7 Minute Security
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Episodes
Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as well.
This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy. To review where we’ve been in parts 1 and 2:
- We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info
- From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU
- We used
dacledit.pyto gi...
Happy Friday! Today’s another hot pile of pentest pwnage. To make it easy on myself I’m going to share the whole narrative that I wrote up for someone else:
I was on a pentest where a DA account would sweep the networks every few minutes over SMB and hit my box. But SMB signing was on literally everywhere. The fine folks here recommended I try relaying to something NOT SMB, like MSSQL. This article had good context on that: https:/...
Holy schnikes, today might be my favorite tale of pentest pwnage ever. Do I say that almost every episode? yes. Do I mean it? Yes. Here are all the commands/links to supplement today’s episode:
Today’s tale of pentest pwnage is a classic case of “If your head is buried in the pentest sand, pop it out for a while, touch grass, and re-enumerate what you’ve already enumerated, because that can lead to absolute GOLD!”
Hello friends! Today your friend and mine, Joe “The Machine” Skeen joins me as we keep chipping away at pwning Ninja Hacker Academy! Today’s pwnage includes:
- “Upgrading” our Sliver C2 connection to a full system shell using PrintSpoofer!
- Abusing nanodump to do an lsass minidump….and find our first cred.
- Analyzing BloodHound data to find (and own) excessive permissions against Active Directory objects
Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very carefully so that every student can pwn it while also not breaking the domain for everybody else. I also talk about how three different flavors of AI failed me in solving a simple task.
Hi friends, we’re doing something today we haven’t done in a hot minute: take a dip into the 7MinSec mail bag! Today we cover these questions:
Oh man, I’m so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.
Today’s kind of a “story time with your friend Brian” episode: a tale of how my neighbor almost got scammed out of $13k. The story has a lot of red flags we can all keep in mind to keep ourselves (as well as kids/friends/parents/etc.) safer from these types of shenanigans.
Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!
This week I’m working on a mixed bag of fun security and marketing things:
- A pentest I’m stuck on
- My latest lab CTF obsession: Ninja Hacker Academy
- A cool “about 7MinSec” marketing video that was recorded in a pro studio!
Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore:
- Living will
- Buried vs. cremated?
- Funeral plans
- Funeral PHOTOS?
I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.
Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.
Today I share some tips on creating a better purple team experience for your customers, including:
- Setting up communication channels and cadence
- Giving a heads-up on highs/criticals during testing (not waiting until report time)
- Where appropriate, record videos of attacks to give them more context
In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday. I also talk about Exegol’s licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including:
- Knowing your audience before you touch PowerPoint
- Understanding your presentation physical hookups and presentation surfaces
- A different way to screen-share via Teams that makes resolution/smoothness way better!
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.
Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering:
- SQL link abuse between two domains
- Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local!
Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!
Popular Podcasts
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The official podcast of comedian Joe Rogan.
If you eat, sleep, and breathe true crime, TRUE CRIME TONIGHT is serving up your nightly fix. Five nights a week, KT STUDIOS & iHEART RADIO invite listeners to pull up a seat for an unfiltered look at the biggest cases making headlines, celebrity scandals, and the trials everyone is watching. With a mix of expert analysis, hot takes, and listener call-ins, TRUE CRIME TONIGHT goes beyond the headlines to uncover the twists, turns, and unanswered questions that keep us all obsessed—because, at TRUE CRIME TONIGHT, there’s a seat for everyone. Whether breaking down crime scene forensics, scrutinizing serial killers, or debating the most binge-worthy true crime docs, True Crime Tonight is the fresh, fast-paced, and slightly addictive home for true crime lovers.
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.