Hi everybody, today we're continuing a series we started way back in June called Securi...
ListenAfter about a year break (last edition of this serie...
Listen7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Further podcasts by Brian Johnson
Podcast on the topic Technologie
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to tal...
ListenHey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and ...
ListenToday we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of righ...
ListenToday our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Listen
Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objectio...
ListenAfter about a year break (last edition of this serie...
ListenToday we're joined by Matt Warner of Blumira (remember him from episodes #551 and Listen
Today we're talking about how you can use PatchMyPc to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest p...
ListenHey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Listen
Today we're talking about 7 steps you can take to (hopefully) reclaim a hacked Facebook account. The key steps are:
Today we talk about an awesome path to internal network pentest pwnage using downgraded authentication from a domain controller, a tool...
ListenIn today's tale of pentest pwnage we talk about:
The importance of local admin and how access to even one server might...
ListenToday my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtu...
ListenToday, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check Listen
Hey friends, today I'm super excited to share I found the missing link! Specifically, the missing piece that now allows me to create fully a...
ListenIn today's tale of pwnage, we'll talk about how domain trusts can be dangerous because they have...well...trust issues.
ListenToday we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu:
su...
Listen
Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from ...
ListenOooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us bypass authentication entirely and do/take what we want from vCenter! Key...
ListenToday me and my pal Paul from Project7 did a live hacking session and finally got the Callahan A...
ListenHey friends, today we're continuing our series on pwning the Tommy Boy VM on VulnHub VM! P.S. did you miss part one? Check it out on...
ListenToday I'm excited to share a featured interview with our new friend Mike Toole of Blumira. We talk about all things EDR, including:
How do...
ListenHoly schnikes - this episode is actually 7 minutes long! What a concept!
Anyway, today I give you a couple tips that have helped me pwn s...
ListenHey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/...
ListenHey friends! Today we're looking at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/att...
ListenToday we're talking about reducing anxiety by hacking your mental health with these tips:
Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against Listen
Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. T...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for mo...
ListenToday we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, wo...
ListenHey friends, today we're playing with the new (April 2023) version of Listen
Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the e...
ListenOk, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us ...
ListenHey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way...
ListenToday we offer you some first impressions of OVHcloud and how we're seriously considering moving...
ListenHey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover:
# Enumerate where your user has local a...
Listen
Hey friends, today we covered many things cracking and mapping and execing with CrackMapExec. Specifically:
# ...
Listen
Today I sat down with Chris Furner of Blumira to talk about all things cyber insurance. Many of 7MinSec's clients are renewing their p...
ListenHey friends, I took a mental health break this week and pre-podcasted this episode of a new series called 7MOOCH: 7 Minutes of...
ListenOoooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help ...
ListenToday we continue part 2 of a series we started a few weeks ago all about building a vulnerable pentesting lab. Check...
ListenToday we're talking about Teleseer, which is an awesome service to give you better network visibility - whether you're on the blue, red or purple team! It al...
ListenToday's episode is brought to us by our friends at Blumira!
Today we kick off a series all...
ListenToday we're releasing version 1.1 of our Light Pentest eBook. Changes discussed in today's episode (and shown live in the accompanying Listen
Today we talk about Simple Ways to Test Your SIEM. Feel free to check out the YouTube version of this presentation, as well as our Listen
Hey friends, today's episode is hosted by an AI from Murf.ai because I suffered a throat injury over the holidays and spent Christmas morning in the emergency room...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass....
Listen
Today we welcome our pal Matthew Warner (CTO and co-founder of Blumira) back to the show for a third time (his first appearance was Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass....
Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thou...
Listen
Today’s episode of the 7 Minute Security podcast is brought to you by Blumira, which provides easy-to-use automated detection and response that can be set up in…well..about 7 minute...
Listen
Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security thre...
Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thou...
Listen
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Vis...
Listen
Today we're excited to kick off a new series all about blue team bliss - in other words, we're talking about pentest stories where the blue team controls kicked our butt a little bit! Topics inc...
ListenToday we revisit a series we haven’t touched in a long time all about eating the security dog food. TLDL about this ser...
ListenHey friends! Today we're giving you a first impressions episode all about Airlock Digital, an application allowlisting solution. They were kind enou...
ListenIn today's episode we share some tips we've picked up in the last few weeks of pentesting, with hopes it will save you from at least a few rounds of smashing your face into the keyboard. Tips in...
ListenToday we're so excited to welcome Amanda Berlin, Lead Incident Detection Engineer at Blumira, back to the show (...
ListenToday's episode covers three remediation-focused topics that kind of grind my gears and/or get me frustrated with myself. I'm curious for your thoughts on these, so reach out via Listen
Hey friends, today we share the (hopefully) thrilling conclusion of last week's pentest. Here are some key points:
Ok, ok, I know. I almost always say something like "Today is my favorite tale of pentest pwnage." And guess what? Today is my favorite tale of pentest pwnage, and I don't even know h...
ListenHey friends, wow...we're up to thirty-nine episodes of pwnage? Should we make a cake when we hit the big 4-0?! Anyway, today's TLDL is this:
If you get a nagging suspici...
