest assessment: either gut your retention policy (risky) or get more disk. It then walked me through Hetzner’s auctions page — which I didn’t even know existed — to find a storage-heavy, low-horsepower box. Ended up with two mirrored 8TB drives plus a 14TB drive for around $40/month. Not cheap, but totally worth it as a business expense. The new setup — PBS is now on its own dedicated Hetzner box. VMs from both my data center and my home NUC Proxmox box back up there nightly. Claude also suggested using that 14TB drive as an SFTP target for ARQ, giving me yet another redundant copy of all my personal data. It’ll take a few weeks to fully sync, but I’m running some flavor of the 4-3-2-1 rule now (I made that up). Proxmox forever — Someone wrote in asking if I’d go back to ESXi now that Broadcom brought back the free version. Hard no. I’ve fallen in love with Proxmox and I’m not going back. 7MinSec wiki scripts repo — Head over to and click the Scripts button to find a new GitHub repo where I’m publishing pentesting scripts. First one up: a push-button Exegol installer. More to come — and I’ll probably tease new scripts first over at on TuesdayTOOLSday! Have a backup horror story — or a setup you’re proud of? Hit us up! And if you need assessments, pentesting, training, or other security goodness, find us at .
/episode/index/show/7minsec/id/41548905
info_outline
7MS #724: Tales of Pentest Pwnage - Part 85
05/29/2026
7MS #724: Tales of Pentest Pwnage - Part 85
Hey friends! Today we’re going deep on external network pentesting — something I realize we’ve barely touched in however many episodes we’ve done. I’m currently in a long stretch of back-to-back external assessments, so it felt like a good time to talk about it. Here’s what we get into: Scoping headaches — why the old “count your public IPs and multiply by a big hourly rate” approach drives me crazy, and how we actually scope external tests to be fair to everyone Web apps in scope or not? — this needs its own conversation before the test starts, and skipping it causes pain later Testing under real conditions — the debate around whether to request an allowlist vs. scanning as-is, and why I lean toward creating the best testing environment possible Multi-tool enumeration — why we run Nessus, Project Discovery, and Shodan together, and what each catches that the others miss Reporting the surface — why just walking a customer through what’s exposed to the internet (ports, services, screenshots) has more value than I used to give it credit for SNMP and NTP findings — two protocols that keep showing up open when they really (probably) shouldn’t be OSINT phase — how we’ve grown externals to include open-source intelligence work on the customer’s domains, not just IP-level scanning WordPress hygiene — it keeps coming up on these assessments, and I’ve got some practical recommendations Dorking and metadata searches — using AI to quickly sift through publicly exposed documents for things attackers could use to pretext a social engineering attack Subdomain hijacking — a sneaky attack path I’ve seen in the wild that flies right in the face of all the “check if the URL is spelled right” advice we give users Even when the technical findings are pretty quiet, there’s a lot you can do to punch up an external pentest report with stuff that’s genuinely valuable to customers!
/episode/index/show/7minsec/id/41465875
info_outline
7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1
05/23/2026
7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1
Hello friends! Today’s a hybrid episode — some security content up top about a new certification I’ve kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren’t your thing! The security part: starting CARTP I’ve started the Certified Azure Red Team Professional course from Altered Security (). It’s the Azure follow-up to , which I took a few years back. Quick notes: Why now: Active Directory and internal pentests will always be my first love, but more and more of our customers are shifting to hybrid or full-Azure environments. Time to get some formal training in that lane. Self-paced vs. live: They offer both. I’m past the point of giving up Saturdays to security training, so I went with the ~$500 self-paced 30-day option. You get a portal, a lab manual, and a remote Windows VM with low-priv creds into a target Azure tenancy to attack and enumerate. The catch: The lab manual is thorough on “do this, see this output” steps, but light on “and here’s the wow moment hiding in line 47 of the output.” With the live class, an instructor would highlight that stuff in real time. In the self-paced