7 Minute Security
Brian Johnson
All episodes
Best episodes
Top 10 7 Minute Security Episodes
Best episodes ranked by Goodpods Users most listened

7MS #420: Tales of Internal Pentest Pwnage - Part 17
7 Minute Security
06/26/20 • 44 min
Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever.
I had to actually roll a fresh Kali VM to upload to the customer site, and I learned (the hard way) to make that VM disk as lean as possible. I got away with a 15 gig drive, and the OS+tools+updates took up about 12 gig.
One of the biggest lessons I learned from this experience is to make sure that not only is your Kali box updated before you take it to a customer site (see this script), but you should make sure you install all the tool dependencies beforehand as well (specifically, Eyewitness, Impacket and MITM6).
This pentest was also extremely time-boxed, so I tried to get as much bang out of it as possible. This included:
- Capturing hashes with Responder
- Checking for "Kerberoastable" accounts (GetUserSPNs.py -request -dc-ip x.x.x.x domain/user)
- Check for MS14-025 (see this article)
- Check for MS17-010 (nmap -Pn -p445 --open --max-hostgroup 3 --script smb-vuln-ms17-010 192.168.0.0/24 -oA vulnerable-2-eblue) and try this method of exploiting it
- Check for DNS zone transfer (dnsrecon -d name.of.fqdn -t axf)
- Test for egress filtering of ports 1-1024
- Took a backup of AD "the Microsoft way" and then cracked with secretsdump:
sudo python ./secretsdump.py -ntds /loot/Active\ Directory/ntds.dit -system /loot/registry/SYSTEM -hashes lmhash:nthash LOCAL -outputfile /loot/ad-pw-dump

7MS #419: Eating the Security Dog Food
7 Minute Security
06/17/20 • 40 min
Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a good security program, but didn't have one of their own! I'm trying to break that pattern now that I'm in a position to lead an information security program for 7MS.
In today's episode we talk about getting your company started with a good set of infosec policies/procedures. First up is a "mothership" infosec policy with the following sub-policies inside it:
- Acceptable Use
- Data Protection and Privacy
- Physical Security
- Tools and Technology
- Training and Awareness
- Reporting
Oh, and the song I jazz/scat/sang coming out of the jingle was If I Were a Dog

7MS #418: Securing Your Mental Health
7 Minute Security
06/11/20 • 44 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today's episode is all about mental health! I talk about some of my challenges with stress/anxiety and how I finally put on my big boy pants, dropped some misconceptions and decided to do something about it. Additionally, this episode contains references to:

7MS #417: Vulnerability Scanning Tips and Tricks
7 Minute Security
06/04/20 • 43 min
Today's episode is all about getting the most value out of your vulnerability scans, including:
- Why, IMHO you should only do credentialed scans
- Policy tweaks that will keep servers from tipping over and printers from printing novels of gibberish ;-)
- How to make your scan report more actionable and less unruly
- Turning up logging to 11 (use with caution!)
- A small tweak to an external scan policy that can result in the difference between a successful or failed scan
- The nessusd.rules file is awesome for excluding specific hosts and services from your scans

7MS #416: Pi-hole 5.0
7 Minute Security
05/28/20 • 35 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today we're talking about some of my favorite features of Pi-hole 5.0. Including:
- WARNING! WARNING! Upgrading from 4.x is a one-way operation!
- Per-client blocking (you can setup, for example, a group machines called "kids" and apply specific domain block/allow lists and domains to them)
- More granular detail (especially if there are issues) when blocklists get updated
- Better, richer debug log output
I also talk about a great companion for yor Pi-hole: a command-line Internet speed test! Hat tip to Javali over at the 7MS forums who told me about this.
Additionally, I briefly mention "Hashy" (the nickname of my password cracking rig), give you some stay-at-home streaming TV show recommendations, and give you a quick house rebuild update!

7MS #415: Cyber News
7 Minute Security
05/21/20 • 31 min
Today's episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week's interesting security news stories, how they might affect you, and what you can do to make you and your company more secure. This week's stories:
- Salt stack RCE ( Daily Swig / Cyber Scoop)
- Malware uses Corporate MDM as attack vector ( Checkpoint)
- Critical vulns in Sharefile ( Citrix)
- Shareholders sue Labcorp over their 'persistent' failure to secure data ( Cyberscoop)

7MS #414: Tales of Pentest Fail #4
7 Minute Security
05/14/20 • 64 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
Today I'm excited to share more tales of pentest FAIL with you. Today's tales include:
- Accidentally scanning assets that belong to an agency that nobody should be messing with
- Delivering reports with vulnerabilities from somebody else's network
- Why it's important to write a report more than 15 minutes before delivery
- Lessons learned from firing a disgruntled employee

7MS #413: PCI Professional Certification (PCIP) - Part 3
7 Minute Security
05/07/20 • 51 min
Hey everybody! I hope you're hanging in there during quarantine and staying healthy. Today is part 3 of our ongoing series all about becoming a PCIP. The good news is I'm finally, actually registered for the cert and have started diving into the training! So in today's episode I want to regurgitate some of what I'm learning to whet your appetite (or not) for this particular certification. Specifically, we cover:
- The overview and objectives for being a PCIP (TLDR: PCIP does NOT replace QSA or ISA, but gives us a good understanding of how to protect payment card data)
- How and why payment card data is leaked/stolen/breached - and then sold/monetized
- The definition of some fundamental PCI acronym soup, including PCI DSS, PA-DSS and P2PE

7MS #412: Tips for Working Safely and Securely From Home
7 Minute Security
05/01/20 • 45 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
In today's episode we share some tips for working more safely and securely from home, which for many of us is our new office for the foreseeable future! Specifically, we cover:
- Picking powerful passwords
- Locking down your wifi
- Defending your digital identity
- Protecting your PC
- Blocking icky stuff in your browser
- Composing careful conference calls
- Clicking links carefully
I've also made this episode available in long-form blog here. Please feel free to share with anybody you think could benefit from the info!

7MS #421: Cyber News - Verizon DBIR Edition
7 Minute Security
07/01/20 • 36 min
Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network!
I'm especially excited because today's episode marks two important 7MS firsts:
- The episode has been crafted by a professional podcast producer
- The episode has been transcribed by a professional transcription service
Show more

Show more
FAQ
How many episodes does 7 Minute Security have?
7 Minute Security currently has 573 episodes available.
What topics does 7 Minute Security cover?
The podcast is about News, Tech News, Podcasts and Technology.
What is the most popular episode on 7 Minute Security?
The episode title '7MS #420: Tales of Internal Pentest Pwnage - Part 17' is the most popular.
What is the average episode length on 7 Minute Security?
The average episode length on 7 Minute Security is 25 minutes.
How often are episodes of 7 Minute Security released?
Episodes of 7 Minute Security are typically released every 6 days, 17 hours.
When was the first episode of 7 Minute Security?
The first episode of 7 Minute Security was released on Feb 1, 2014.
Show more FAQ

Show more FAQ
Comments
0.0
out of 5
Rating
Review or comment on this podcast...
Post
External Reviews
Imported reviews from Apple Podcasts.
Generate a badge
Get a badge for your website that links back to this
Copy