ListenToday we're joined by some of our friends at Arctic Wolf - Eugene Grant and Christopher Fielder - to talk about compliance. Now hold on - don't leave yet! I know for many folks, compliance makes...
ListenHey friends, we have another fun tale of pwnage for you today. I loved this one because I got to learn some new tools I hadn't used before, such...
ListenToday we're featuring a great interview with Matthew Warner, CTO and co-founder of Blumira. You might remember Matt from such podcasts as Listen
In today's episode, I try to get us thinking about our extended family's emergency/DR plan. Why? Because I recently had a close family member suffer a health scare, and it brought to light some ...
ListenIn today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in o...
ListenToday's another fun tale of pentest pwnage - specifically focused on cracking a hash type I'd never paid much attention to before: Listen
Today we're sharing an updates to episode #512 where we ran Rapid7's In...
ListenI'm extra psyched today, because today's episode (which is all about updating your VMWare ESXi version via command line) is complemented by ...
ListenWell friends, it has been a while since we talked about Microsoft's awesome Local Administrator Password Solution - spe...
ListenHey friends, a while back in episode #505 we talked about pwning wifi PSKs and PMKIDs with Bettercap. Today I'm ...
ListenHey friends! Today's another swell tale of pentest pwnage, and it's probably my favorite one yet (again)! This tale involves Listen
Hey friends, today we're giving another peek behind the curtain of what it's like to run a cybersecurity consultancy. Topics include:
Setting the right communication cadence - a...
ListenHey friends, it's another fun tale of pentest pwnage today! This one talks about cool things you can do when you have full rights over an OU in Active Directory. Important links to review:
<... ListenToday we're pumped to share a featured interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira. Y...
ListenToday we're continuing a series we haven't done in a while (click here to see the whole series) all about building and deploying pentest dropboxes for cu...
ListenIn today's episode I talk about a cool self-defense class I took a while ago which ...
ListenToday we continue the series we started a few years ago called Security Your Family During and After a Disaster (the last part in this series was from Listen
Welcome to another fun tale of pentest pwnage! This one isn't a telling of one single pentest, but a collection of helpful tips and tricks I've been using on a bunch of different tests lately. T...
ListenToday we're joined by our friends Christopher Fielder and Jon Crotty from Arctic Wolf to talk about their interesting report on Listen
Today I'm sharing some first impressions of the Rapid 7 InsightIDR as kind of a teaser for an eventual new chapter in our Listen
Today we're continuing our series focused on [owning a security consultancy], talking specifically about:
How not to give up on warm sales leads, even if they haven't p...
ListenToday we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall r...
ListenToday we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effectiv...
ListenHey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impression...
ListenToday's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome...
ListenToday's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing Listen
Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Listen
Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing...
ListenToday's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup...
ListenHappy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE trainin...
ListenToday we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory Certificate Services! For the full gory detai...
ListenHAPPY 500 EPISODES, FRIENDS! That's right, 7MS turned 5-0-0 today, and so we asked John Strand of Black Hills Information Security to join us an...
ListenToday we have some cool updates on this SIEM-focused series we've been doing for a while. Specifically, I want to share that one of these solutions can now detect three early (and important!) wa...
ListenHey friends, today I'm giving you a peek behind the curtain of our Light Pentest LITE training to talk about the software/hardware we use to ...
ListenToday's tale of pentesting has a bunch of tips to help you maximize your pwnage, including:
Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and...
ListenHey, remember back in episode #357 where we introduced 7MOIST (7 Minut...
ListenHello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using:
Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including:
History on cyber insurance - who'...
ListenHey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Listen
Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifyin...
ListenToday we continue our series focused on building a security consultancy and talk about:
Hey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical,...
ListenToday our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Listen
Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabe...
ListenToday we're continuing our series called Desperately Seeking a Super SIEM for SMBs - this time with a focus on a new contender in our bake-off: Perch ...
ListenToday we continue our series we started recently (part 1 is here about finding a super SIEM for SMBs. Specificall...
ListenToday we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital black hole if you're not careful!
As I...
ListenToday we're revisiting how to make a kick-butt cred-capturing phishing campaign with Gophish, Amazon Lightsail...
ListenToday we're talking about the SIEM bake-off for SMBs that we've recently embarked on. We're currently evaluating several solutions - either for customer-facing purposes, internal kick-the-tires ...
ListenHey friends, today we're talking about a new security training offering 7MinSec has created called Light Pentest LITE - Live Interactive Trai...
ListenHey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some tips on taking cracked passwords from multi...
ListenToday we're talking about Cobalt Strike for newbs - including how to get it up and running, as well as some tools that will help you generate beacons while evading EDR at the same time!
S...
Listen**STOP!** If you didn't listen to [last week's episode](https://7ms.us/7ms-475-tales-of-internal-network-pentest-pwnage-part-27/) you might want to, since this was a two-part tale of pwnage. Eit...
ListenYeahhhhhh! Today's another fun tale of pentest pwnage, including:
The importance of starting your pentest with an AD account that actually has access to...ya know...stuff
ListenHey friends! Today we're dusting off an old mini-series about password cracking in the cloud (check out part 1 and Listen
Hey everybody! Today Joe and I sat down with Nikhil Mittal of Listen
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Listen
Today we're doing something new - a first impressions episode of Meraki networking gear. Note: this is not a sponsored episo...
