7 Minute Security

7 Minute Security

A podcast where I audibly regurgitate what I'm learning about information security - in 7-minute chunks!... Show More

Episodes

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. This episode features cool things I'm learning about external pentesting. But first, some updates: My talk at Secure360 went really well. Only slightly #awkward thing is I f... Read more

Share
Mark as Played

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Yuss! It's true! Dave and Ryan are back! Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers. In this follow-up interview (which will be broken into a few parts), we talk through a red ... Read more

Share
Mark as Played

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today I take a walk (literally!), get chased by a dog (seriously!) and talk about impostor syndrome and feelings of self-loathing and doubt as I get ready to speak at Secure360 next week (insert wah-wah-waaaaaaahhhhhhh here). How do you deal with impostor syndrome? Personally, I'm finding some success in squas... Read more

Share
Mark as Played
May 3, 2019 26 min

Today we're talking about Logging Made Easy, a project that, as its name implies...makes Windows endpoint logging easy! I love it. It offers a simple, digestible walkthrough of several short "chapters" to get started. These chapters include: Chapter 1 - Set up Windows Event Forwarding Chapter 2 – Sysmon Install Chapter 3A – Database (Easy Method) Chapter 3B – Database (Manual Method) Chapter 4 - Post Install Actions Besides havi... Read more

Share
Mark as Played

This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. For more information, visit netwrix.com. In today's program we continue a series on fundamental Active Directory security that ... Read more

Share
Mark as Played

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a hardening standard and/or baseline. Specifically, I cover: NIST STIG for Windows 10 Heimdal Security - Windows 10 Hardening Guide Center for Internet Security's security benchmarks... Read more

Share
Mark as Played

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them: Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports w... Read more

Share
Mark as Played

Today I'm launching an ongoing series called 7MOIST. It stands for: 7 Minutes of IT and Security Tips The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long! I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right. Basically, this is my way of going old school and getting back my podcast "roots... Read more

Share
Mark as Played

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources talked about on today's podcast include: Forensics 101 - a talk I did for the 7MS user group in January The Digital Forensics Survival Podcast is a FANTASTIC resource to learn ... Read more

Share
Mark as Played
March 27, 2019 27 min

This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. In this episode, we talk about the Mousejacking attack, which allows someone with a crazy radio (or other similar device) to inject keystrokes into vulnerable keyb... Read more

Share
Mark as Played

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!): Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!) Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through pe... Read more

Share
Mark as Played

Buckle up! This is one of my favorite episodes. Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the "crown jewels" data, so I thought this would be a fun and informative narrative to share. Below are some highlights of topics/tools/techniques discussed: Building a pentest dropbox The timing is perfect - my pal Pa... Read more

Share
Mark as Played

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series. TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end. If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including: Doppelganger attacks - does your target have... Read more

Share
Mark as Played

Today's episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and enter code 7MS when completing your signup. In today's episode, I talk about how the level of Windows server/client logging out of the box is...not really awesome. I then look at how we can create a GPO that turns logging "up to 11" using some free tools and cheat sheets. If you want to simulate this in your own lab by building o... Read more

Share
Mark as Played

Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including: Fundamentals of threat hunting W... Read more

Share
Mark as Played

Today's featured interview is with Ameesh Divatia, cofounder and CEO at Baffle. Baffle offers an interesting approach to data protection that they call data-centric protection, and the idea is you need to protect information at the record level, not just the sort of traditional approach of "encrypt at rest" and call it good. Ameesh sat down with me to talk about a lot of high level data and security privacy concerns, specificall... Read more

Share
Mark as Played

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them... Read more

Share
Mark as Played
January 31, 2019 49 min

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them... Read more

Share
Mark as Played

WARNING: Today's episode is a bit of an experiment, and I hope you'll hang in there with me for it. I had the opportunity to do a week-long red team engagement, and so I recorded a little summary of the experience at the end of each day, and then pasted them all together to make today's episode. Listening back to the episode now, it sounds like I might belong on a funny farm. But I thought it would be fun to give you a first-han... Read more

Share
Mark as Played
January 16, 2019 22 min

Coming up on Tuesday, January 22 I'll be doing a Webinar with Netwrix called 4 Ways Your Organization Can Be Hacked. It features a Billy Madison theme and pits evil Eric Gordon against sysadmin Billy Madison. Hope you'll join us - it'll be fun! Today I'm pleased to welcome Amber Boone to the program! She is an awareness builder for a cybersecurity vendor (insert dramatic music!), and Amber was gracious enough to help me pilot a... Read more

Share
Mark as Played

Chat About 7 Minute Security

Popular Podcasts

The Ron Burgundy Podcast
The Ron Burgundy Podcast
Will Ferrell reprises his role as Ron Burgundy in his brand new Ron Burgundy Podcast! Each episode has a different theme in which Ron engages in conversation with another notable person on the topic at hand.
Atlanta Monster / Monster: The Zodiac Killer
Atlanta Monster / Monster: The Zodiac Killer
Atlanta Monster / Monster: The Zodiac KillerFrom Tenderfoot TV and HowStuffWorks, 'Monster: The Zodiac Killer' dives into one of the most notorious, unsolved serial killing sprees in history.
The Joe Rogan Experience
The Joe Rogan Experience
Joe Rogan's Weekly Podcast