version, you’re on your own to find the meaning in 200 lines of output. The fix: Started a Claude project that’s effectively co-teaching the class with me. I paste command output and ask “what’s the important bit here?” — Claude pulls out the line that matters and explains why (e.g., “this user has write access to a key vault, which means…”). Way more efficient than ALT-TABbing alone. Tools I’ve touched so far: , , and (kind of a PingCastle-for-Azure that spits out a health-check report). Where I’m at: Module 4 of 40-something. Course culminates in a 24-hour exam, which I swore I’d never do again after CRTP — but James Bond and Justin Bieber both say “Never say never.” Tangent Town: The Shake Shack incident. It’s gross and not funny. But kind of funny. Saw (and sort of met) Calum Scott at the Fillmore in Minneapolis. Standing-room-only venue, but my wife found a clutch spot wedged between a security barrier and a support beam, perfect for our family. During an acoustic set, Calum and his band came right past us. My wife (unable to help herself) gave his shoulder a squeezy squeeze. I held out for the fist bump on his return trip to the stage — and we’re basically best friends now. I highly recommend his show: very positive guy, family-friendly, genuine. Seven super-fast non-spoilery movie reviews from plane rides and hotel nights: Coherence — for smart people. I am not those people. Probably great if you can follow it. Deadstream (Netflix) — YouTuber live-streams a night in a haunted house. Surprisingly entertaining, a couple of real jump-scares. Get Away — a family vacations on a forbidden island. Goes somewhere unexpected in the third act. Hell House LLC — found-footage haunted house. A couple of genuine flinches; story was just OK. Hokum — Adam Scott as a writer at a hotel with a personal history. Creepy-crawly, goes to some dark places. Loved it. Predator: Badlands — went in expecting mind-numbing action, but I loved it! I’d give it an 8 or 9 out of 10. It had action, LOLs, and even some tender Predator moments. Going to watch it again soon. Obsession — young man buys a wish-granting trinket so a young lady will like him. It works. Then it really works. The movie slowly goes into full-on bonkers sauce mode! Satisfying but uncomfortable to watch at parts. That’s it! for services, for the Substack, for pentest tips and scripts.
/episode/index/show/7minsec/id/41402250
info_outline
7MS #722: I Turned My Phone Into a Brick
05/15/2026
7MS #722: I Turned My Phone Into a Brick
Hey friends! Quasi-vacation week over here, so today’s episode is lighter and more personal: just a story about how I turned my phone into a “” (kind of) and what that’s done for my mental health over the past week. The product is called Brick (). Not sponsored, no discount code — just something I’ve genuinely been enjoying. It’s a $50 NFC dongle + app that lets you “brick” your time-waster apps until you physically tap the brick again. Here’s what stood out: The physical separation is the magic. Other digital-wellbeing apps just need a code to unlock — Brick makes you walk to wherever the dongle lives (mine’s on the fridge) and tap your phone to it. That extra step is enough to break the habit mid-flight. I caught myself doing three or four Pavlovian pocket checks an hour, on autopilot, with zero notifications waiting. “Junk food for the eyes” realization. First day I bricked socials until end of day → felt great. Then I unbricked, sat down, and spent 25 minutes catching up on everything I “missed” → felt noticeably worse afterward. Scheduling is a sleeper hit. You can set the phone to auto-brick on a schedule — no physical tap needed. Mine kicks in from 9pm to 8am. Result: calm wake-up with my wife and son, no email triage in the school drop-off line, and my “work brain” doesn’t fire until 8am. One-to-many is a real win. A single Brick works across household members, each with their own app profile. My oldest son Cam (deep in paramedic-school crunch) tried it for a study session and reported the same thing — reaching for his phone between turning book pages, for no reason at all. He even left for evening class with his phone still bricked and decided not to burn an emergency unbrick. Emergency unbricks are scarce by design. You get five total and that’s it! The stats are anti-shaming. Instead of the dreaded Sunday-morning “your screen time is up 10%” notification, you get to see number of hours you spent in brick mode. Love that! Want to see screenshots and hear more about Brick? Hop over to — this week’s Tuesday TOOLSday was all about Brick. Got a digital-wellbeing tool you swear by? Let us know!