ListenHey friends! Today we're talking with Philippe Humeau, CEO of CrowdSec, which is "an open-source massively multiplayer firewall able to analyze visitor be...
ListenToday we continue the series on eating your own security dog food! Specifically, we talk about:
Keeping a log and procedure for sanit...
ListenHey everybody! I stayed in a hotel for the first time in over a year and boy oh boy...I hope I didn't get COVID from the bedsheets!
Anyhow, on that journey I thought of some things that I...
ListenWelp, I need another security certification like I needed a bunch to the retinas, but even after all the fun (and pain) of CRTP I couldn't help but sign up ...
ListenHey friends! Today Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I talk about some of our favorite news stories, including:
Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in Listen
In the last two episodes of this series (#449 and #450 Listen
Today we talk through our first engagement using Hak5 Key Croc to steal and exfil data. In the past, my internal monologue when a new Hak5 ...
ListenOK I probably say this every time, but I'm gonna say it again: this tale of pwnage is my one of my favs - and not because of the tools/tradecraft, but because of why the company needed ...
ListenHey friends! Warning: this is not a "typical" 7MS episode where we try hard to deliver some level of security value.
Instead, today is a big, fat, crybaby, first...
ListenToday we're super excited to share a featured interview with T...
ListenHi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running w...
ListenHello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a r...
ListenHey everybody! Sorry that we're late again with today's episode, but I got COVID shot #2 and it kicked my behind BIG TIME today. But I'm vertical today and back amongst the living and thrill...
ListenHappy almost-mid-February! Today Gh0sthax cooked up some great news stories for us to chew on, including:
Today's featured interview is with Marcello Salvati of Black Hills Information Security. Marcello is a.k.a. Listen
Hey everyone! Hope you're having a great week. Today Gh0sthax and I do a brain dump and recap of a cool (and mind-exploding) course we took la...
ListenToday we talk about a cool product called Deep Freeze, which, as its name implies, can "freeze" your computer in a known/goo...
ListenHey friends! We're continuing our series on pentest dropbox building - specifically playing off Listen
Happy new year! This episode continues our series on DIY pentest dropboxes with a focus on automation - specifically as it relates to automatin...
ListenMerry Christmas! Happy holidays! Please enjoy the last cyber news edition of 2020, brought to us by our good pal Listen
Welp, I need another certification like I need a hole in the head, but that didn't stop me from signing up for the Certified Red Te...
ListenHappy December! Today I virtually sat down with Christopher Fielder of Arctic Wolf, who started his career in security at 18 (I was just playing a ...
ListenHappy Thanksgiving! While the turkey and pie settle in your belly, why not also digest some fantastic security news stories with our pal Gh0sthax?
... ListenHey friends, I dare declare this to be my favorite tale of internal pentest pwnage so far. Why? Because the episode features:
Hello friends! Sorry to be late with this episode (again) but we've been heads-down in a lot of cool security work, coming up for air when we can! Today's episode features:
A li...
ListenHi! Sorry to be so late with this episode, but I'm excited to share with you another fun tale of pentest pwnage! Key points from today's episode include:
We do not Listen
Happy October and merry Halloween everybody! We're back with our buddy Joe "the machine" Skeen who is also now a Principal Security Engineer for Listen
Hello! This episode is a true homecoming in that I actually recorded it from home. Yay!
WARNING!!! WARNING!!! This episode contains a ton of singing. If you don'...
ListenHey, hope you're having a great week! The last few weeks have had somewhat of a homecoming and home cleaning theme. To continue that train of thought,...
ListenHi again! It's sort of fun to release two episodes in one week for a change. If you missed part 1 on our ioT security series, check it out Listen
WE'RE HOME! After almost a year after our fire, we're back, baby!
This episode is somewhat of a homecoming that dovetails into an episode about ioT...
ListenHi! Today our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax has prepared some cyber-licious actionable news stories for us to chew on. Today's stories ...
ListenYay! It's time for another tale of pentest pwnage! Highlights include:
Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.
Today we're talking business! We've got some exciting news and updates to share with you since we last did a "crying" episode last fall:
Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and yo...
ListenHola! We're back again with our amigo Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to dig...
ListenWelcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:
My understanding is that in order for Listen
Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands ...
Listen
Today's episode is all about creating and deploying your own pentest dropbox! In part 1 I talked about some "gotchas" but this tim...
ListenHello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. To...
ListenThis is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from thes...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](Listen
Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report...
ListenToday's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ev...
ListenToday we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a go...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass...
Listen
Today's episode is all about getting the most value out of your vulnerability scans, including:
Why, IMHO you should only do credentialed scans
Policy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
Today's episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week's interesting security news stories, how they might affect you, and what you can do to make ...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass...
Listen
Hey everybody! I hope you're hanging in there during quarantine and staying healthy. Today is part 3 of our ongoing series all about becoming a Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. ...
Listen
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCounc...
