Cover image of 7 Minute Security
(49)
Technology
News
Tech News

7 Minute Security

Updated 3 days ago

Technology
News
Tech News
Read more

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

Read more

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

iTunes Ratings

49 Ratings
Average Ratings
46
2
1
0
0

Great small bits of security

By Infinity dreamer 90 - Feb 20 2019
Read more
Thanks for sharing your security secrets!

Brian Johnson

By Caneron Johnson - May 06 2018
Read more
Hey this is Cameron Luis Fronodo Johnson and I’m your son bye Dad love you!! 👋

iTunes Ratings

49 Ratings
Average Ratings
46
2
1
0
0

Great small bits of security

By Infinity dreamer 90 - Feb 20 2019
Read more
Thanks for sharing your security secrets!

Brian Johnson

By Caneron Johnson - May 06 2018
Read more
Hey this is Cameron Luis Fronodo Johnson and I’m your son bye Dad love you!! 👋
Cover image of 7 Minute Security

7 Minute Security

Latest release on Jan 23, 2020

The Best Episodes Ranked Using User Listens

Updated by OwlTail 3 days ago

Rank #1: 7MS #51: CEH vs. OSCP (audio)

Podcast cover
Read more

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention during the episode – it has much more…

Apr 07 2015

7mins

Play

Rank #2: 7MS #182: Vulnhub Walkthrough - SickOs

Apr 25 2016

9mins

Play

Rank #3: 7MS #112: This is Sparta!

Podcast cover
Read more

This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!

Nov 25 2015

8mins

Play

Rank #4: 7MS #114: PCI Pentesting 101-Part 3

Podcast cover
Read more

Part 3 on my series about PCI pentesting. Yeah. That.

Dec 02 2015

7mins

Play

Rank #5: 7MS #107: I'm Going to PWAPT!

Podcast cover
Read more

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

Nov 03 2015

7mins

Play

Rank #6: 7MS #210: Vulnhub Walkthrough - Mr. Robot

Jul 04 2016

7mins

Play

Rank #7: 7MS #162: OFF-TOPIC - Deadpool

Podcast cover
Read more

Show notes for today's episode are here: https://7ms.us/7ms-162-off-topic-deadpool/

Mar 02 2016

8mins

Play

Rank #8: 7MS #113: Big Bag of Random Security Stuff

Podcast cover
Read more

Yep, this episode is EXACTLY what the title implies.

Nov 27 2015

10mins

Play

Rank #9: 7MS #61: Why Local Admin Rights Suck (audio)

Podcast cover
Read more

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS #61: Why Local Admin Rights Suck (audio)

May 14 2015

8mins

Play

Rank #10: 7MS #226: DIY $500 Pentesting Lab - Part 3

Sep 02 2016

8mins

Play

Rank #11: 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)

Podcast cover
Read more

Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks. 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)

Apr 22 2015

6mins

Play

Rank #12: 7MS #390: Tales of Internal Network Pentest Pwnage - Part 11

Podcast cover
Read more

Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

Today's episode is a twofer. That's right, two tales of internal network pentest pwnage. Whoop whoop! We cover:

  • What the SDAD (Single Domain Admin Dance) and DDAD (Double Domain Admin Dance) are (spoiler: imagine your dad trying to dance cool...it's like that, but more awkward)

  • A good way to quickly find domain controllers in your environment: nslookup -type=SRV _ldap._tcp.dc._msdcs.YOURDOMAIN.SUFFIX

  • This handy script runs nmap against subnets, then Eyewitness, then emails the results to you

  • Early in the engagement I'd highly recommend checking for Kerberoastable accounts

  • I really like Multirelay to help me pass hashes, like:

MultiRelay.py -t 1.2.3.4 -u bob.admin Administrator yourmoms.admin

  • Once you get a shell, run dump to dump hashes!

  • Then, use CME to pass that hash around the network!

crackmapexec smb 192.168.0.0/24 -u Administrator -H YOUR-HASH-GOES-HERE --local auth

  • Then, check out this article to use NPS and get a full-featured shell on your targets

Dec 06 2019

1hr 2mins

Play

Rank #13: 7MS #57: How to Review a Firewall (audio)

Podcast cover
Read more

In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a Firewall (audio)

Apr 30 2015

8mins

Play

Rank #14: 7MS #180: Vulnhub Walkthrough: Skydog CTF

Apr 21 2016

12mins

Play

Rank #15: 7MS #206: Vulnhub Walkthrough - Stapler

Jun 20 2016

8mins

Play

Rank #16: 7MS #270: IDS on a Budget - Part 4

Podcast cover
Read more

I spent a bunch of time with Security Onion the last couple week's and have been lovin' it! I ran the install, took all the defaults, ran the updates, and pretty much just let it burn in on my prod (home) environment.

After a few days, I went back to check the Security Onion dashboard to check the alerts. There was a bunch of benign stuff (computers pinging each other, Dropbox broadcasting to the network) but also a couple interesting finds - SO caught one of my VMs downloading (intentionally) Invoke-Mimikatz. The dashboard allows you to see transcripts of file downloads like this, as well as a tool called Network Miner to extract a copy of the downloaded file for further analysis.

One thing the SO didn't pick up on was the DNS-based C2 tunnel I setup on a test victim client. However, it turns out RITA works great for exactly this type of analysis - it reported the huge number of DNS requests from my victim client to the C2 server. Very helpful info for an incident response situation!

Aug 03 2017

12mins

Play

Rank #17: 7MS #323: 7 Ways to Not Get Hacked

Podcast cover
Read more

I'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far:

  1. Passwords
  2. 2FA/MFA
  3. Wifi (put a good password on it, don't use WEP, don't use WPS
  4. Sign up for HaveIBeenPwned
  5. Update all the things
  6. Block malware/mining with browser plugins
  7. Security awareness training

What do you think? Anything I missed or should consider swapping with another topic? Contact me!

Aug 16 2018

18mins

Play

Rank #18: 7MS #67: Wifi Sniffing is Fun-Part 2 (audio)

Podcast cover
Read more

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My laptop with Wireshark->Hub Wifi access point->Hub To find…

Jun 09 2015

7mins

Play

Rank #19: 7MS #379: Tales of Internal Network Pentest Pwnage - Part 7

Podcast cover
Read more

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

This episode, besides talking about a man who screamed at me for not being on my cell phone, covers another tale of internal network pentest pwnage! Topics/tactics covered include:

  • Review of setting up your DIY pentest dropbox
  • Choosing the right hardware (I'm partial to this NUC)
  • Running Responder to catch creds
  • Using Eyewitness to snag screenshots of stuff discovered with nmap scanning
  • Nmap for Eternal Blue with nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24
  • Running Sharphound to get a map of the AD environment
  • Cracking creds with Paperspace
  • When cracking, make sure to scrape the customer's public Web sites for more wordlist ideas!

Aug 30 2019

43mins

Play

Rank #20: 7MS #387: How to Succeed in Business Without Really Crying - Part 7

Podcast cover
Read more

Today's episode features a few important changes to the tools and services I use to run 7MS:

Additionally, we talk about a few biz-specific challenges:

  • How do you (comfortably) talk about money with a client before the SOW hits their inbox?
  • If you're a small security consultancy of 2-5 people, do you lie about your company size to impress the big client, or tell the truth and brag about the advantages a nimble team can bring?

Nov 11 2019

56mins

Play