/episode/index/show/7minsec/id/41285220
info_outline
7MS #721: Fun Professional and Personal AI Project Ideas – Part 2
05/08/2026
7MS #721: Fun Professional and Personal AI Project Ideas – Part 2
Hello friends! Picking up the AI-automation series from a couple weeks back — here’s another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had to upgrade to Claude Max. No, I’m not trying to automate myself out of a job — just freeing up bandwidth for the more interesting parts of work/life. QuickBooks invoice automation: Got tired of the eight-factor login plus click-fest just to send a few invoices. Now I run a PowerShell menu — type the client name, pick the project, enter the amount, hit Enter — done in ~30 seconds. The QuickBooks dev onboarding (security questionnaire, IP allowlist) was actually a bigger time sink than the script itself. API integration: A menu-driven PowerShell script that prompts for a label, pops an Explorer window to grab the files, optionally adds a password, then auto-drafts the client email with the secure link filled in. A few minutes saved each time, a couple times a day — adds up to some nice time saved! Basecamp + Claude: Linked Basecamp into a Claude project so I can ask plain-English questions like “what personal project tasks are due this month?” or just voice-note a new task while I’m in the car. Honestly the biggest win is anxiety reduction — once it’s in Claude, it’s out of my always-simmering pressure cooker of a brain. Blumira agent auto-installer for the GOAD lab: I revert the GOAD lab to vanilla a couple times a week, which means re-installing Blumira agents constantly to show clients the attack/defense telemetry side. Wrote a Kali-side script that uses NetExec over WinRM to check each box for the Blumira service and push the installer if it’s missing. (Tried SMB exec first, but escaping got wonky on the PowerShell one-liner.) Bonus: Blumira’s dashboard auto-removes agents that haven’t phoned home in 24 hours, which is a perfect fit for a lab that’s constantly getting nuked. Auphonic + API for podcast production: This one’s a little meta. Old workflow: record → drag into Hindenburg/GarageBand → manually line up intro and outro → noise reduction → export. New workflow: one terminal script that previews the first and last few seconds so I can trim silence, ships the audio to via API, and returns a cleaned-up, levels-corrected MP3 plus a full transcript and auto-generated chapter markers. (If your podcast app supports chapters (like Downcast) pop open this episode or and you’ll see them.) Next step: pipe the transcript straight into Claude for a show notes first draft. One quick personal note before I run: my oldest son just landed an EMT job with a great Minnesota medical network, and is wrapping up paramedic school in a few months. I cried some happy dad tears today.
/episode/index/show/7minsec/id/41221865
info_outline
7MS #720: Tales of Pentest Pwnage – Part 84
05/01/2026
7MS #720: Tales of Pentest Pwnage – Part 84
Hey friends! Today’s another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I’ve got a music thing at (like the duck noise, not the drug) and a podcast with my dancer son Atticus at . Speaking of Atticus — he just landed a spot in Master Ballet Academy’s summer program in Phoenix, and I am a very proud dance dad over here. OK, on to the pentest: A weird runas quirk: If your AD test account password ends in a percent sign, runas seems to misbehave (Claude thinks Windows is interpreting the % as a variable delimiter). Workaround: runascs.exe, which wraps your tool launch with creds inline. Worked like a champ — notes over on the . Standard first pass: PingCastle for the AD overview, then Snaffler for share crawling, with as a nicer web UI for searching the Snaffler JSON. The “Snaffler missed something” moment: Snaffler is great but it primarily uses pattern matching, so manual review of interesting directories still matters. I found a PowerShell script with a funky obfuscation routine, fed it to Claude for context, tracked down the function definition, and ended up decrypting a local admin password. Going loud: SMB-sprayed that cred across the subnets → handful of machines popped → ran a deeper, targeted Snaffler against just those boxes → enumerated sessions and spotted a domain admin interactively logged in. Plan A fizzled: Wanted to pull off a favorite trick — sneak in via WinRM and queue a scheduled task as the logged-in DA (no password needed). WinRM was disabled. Oh fart. Plan B — the “trap” file: Dropped a malicious .library-ms file directly into the DA’s desktop folder. No clicks required — just the desktop being open is enough to trigger an HTTP coercion to my evil box. (Caveat: I think you need a DNS record or computer object that the victim box trusts as “intranet zone.”) The escalation: Had ntlmrelayx standing by, ready to relay to LDAP on a DC. The coerced auth fired the moment the “trap” file landed on disk. An interactive LDAP shell fired in the DA’s context, and I used it to add my low-priv account to the Domain Admins group. Defense angles: Rather than chase each technique individually (LDAP signing, web client GPOs, library-ms neutralization, etc.), I like to back up to the systemic fixes that break the chain earlier. Big ones here: deploy LAPS so a single decrypted local admin password isn’t a master key everywhere, and a thorough sweep for sensitive data and custom obfuscation routines hanging out on shares. Got thoughts on any of this? Shoot ’em over — I always love hearing how you’d have tackled things differently.