ListenIn today's episode I share four fun stay-at-home security projects - three with a security focus and one centered around music. Let's gooooooooo!
The Listen
This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCounc...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenToday's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only
It’s episode 401 and we’re having fun, right? Some things we cover today:
The Webinar version of the DIY Pwnagotchi evening will be offered Listen
Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast!
Today I've got a really fun tale of internal network pentest pwnage to share with you, as well ...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenThis podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cy...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare...
ListenToday's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare...
ListenToday's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
In today's episode I talk about how my family's house and two vehicles were recently destroyed in a fire. The Johnson family is all ok - no injuries, thank God. However, this has turned our worl...
ListenToday's episode features a few important changes to the tools and s...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move u...
ListenIn this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! Th...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move u...
ListenFor Windows VMs
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move u...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move u...
ListenToday's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move u...
ListenI swear this program isn't turning into the Dr. Phil show, but I have to say that sharing tales of fail is extremely therapeutic for me, and based on your comments, it sounds like many of you fe...
ListenSafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit Listen
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up...
ListenToday's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up...
ListenHey folks, happy secure 4th o' July!
In today's seven minute episode (Wha? Gasp! Yep...it's seven minutes!) I kick back a bit, give you some updates and tease/prepare you for some cool fu...
ListenToday's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost...
ListenThis episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securel...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenThis episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securel...
ListenThis episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securel...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenToday we're talking about Logging Made Easy, a project that, as its name implies...makes Windows e...
ListenThis episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activi...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenThis episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenToday I'm launching an ongoing series called 7MOIST. It stands for:
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of ...
ListenThis episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, inves...
ListenToday's episode is the thrilling, exciting, heart-pounding conclusion of Listen
Buckle up! This is one of my favorite episodes.
Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to D...
ListenI recently had the awesome opportunity to take the awesome Real World Red Team course put on by ...
ListenToday's episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and ente...
ListenToday's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance...
ListenToday's featured interview is with Ameesh Divatia, cofounder and CEO at Listen
Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-...
ListenToday's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-...
ListenWARNING: Today's episode is a bit of an experiment, and I hope you'll hang in there with me for it.
I had the opportunity to do a week-long red team engagement, and so I recorded...
ListenComing up on Tuesday, January 22 I'll be doing a Webinar with Netwrix called Listen
I'd like to coordially invite you to the first-ever 7MS User Group meeting, coming up Monday, January 14th at 6 p.m.! You can attend physically, virtually or both! All the info ...
ListenPsssst! Wanna come to the first ever 7MS User Group meeting? It's coming up on January 14th. You can join in person or virtually! Head Listen
Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy pat...
ListenToday's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-...
ListenLast week I had the fun privilege of speaking twice at the Minnesota Goverment IT Symposium on the f...
ListenOn a recent security assessment I was thrown for a loop and given the opportunity to do a two-part physical pentest/SE exercise - with about 5 minutes notice(!). Yes, it had me pooping my pants,...
ListenToday's episode talks about some SIEMple tests you can run on your SIEM (OMg see what I did there? I took the word simple and made it SIEMple. Genius stuff, right? And there's ...
ListenHappy Thanksgiving! In this episode I:
Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use...
ListenToday I'm excited to brain-dump a bunch of cool stuff I learned at a red team conference called ArcticCon t...
ListenThis week I got to celebrate Halloween with my friends at Netwrix by co-hosting a Webinar c...
ListenThis week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Listen
In this episode I'm releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy t...
ListenIt's done! It's done!! It's DONE!!!
That's right mom, my PacktPub course called Listen
In today's episode, I'm excited to be joined in the studio by Nathan Hunstad, Director of Secu...
ListenToday's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems an...
ListenThis episode is a cavalcade of fun! Why?
First, I've got a big announcement: I've accepted a new position.
"What?!" exclaimed my mom. "I thought you were president of 7MS,...
ListenToday's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems an...
ListenToday's episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to Listen
Today's episode is a follow-up to #304 where we talked...
ListenIt's been a while so I thought I'd update you on how things are going on the business front. Here are the bi...
ListenI'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down ...
ListenI had an exhilarating and terrifying experience this week doing my first ever live radio interview!
As a quick bit of background, this interview was part of the 7MS radio marketing campai...
ListenToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code ...
ListenToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code ...
ListenToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code ...
ListenToday's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code ...
ListenToday's interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercia...
ListenIn this episode I wanted to give you some cool/fun updates as it relates to 7MS the business! Specifically:
As a continuation of last week's episode I'm now making a bit of progress i...
ListenYou probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it's grim to think about "What will my lov...
ListenAs I was preparing for my Secure 360 talk a month or so ago, I stumbled upon Listen
It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figu...
ListenThis week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton Listen
Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help se...
ListenCracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Listen
I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and em...
ListenHey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird.
Anyway, ya know how I teased last week that 7MS cou...
ListenWe've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show:
What ...
ListenToday is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is...
ListenI'm working on a fun project right now where I'm evaluating endpoint protection solutions for a client. They're faced with a choice of either refreshing endpoints to the latest gen of their curr...
