Rank #1: 7MS #51: CEH vs. OSCP (audio)
A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention during the episode – it has much more…
Apr 07 2015
Rank #2: 7MS #182: Vulnhub Walkthrough - SickOs
Apr 25 2016
Rank #3: 7MS #112: This is Sparta!
This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!
Nov 25 2015
Rank #4: 7MS #114: PCI Pentesting 101-Part 3
Part 3 on my series about PCI pentesting. Yeah. That.
Dec 02 2015
Rank #5: 7MS #107: I'm Going to PWAPT!
Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.
Nov 03 2015
Rank #6: 7MS #210: Vulnhub Walkthrough - Mr. Robot
Jul 04 2016
Rank #7: 7MS #162: OFF-TOPIC - Deadpool
Mar 02 2016
Rank #8: 7MS #113: Big Bag of Random Security Stuff
Yep, this episode is EXACTLY what the title implies.
Nov 27 2015
Rank #9: 7MS #61: Why Local Admin Rights Suck (audio)
Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)
May 14 2015
Rank #10: 7MS #226: DIY $500 Pentesting Lab - Part 3
Sep 02 2016
Rank #11: 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)
Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks. 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)
Apr 22 2015
Rank #12: 7MS #390: Tales of Internal Network Pentest Pwnage - Part 11
Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.
Today's episode is a twofer. That's right, two tales of internal network pentest pwnage. Whoop whoop! We cover:
What the SDAD (Single Domain Admin Dance) and DDAD (Double Domain Admin Dance) are (spoiler: imagine your dad trying to dance cool...it's like that, but more awkward)
A good way to quickly find domain controllers in your environment:
nslookup -type=SRV _ldap._tcp.dc._msdcs.YOURDOMAIN.SUFFIX
Early in the engagement I'd highly recommend checking for Kerberoastable accounts
I really like Multirelay to help me pass hashes, like:
MultiRelay.py -t 188.8.131.52 -u bob.admin Administrator yourmoms.admin
Once you get a shell, run
dumpto dump hashes!
Then, use CME to pass that hash around the network!
crackmapexec smb 192.168.0.0/24 -u Administrator -H YOUR-HASH-GOES-HERE --local auth
Dec 06 2019
Rank #13: 7MS #57: How to Review a Firewall (audio)
In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)
Apr 30 2015
Rank #14: 7MS #180: Vulnhub Walkthrough: Skydog CTF
Apr 21 2016
Rank #15: 7MS #206: Vulnhub Walkthrough - Stapler
Jun 20 2016
Rank #16: 7MS #270: IDS on a Budget - Part 4
I spent a bunch of time with Security Onion the last couple week's and have been lovin' it! I ran the install, took all the defaults, ran the updates, and pretty much just let it burn in on my prod (home) environment.
After a few days, I went back to check the Security Onion dashboard to check the alerts. There was a bunch of benign stuff (computers pinging each other, Dropbox broadcasting to the network) but also a couple interesting finds - SO caught one of my VMs downloading (intentionally) Invoke-Mimikatz. The dashboard allows you to see transcripts of file downloads like this, as well as a tool called Network Miner to extract a copy of the downloaded file for further analysis.
One thing the SO didn't pick up on was the DNS-based C2 tunnel I setup on a test victim client. However, it turns out RITA works great for exactly this type of analysis - it reported the huge number of DNS requests from my victim client to the C2 server. Very helpful info for an incident response situation!
Aug 03 2017
Rank #17: 7MS #323: 7 Ways to Not Get Hacked
I'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far:
- Wifi (put a good password on it, don't use WEP, don't use WPS
- Sign up for HaveIBeenPwned
- Update all the things
- Block malware/mining with browser plugins
- Security awareness training
What do you think? Anything I missed or should consider swapping with another topic? Contact me!
Aug 16 2018
Rank #18: 7MS #67: Wifi Sniffing is Fun-Part 2 (audio)
This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My laptop with Wireshark->Hub Wifi access point->Hub To find…
Jun 09 2015
Rank #19: 7MS #379: Tales of Internal Network Pentest Pwnage - Part 7
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:
- Review of setting up your DIY pentest dropbox
- Choosing the right hardware (I'm partial to this NUC)
- Running Responder to catch creds
- Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
- Nmap for Eternal Blue with
nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24
- Running Sharphound to get a map of the AD environment
- Cracking creds with Paperspace
- When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!
Aug 30 2019
Rank #20: 7MS #387: How to Succeed in Business Without Really Crying - Part 7
Today's episode features a few important changes to the tools and services I use to run 7MS:
- Docusign is out and (sort of) replaced with Proposify
- Voltage SecureMail is out and replaced by ShareFile
- Ninite is rad for keeping mobile pentest dropboxes automatically updated!
- Nessys_SortyMcSortleton has been updated to...you know...work
Additionally, we talk about a few biz-specific challenges:
- How do you (comfortably) talk about money with a client before the SOW hits their inbox?
- If you're a small security consultancy of 2-5 people, do you lie about your company size to impress the big client, or tell the truth and brag about the advantages a nimble team can bring?
Nov 11 2019