/episode/index/show/7minsec/id/41117365
info_outline
7MS #719: Baby’s First OpenClaw
04/24/2026
7MS #719: Baby’s First OpenClaw
Hey friends! This week’s episode is “Baby’s First ” – basically me shouting into the void hoping a smart listener will DM me and explain why this thing is supposed to be life-changing. Because right now? I’m a little underwhelmed. Here’s the journey so far: The Mac mini quest: After seeing OpenClaw all over my feeds (people curing diseases! solving crimes!), I caved and impulse-bought a Mac mini. They were sold out everywhere, so I ended up paying twice what I wanted. Ick. Surprise MDM: First boot on the shiny new Mac, I found it auto-pre-enrolled in some other company’s MDM with full remote control. Massive props to the Amazon seller for getting the serial untagged in Apple’s database within an hour, so I could wipe and reinstall fresh. Pro tips for using Claude on projects like this: (1) give it a few paragraphs of context up front about who you are and what you want, and (2) have it maintain a README.md as you go so you don’t lose context when you come back to the project later. Security-forward OpenClaw setup: Separate admin and daily-driver accounts, enable FileVault, isolate the box, run OpenClaw as a limited user, lock down Telegram so only my user ID can talk to the bot (apparently strangers have found other folks’ bots and started issuing shell commands – yikes). The underwhelm: So far OpenClaw can check my email (or I can open my email app)… add a calendar event (or I can open Outlook)… write a script (or I can fire up Claude Code). And a lot of the juicier integrations are flagged as suspicious. So overall, I’m kind of gun-shy around this very expensive chat bot. This is a call for help, friends! If you’re an OpenClaw power user and it’s made your life meaningfully better, please reach out and help me see the light.
/episode/index/show/7minsec/id/40991440
info_outline
7MS #718: Fun Professional and Personal AI Project Ideas
04/17/2026
7MS #718: Fun Professional and Personal AI Project Ideas
Hey friends! After last week’s heavy episode about my wife’s health scare in Punta Cana, today’s is a lighter one. (Quick update: she’s doing better – still recovering, but appetite’s back and she’s got some pep again. Thanks so much to everyone who sent kind messages.) Today I’m gushing about how AI has been making my IT and security life way more efficient: Firewall migration: Had AI walk me through a WatchGuard T15W → T25W migration (no clean config export path). AI captured everything – screenshots, branch office VPN, VLANs, firewall rules, DHCP reservations – all organized and replayed step-by-step. The whole project took ~1 hr 15 min (plus 30 min hunting down a subnet typo that was 100% my fault). GOAD lab automation: Worked with AI to build a script that handles the full lifecycle of my Light Pentest GOAD student lab – tear it down, rebuild from latest, assign Tommy Boy-themed passwords and sync user accounts to the Apache Guacamole and lab connections. Speaking of which – Light Pentest GOAD class will be re-offered soon once the calendar firms up! External pentest wrapper scripts: Finally automated the boring auxiliary testing stuff – nmap, Shodan API, Nessus queuing, subdomain hijacking checks, metadata searches, cred spraying against M365, sysleaks lookups – all correlated and deduplicated into one push-button menu. SysReptor automation: If you’re not using for reporting, check it out. Piping JSON findings straight into reports via API as I test has been a game-changer. A webinar on this might be in 7MinSec’s future. Got cool ways you’re using AI for IT/security work? We’d love to hear them!