ListenI've had a fun week with a mixed bag of security related stuff happening, so I thought I'd throw it all in a big stew and cook it up for today's episode. Here are the highlights:
CredDefense is a freakin' sweet tool from the fine folks at Listen
In today's continuation of last week's episode I'm continuing a discussion...
ListenI had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil th...
ListenHere's some of the "juice" that has helped 7MS have a successful start:
Ok so I think if you're going to have a successful business, you need an awe...
ListenWEFFLES are delicious!
WEFFLES stands for Windows Event Loggi...
ListenToday I'm excited to be joined by my friend and advisor Kevin Keane (Twitter / Listen
GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/...
ListenBack in episode 280 I talked about how I started working with Listen
Hey folks, I had originally planned to cover the CredDefense toolkit...
ListenDid I mention I love the Critical Security Controls? I do. And here's an absolute diamond I found this week:
This site (Listen
My pal and former coworker Joe Klein joins me in the virtual studio to discuss:
Two weird things happening in this episode:
I'm not in the car, and thus not endangering myself and others while podcasting and driving!
My o...
ListenSorry the podcast is late this week - but it's all for good reasons! I'm busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you:
Well, after over-teasing this last week, I'm excited to announce that I've started my own company! 7 Minute Security, LLC gives me an outlet to do all my favorite infosec stuff, such as:
We're continuing to hammer on the CSCs again this week. Here's some rad resources that can get your CSC efforts in the right direction:
Nothing to do with security, but I've heard this song way too much this week.
<... ListenFor a long time I've been electronically in love with the Critical Security Controls. Not f...
ListenMy plans for this week's podcast went hush-hush, kablooie, bye-bye, see ya, adios.
So, I'm pinch-hitting and going off-topic and talking about...of all things...cops. Now wait! Wait wait!...
ListenI'm gonna level with you: it's been a heck of a week. So I thought I'd try something a little different (and desperate?) and use this episode to answer some FAQs that come in via email and Twitt...
ListenI went to my first ever banking-focused infosec conference a few weeks ago (Listen
I'm excited to announce I'm going to be a PacktPub author! I'm going to work with them to create a course ...
ListenThe patching solutions review concludes this week with Ivanti'...
ListenWe're breaking ground with this episode, folks! For the first time in 7MS history, we've got a guest on the show (finally, right?!).
Overall, I have to bluntly say that I really enjoyed playing with ManageEngine's solution. It's got a crap-ton of features built into it - above an...
ListenThis is it! The worldwide Internet debut of an original infosec-themed song called CryptoLocker'd, and as the name implies, it's about a CryptoLocker incident. Here's the quick back sto...
ListenThis episode continues our series on comparing popular patching solutions, such as:
This week...
ListenI'm back from Vegas! My talk went really well and I'm excited to tell you about it in today's episode. First, some conference/trip highlights:
During the ILTACON conference I attended a g...
ListenI ran out of time in episode #272 to tell you about why preparing to be a speaker for ILTACON was way more stressful that preparing for Listen
This is part 2 of a series focusing on public speaking - specifically for the ILTACON conference...
ListenSeems like every business I meet with needs some sort of help in the patching department. Maybe they've got the Microsoft OS side of the house under control, but the third-party stuff i...
ListenI spent a bunch of time with Security Onion the last couple week's and have been lovin' it! I ran the i...
ListenDocumentation is super boring, right? Yet it's critical to getting your client/audience excited about making their security better!
In this episode I talk about my mixed feelings towards ...
ListenBeen having a blast working with the beta branch of the Sweet Security project a...
ListenToday's episode is a horror story about how I recently lost 5+ years of CrashPlan backups due to what I'm ...
ListenThis week I've continued to play with the awesome Sweet Security IDS solution you...
ListenI've been wanting to get a Bro IDS installed for a long time now - and for several reasons:
I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is Listen
Tell me I can't be the only one who regularly wants to combine a bunch of small Nessus scans files into a big fat Nessus scan file, and then make pretty pictures/graphs/summaries that the custom...
ListenThrough kind of a weird series of events, I have an opportunity to speak at ILTACON this summer ...
ListenThis week I had the fun opportunity to do a "blind" network security assessment - where basically we had to step into a network we'd never seen before and make some security posture recommendati...
ListenI'm continuing to love the our PwnPro and had a chance to use it o...
ListenWarning! Warning! This is an off-topic episode!
I try really hard to create valuable weekly content about IT/security. However, sometimes a virtual grenade goes ...
ListenI mentioned last week that I was speaking at the Listen
The nervous butterflies are chewing up my organs this week. Why? Because I'm speaking at Secure360 next Listen
So a few weeks ago I did an episode about the Listen
I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and ...
ListenI've been working with the Bash Bunny for the past few weeks in preparation for a prese...
ListenFind the show notes here!
ListenShow notes are here.
ListenShow notes for today's episode can be found here!
ListenShow notes are here.
ListenShow notes are here.
ListenSite notes are here. Enjoy.
ListenShow notes are here.
ListenWe've reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today's episode, I just wanted to kick back and share some cool things I'...
ListenShow notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1
ListenShow notes: https://7ms.us/7ms-238-network-m...
ListenShow notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessu...
ListenShow notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-w...
ListenShow notes: https://7ms.us/7ms-235-pwning-billy-madison
ListenShow notes: https://7ms.us/7ms-234-pentesting-owasp-juice-shop-part5
ListenShow notes: https://7ms.us/7ms-233-pentesting-owasp-juice-shop-part-4/<...
ListenShow notes: https://7ms.us/7ms-232-pentesting-owasp-juice-shop-part-3 Listen
Show notes: https://7ms.us/7ms-231-pentesting-owasp-juice-shop-part-2/<...
ListenShow notes: https://7ms-230-pentesting-owasp-juice-shop-part-1
ListenShow notes: https://7ms.us/7ms-229-intro-to-docker-for-pentesters
ListenShow notes: https://7ms.us/7ms-228-fun-with-bettercap/
ListenShow notes: https://7ms.us/7ms-227-lets-e...
ListenShow notes: https://7ms.us/7ms-226-diy-500-pentesting-lab-part-3/
ListenShow notes: https://7ms.us/7ms-225-diy-500-pentesting-lab-part-2/
ListenShow notes: https://7ms.us/7ms-224-diy-500-pentesting-lab-part-1/
ListenShow notes: https://7ms.us/7ms-223-vulnhub-walkthrough-tommy-boy/
ListenShow notes: https://7ms.us/7ms-222-off-topic-the-final-chapter/
ListenShow notes: https://7ms.us/7ms-221-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-220-installing-ubiquiti-edger...
ListenShow notes: https://7ms.us/7ms-219-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-218...
ListenShow notes: https://7ms.us/7ms-217-installing-ubiquiti-edger...
ListenShow notes: https://7ms.us/7ms-216-news-and-links-roundup/
ListenHere you can provide a detailed description about your podcast. You may wish to include: topics that will be discussed, your episode schedule, who hosts the show, any guests that have or will ap...
ListenShow notes: https://7ms.us/7ms-214-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-213-building-a-vulnerable-vm-the-prequ...
ListenShow notes: https://7ms.us/7ms-211-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-211-off-topic-it-horror-stories-part-2/<...
ListenShow notes: https://7ms.us/7ms-210-vulnhub-walkthrough-mr-robot/
ListenShow notes: https://7ms.us/7ms-209-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-208-off-topic-the-jackwagon-who-s...
ListenShow notes: https://7ms.us/7ms-207-vulnhub-walkthrough-sidney/
ListenShow notes: https://7ms.us/7ms-206-vulnhub-walkthrough-stapler/
ListenShow notes here: https://7ms.us/7ms-205-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-204-off-topic-it-horror-stories/
ListenShow notes: https://7ms.us/7ms-203-vulnhub-walkthrough-fristileaks/
ListenShow notes: https://7ms.us/7ms-202-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-201-off-topic-audio-clip-extravaganza/ Listen
Show notes here: https://7ms.us/7ms-200-vulnhub-walkthrough-milnet/
ListenShow notes: https://7ms.us/7ms-199-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-198-two-pentest-stories/
ListenShow notes: https://7ms.us/7ms-197-vulnhub-walkthrough-sickos-1-2/
ListenShow notes here: https://7ms.us/7ms-196-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-195-why-appspider-is-grinding-my-gears/<...
ListenShow notes here: https://7ms.us/7ms-194-vulnhub-walkthrough-simple/
ListenShow note here: https://7ms.us/7ms-193-news-and-links-roundup/
ListenShow notes here: https://7ms.us/7ms-192-podcast-like-nobodys-listening/...
ListenShow notes: https://7ms.us/7ms-191-vulnhub-walkthrough-kevgir/
ListenShow notes: https://7ms.us/7ms-190-infosec-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-189-offtopic-reviews-of-t...
ListenShow notes: https://7ms.us/7ms-188-vulnhub-walkthrough-droopyctf/
ListenShow notes: https://7ms.us/7ms-187-infosec-news-and-links-roundup/
ListenShow notes: https://7ms.us/7ms-186-offtopic-reviews-of-brookl...
ListenShow notes here: https://7ms.us/7ms-185-vulnhub-walkthrough-lord-of-t...
ListenShow notes here: https://7ms.us/7ms-184-infosec-news-and-links-roundup/...
ListenShow notes here: https://7ms.us/7ms-183-offtopic-the-invitation/
ListenShow notes here: https://7ms.us/7ms-182-vulnhub-walkthrough-sickos/
ListenShow notes here: https://7ms.us/7ms-181-infosec-news-and-links-roundup/...
ListenShow notes here: https://7ms.us/7ms-180-vulnhub-walkthrough-skydog-ctf/...
ListenShow notes here: https://7ms.us/7ms-179-bring-new-life-to-an-o...
ListenShow notes here: https://7ms.us/7ms-178-infosec-news-and-links-roundup/...
ListenShow notes are here: https://7ms.us/7ms-177-a-not-totall...
ListenCheck out the show notes here: https://7ms.us/7ms-176-diy-ssh-honeypot-with...
ListenShow notes are here: https://7ms.us/7ms-175-infosec-news-and-links-roundup/...