/episode/index/show/7minsec/id/40914840
info_outline
7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)
04/10/2026
7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)
Hello friends! Today’s episode is a bit of a detour from our usual content — it’s part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip to Punta Cana, and in the chaos of navigating a foreign hospital at 2 a.m. with zero sleep and a pile of Spanish medical documents, I threw every privacy best practice I’ve ever preached straight into the ocean. Here’s what we cover: How a dream all-inclusive resort trip turned into an ambulance ride and a 3-day hospital stay faster than you can say “gastroenteritis” Why I uploaded my wife’s full medical history, labs, and medication records to AI — unredacted (with no regrets) How AI helped me translate docs, track lab trends, brief stateside nurses, and build a full medication schedule with phone reminders (helpful considering the hospital staff’s answer to everything was “sorry, no English”) The absolute legend named Luis who got us through Punta Cana airport security in 15 minutes flat Why if you’re ever the person back home receiving updates about a medical emergency overseas, Google is not your friend My honest security take: sometimes the right risk-based decision is to breach yourself
/episode/index/show/7minsec/id/40807405
info_outline
7MS #716: Tales of Pentest Pwnage – Part 83
04/03/2026
7MS #716: Tales of Pentest Pwnage – Part 83
Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I’d never seen before. Tips include: Use Netexec to pull Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share featured interesting use of the Responder -N option
/episode/index/show/7minsec/id/40710940
info_outline
7MS #715: Tales of Pentest Pwnage – Part 82
03/27/2026
7MS #715: Tales of Pentest Pwnage – Part 82
Hola friends! Today’s another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific reference in today’s podcast that may be helpful to you is .
/episode/index/show/7minsec/id/40561910
info_outline
7MS #714: Tales of Pentest Pwnage – Part 81
03/20/2026
7MS #714: Tales of Pentest Pwnage – Part 81
Hello friends! We’re back with a fun tale of internal network pentest pwnage. This one highlights how AI can be used (with some guardrails!) to automate the boring stuff – and even help you pick part DLLs to find gold nuggets! P.S. – I do recommend you check out our last three episodes that are all about securing your community, and please check out which will give you a full picture of what has been going on in Minnesota as it relates to the occupation of ICE agents.
/episode/index/show/7minsec/id/40559310
info_outline
7MS #713: How to Secure Your Community – Part 3
03/13/2026
7MS #713: How to Secure Your Community – Part 3
Hello friends, in today’s edition of How to Secure Your Community, I give a brief recap of and , and then dive into some cool phone shortcuts you can setup so that with a single tap, you can alert friends/family that you’re having an encounter with law enforcement and may need an assist. Here’s the things/links discussed: This great which features interviews and first-hand stories of ICE encounters here in Minnesota Fashlight.org , which features some cool shortcuts you can setup on iPhone to alert friends/family that you’re having a negative encounter with law enforcement (or anyone else) How I allegedly stole somebody’s quesadilla while I was at the movie theater seeing Scream 7 The one time my wife had an outburst in the middle of a church service
/episode/index/show/7minsec/id/40416190
info_outline
7MS #712: How to Secure Your Community - Part 2
03/06/2026
7MS #712: How to Secure Your Community - Part 2
Hello friends. Today’s episode piggybacks off of ‘s discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support . They give rides/food to people who are detained by ICE and then cut loose – often without their jackets or phones – into the cold of winter with no ride home. Today I pivot more into the technical weeds and offer some tips on:
/episode/index/show/7minsec/id/40343025
info_outline
7MS #711: How to Secure Your Community
02/27/2026
7MS #711: How to Secure Your Community
Hello friends, it’s good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by . Today I share how my family and community has been affected by it. And then in future episodes of this series, I’ll get more into some technical nuts and bolts on how to be a more secure community helper – such as tightening up security settings on apps you use, “hardening” your phone, increasing your personal security/privacy posture, and more.
/episode/index/show/7minsec/id/40254010
info_outline
7MS #710: I’m Taking a Break
01/17/2026
7MS #710: I’m Taking a Break
Hi friends, I’m going to be taking a break from producing podcast episodes, as well as content over at . It’s a temporary break, so please don’t unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want to in the future), nothing has changed there. It’s business as usual. Looking forward to reconnecting with you and providing more updates as soon as possible.