ListenShow notes here: https://7ms.us/7ms-174-diy-ssh-honeypot-with-kippo-par...
ListenShow notes here: https://7ms.us/7ms-173-diy-ssh-honeypot-with-kippo/
ListenShow notes here: https://7ms.us/7ms-172-infosec-news-and-links-roundup/...
ListenShow notes (actually, MUSIC notes in this case) can be found here: https://7ms.us/7m...
ListenShow notes are here: https://7ms.us/7ms-170-pentesting-in-a-vacuum-part-3/ Listen
Show notes are here: https://7ms.us/7ms-169-infosec-news-and-links-roundup/...
ListenShow notes are here! Go to https://7ms.us/7ms-168-upgr...
ListenShow notes are here: https://7ms.us/7ms-167-my-first-dandy...
ListenShow notes are here: https://7ms.us/7ms-166-infosec-news-and-links-roundup/...
ListenShow notes for today's episode are right here: https://7ms.us/7ms-165-diy-podcast/
ListenCheck out the show notes for today's episode here: https://7ms.us/7ms-164-pe...
ListenShow notes here: https://7ms.us/7ms-163-infosec-news-and-links-roundup/...
ListenShow notes for today's episode are here: https://7ms.us/7ms-162-off-topic-deadpool/...
ListenShow notes are here - enjoy! https://7ms.us/7ms...
ListenToday's show notes are here: https://7ms.us/7ms-160-friday-infosec-ne...
ListenToday's show notes are here: https://7ms.us/7ms-159-off-topic-w...
ListenToday's swell show notes are at: https://7ms.us/7ms-158-pentesting-in-a-vacuum/...
ListenToday's show notes are here: https://7ms.us/7ms-157-infosec-news-and-links-...
ListenToday's show notes: https://7ms.us/7ms-156-off-topic-3-ways-...
ListenHere are the show notes for today: ...
ListenEpisode show notes are here: https://7ms.us/7ms-154-friday-infosec-ne...
ListenToday's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!
ListenThis is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement. I just happen to REALLY like this little router.
ListenHere are some of my favorite stories and links for this week!
Preview16 wordsIn today's off-topic episode I review the following movies:
This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (...
ListenYep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.
ListenIn this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the D...
ListenHere are some of my favorite stories and links for this week!
In today's off-topic episode I review two movies: Sicario and The Walk.
ListenI recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.
ListenHere are some of my fav' stories and links for this week!
* Bur...
ListenThis off-topic episode covers:
* Media servers - I'm a newb in this area and could use your help in setting up a config that actually works!
* Making a Murderer - this is a fantast...
ListenHappy (belated) new year! This episode is more of a "What am I listening to, a PBS telethon?!" kind of thing, and I'm sorry for that. But I want to cover:
* Scheduling changes for 2016 - ...
ListenThis episode talks about some cool video games I've been playing lately:
* Metal Gear Solid Phantom Pain (Xbox 360)
* Rise of the Tomb Raider (Xbox 360)
* Luminocity (iPhone...
ListenBack in episode #93 I talked about securing your life - in other words, asking yourself "What would happen if I was dead right now? Do I have adequate insurance? Are my finances in order? How ab...
ListenLooks like I'm one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #diappointed.
ListenThis off-topic episode talks about one of the most gripping and disturbing documentaries I've ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremac...
ListenOne skill that's been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing..
But I'm tryi...
ListenThis is a four-part series about my transition to a new job! The topics are as follows:
* Part 1: When it may be time to look for a new job (or not)
* Part 2: How to stand out duri...
ListenThis is a four-part series about my transition to a new job! The topics are as follows:
Part 1: When it may be time to look for a new job (or not)
Part 2: How to stand out during p...
ListenThis is a four-part series about my transition to a new job! The topics are as follows:
Part 1: When it may be time to look for a new job (or not)
Part 2: How to stand out during p...
ListenThis is a four-part series about my transition to a new job! The topics are as follows:
Part 1: When it may be time to look for a new job (or not)
Part 2: How to stand out during p...
ListenThe title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.
ListenThis episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.
ListenIn this episode I talk about face-planting in my office at the first job I had out of college.
ListenIn this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transpa...
ListenThis episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.
ListenThis episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more con...
ListenWay back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.).
This episode continues that train ...
ListenThis episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.
ListenThis episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous info...
ListenPreview76 wordsThis episode is about a documentary called An Apology to Elephants. It's all...
ListenPart 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast:
Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 2016. ...
ListenIn this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost.
I think you'll want to check this episode out,...
ListenThis episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"
ListenToday I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.
ListenIn this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.
ListenWe're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.
ListenPart 3 on my series about PCI pentesting. Yeah. That.
ListenYep, this episode is EXACTLY what the title implies.
ListenThis episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found ...
ListenThe thrilling (?) conclusion of my experience hacking WPA Enterprise.
ListenThis episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2! Listen
Movie reviews of It Follows and Backcountry.
ListenHere's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!
ListenHey I'm going to PWAPT this week (Listen
A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!