/episode/index/show/7minsec/id/39765025
info_outline
7MS #709: Second Impressions of Twingate
01/10/2026
7MS #709: Second Impressions of Twingate
Hey friends, in episode #649 I gave you my . It’s been a minute, so I thought I’d revisit Twingate (specifically this awesome ) and talk about how we’re using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don’t forget: Our pentest class is coming up at the end of the month – more info . We do a Tuesday TOOLSday video every Tuesday over at .
/episode/index/show/7minsec/id/39680450
info_outline
7MS #708: Tales of Pentest Fail – Part 6
01/02/2026
7MS #708: Tales of Pentest Fail – Part 6
After sharing a recent , I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I’d keep this momentum up and share another story of fail with you – this time about a Web app pentest that went south.
/episode/index/show/7minsec/id/39568950
info_outline
7MS #707: Our New Pentest Course Has Launched!
12/26/2025
7MS #707: Our New Pentest Course Has Launched!
Today we’re thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at . Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you’ll be doing should you choose to join me on this hacking adventure!
/episode/index/show/7minsec/id/39529335
info_outline
7MS #706: Tales of Pentest Pwnage – Part 80
12/19/2025
7MS #706: Tales of Pentest Pwnage – Part 80
I’m so excited to share today’s tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn’t work against Windows 11! Spoiler alert: check out , as well as the we did on the topic this week. Also, our January Light Pentest LITE:GOAD class is open for registration !
/episode/index/show/7minsec/id/39427305
info_outline
7MS #705: A Phishing Campaign Fail Tale
12/12/2025
7MS #705: A Phishing Campaign Fail Tale
This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today’s episode focuses on a phishing campaign that had plenty of “bites” but got immediately shut down – for reasons I still don’t understand.
/episode/index/show/7minsec/id/39382870
info_outline
7MS #704: DIY Pentest Dropbox Tips – Part 12
12/05/2025
7MS #704: DIY Pentest Dropbox Tips – Part 12
Hola friends! My week has very much been about trying to turnaround pentest dropboxes as quickly as possible. In that adventure, I came across two time-saving discoveries: Using a as a persistent remote access method Writing a Proxmox post-deployment script that installs Splashtop on the Windows VM, and resets the admin passwords on both VMs, all from the Proxmox SSH console without touching the console on either VM If you feel some of this is better seen than said, on this week’s broadcast we show this in more detail.
/episode/index/show/7minsec/id/39258020
info_outline
7MS #703: Tales of Pentest Pwnage – Part 79
11/28/2025
7MS #703: Tales of Pentest Pwnage – Part 79
Happy Thanksgiving week friends! Today we’re celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using to hijack a GPO and turn it into our pentesting puppet! Muahahahahaah!!!! Also: This week over at we looked at how to defend against some common SQL attacks We’re very close to offering our brand new LPLITE:GOAD 3-day pentest course (likely in mid-January). It will get announced on first, so please make sure you’re subscribed there (it’s free!) Did you miss our talk called Should You Hire AI Run Your Next Pentest? Check it out on !
/episode/index/show/7minsec/id/39185545
info_outline
7MS #702: Should You Hire AI to Run Your Next Pentest?
11/21/2025
7MS #702: Should You Hire AI to Run Your Next Pentest?
Hello friends, in today’s episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called “Should You Hire AI to Run Your Next Pentest?” It’s not a pro-AI celebration, nor is it an anti-AI bashing. Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.
/episode/index/show/7minsec/id/39124515
info_outline
7MS #701: What I’m Working on This Week – Part 5
11/14/2025
7MS #701: What I’m Working on This Week – Part 5
Hello friends! This week I’m talking about what I’m working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the . Playing with (I will show this live on next week’s ). The Light Pentest logo contest has a winner!
/episode/index/show/7minsec/id/39035750
info_outline
7MS #700: Pretender
11/07/2025
7MS #700: Pretender
Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn’t think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time! The topic of today’s episode is Pretender (which you can download and read a lot more about ). The tool authors explain the motivation behind the tool: “We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of and only the name resolution spoofing portion of .” On a recent pentest, I used Pretender’s “dry run” mode to find a hostname (that didn’t exist) that a ton of machines were querying for, and poisoned requests just for that host. This type of targeted poisoning snagged me some helpful hashes that I was able to crack/relay, all while minimizing the risk of broader network disruption!
/episode/index/show/7minsec/id/38950270