ListenToday's totally random episode covers:
1. How bad does this podcast's logo suck?
2. Does this podcast need a theme song?
3. Some interesting training I'm taking next week. Listen
Hey I just got a LANTurtle and....these are my first impressions!
ListenThis is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.
ListenI'm a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here's the video I mentioned in the podcast - my first l...
ListenThe new(ish) Chris Farley documentary is fantastic - see it!
ListenEver had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.
ListenToday's episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.
ListenSo far I've focused on the technical aspects of PCI, but I'm trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This epis...
ListenWe're going off topic today and talking about video games! LIMBO for the Xbox!
ListenYep, we're talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).
ListenWhen you start a security assessment with a company, not everybody's gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space sit...
ListenI've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!
ListenSo yeah, this is kind of off-topic, but have you thought about security in the sense of "What kinds of security things should I be doing before I'm dead?" Today's episode explores that.
ListenSometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What's the right thing to do when, for lack of a b...
ListenToday's episode is about Umbrella, a product from OpenDNS that p...
ListenWe're going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.
ListenToday we're talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn't a commercial or paid advertisement. I just like sharing things that I like and us...
ListenThis episode's about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)
ListenToday I talk about challenge I run into when I'm delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody "gets it" but also go level ...
ListenThis episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as muc...
ListenNeed an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the Listen
Hey have you heard of Pwn Pads? They're an awesome...
Listenin this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you'll probably want one too.
ListenThe OSWP series is coming to a close. One final episode today and then the four-quel episode will be all about the test!
ListenA continuation of our thrilling, exciting, mind-blowing series on OSWP (Offensive Security Wireless Professional)!
ListenThis episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.
ListenIn episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!
ListenIn this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.
ListenIn this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!
ListenThis week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!
ListenI know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.
ListenI wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.
ListenIn this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!
ListenThis episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password! 7MS #73: PCI Pentesting 101 – Part 2 (audio...
ListenI’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #72: PCI Pentesting 101 (audio) Listen
We’re going totally off topic today and doing a movie review of Mad Max! 7MS #71: OFFTOPIC-Mad Max (audio)Listen
I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #70: Get the Most out of Your DNS! (audio)Listen
Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Y...
ListenThis episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless! 7MS #68: Is Training and Awareness Worth It or Wor...
ListenThis is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It l...
ListenThis is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed. 7MS #66: I’m Excited to Go Phishing – Part 2 (audio)Listen
Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice. Yep. That happened. 7MS #65: OFFTOPIC-Still Alice (audio)Listen
I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to ...
ListenThis week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 1...
ListenI’m excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out thi...
ListenUsers running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulne...
ListenThis episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach...
ListenA few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this e...
ListenAt the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to impro...
ListenIn this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for ...
ListenA few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town! 7MS #56: OFFTOPIC – Catch...
ListenOk I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks. 7MS #55: OFFTOPIC – ...
ListenIf you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock *only* when buying something. It’s coo...
ListenBusiness DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good plans in place t...
ListenIt’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me. 7MS #52: OFFTOPIC – My Son is Really Loyal (au...
ListenA few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one ...
ListenAt last, the epic conclusion of the maddening, redeeming OSCP journey. 7MS #50: OSCP – The Final Chapter – part 2! (audio)Listen
We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP! 7MS #49: OSCP – the final chapter – part 1! (audio)Listen
Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in! 7MS #48: So I Gave My Eight Year Old a Computer (audio)Listen
Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment…stuff you migh...
ListenSo you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers – and hacking ...
ListenWarning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will change your mind and let you see piracy in a...
ListenWarning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why. 7MS #44...
ListenDid you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this. 7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio) Listen
I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differe...
ListenTried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)Listen
PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)Listen
I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)Listen
Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPh...
ListenEver wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)Listen
More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)...
ListenThis is the 4th thrilling installment in our exciting series about the awesome, challenging, rage-inducing, but ultimately rewarding training and certification called OSCP. Download: 7MS #35: OS...
ListenI found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook. C...
ListenThis episode’s all about a cool product called ProXPN that I use to encrypt/anonymize my traffic for various reasons. Not a sponsored episode or anything like that, but I am a fan of this servic...
ListenBeen a while since I shared an update on OSCP progress. It’s going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: ...
ListenNetwork Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health a...
ListenMost organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem. D...
ListenThis isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio) Listen
This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soa...
ListenHey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Cra...
ListenTraining and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priorit...
ListenThis episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)Listen
This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio) Listen
In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My ...
ListenIn this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resour...
ListenIn this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. Th...
ListenIn this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m t...
ListenIn this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: ...
ListenIn this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, ver...
ListenIn this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s in...
ListenIn this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a grea...
ListenIn this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a ...
ListenIn this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn’t seem to aut...
ListenIn this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) S...
ListenIn this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains H...
ListenIn this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Sho...
ListenIn this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security ...
ListenIn this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep pe...
ListenIn this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It co...
ListenEpisode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: Externa...
ListenIn this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outboun...
ListenIn this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 2...
ListenIn this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show not...
ListenIn this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show note...
ListenIn this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode ...
ListenIn this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the hec...
Listen