7 Minute Security

7 Minute Security

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

Episodes

May 20, 2022 57 min

Hey friends! Today's another swell tale of pentest pwnage, and it's probably my favorite one yet (again)! This tale involves resource based constrained delegation, which is just jolly good evil fun! Here are my quick notes for pwning things using RBCD:

# From non-domain joined machine, get a cmd.exe running in the context of a user with ownership rights over a victim system: runas /netonly /user:domain\some.user cmd.exe #...

Share
Mark as Played

Hey friends, today we're giving another peek behind the curtain of what it's like to run a cybersecurity consultancy. Topics include:

  • Setting the right communication cadence - and communication channels - with a customer during a pentest.

  • Tips for collaborating well with contractors so that the customer experience feels like "a single human pane of glass" (insert barf emoji here).

  • How we're using Intercom to ...

  • Share
    Mark as Played

    Hey friends, it's another fun tale of pentest pwnage today! This one talks about cool things you can do when you have full rights over an OU in Active Directory. Important links to review:

  • BloodHound edges
  • DACL Trouble: Generic All on OUs
  • AD prep bug in Windows Server 2016
  • Share
    Mark as Played
    Today we're pumped to share a featured interview with Amanda Berlin, Lead Incident Detection Engineer at Blumira. You might already be familiar with Amanda's awesome Defensive Security Handbook or fine work with Mental Health Hackers. We polled our Slack friends and structured this interview as an AAA (Ask Amanda Anything). That resulted in a really fun chat that covered many things technical and not technical! Questions we...
  • Share
    Mark as Played

    Today we're continuing a series we haven't done in a while (click here to see the whole series) all about building and deploying pentest dropboxes for customers. Specifically, we cover:

    Auto installing Splashtop This can be done automatically by downloading your splashtop.exe install and issuing this command:

    splashtop.exe prevercheck /s /i confirm_d=0,hidewindow=1,notray=0,req_perm=0,sec_opt=2

    Auto in...

    Share
    Mark as Played

    In today's episode I talk about a cool self-defense class I took a while ago which was all about less lethal methods of protecting/defending yourself. I also talk about some safer ways to handle/hide cash while traveling on vacation.

    Share
    Mark as Played
    Today we continue the series we started a few years ago called Security Your Family During and After a Disaster (the last part in this series was from a few years ago. In today's episode we focus on some additional things you should be thinking about to strengthen the "in case of emergency" document you share with your close friends and family.
    Share
    Mark as Played

    Welcome to another fun tale of pentest pwnage! This one isn't a telling of one single pentest, but a collection of helpful tips and tricks I've been using on a bunch of different tests lately. These tips include:

  • I'm seeing nmap scans get flagged a bit more from managed SOC services. Maybe a "quieter" nmap scan will help get enough ports to do a WitnessMe run, but still fly under the logging/alerting radar? Som...

  • Share
    Mark as Played

    Today we're joined by our friends Christopher Fielder and Jon Crotty from Arctic Wolf to talk about their interesting report on The State of Cybersecurity: 2022 Trends (note: you can get some of the report's key points here without needing to provide an email address). The three of us dig in to talk about some of the report's specific highlights, including:

  • Many orgs are running the bare minimum (or nothing!) for endpoi...
  • Share
    Mark as Played

    Today I'm sharing some first impressions of the Rapid 7 InsightIDR as kind of a teaser for an eventual new chapter in our Desperately Seeking a Super SIEM for SMBs series. Disclaimer: remember these are first impressions. There may be some missed detections I talk about today that are a me problem and not the technology. I hope to get to the root of those unresolved issues by the time I talk more formally about InsightIDR in a ...

    Share
    Mark as Played

    Today we're continuing our series focused on [owning a security consultancy], talking specifically about:

  • How not to give up on warm sales leads, even if they haven't panned out for 5+ years!

  • Some cool Mac tools that help me manage 7MS - such as Craft and OmniFocus

  • A sneak peek at a SIEM vendor that will soon be featured in an episode of Desperately Seeking a Super SIEM for SMBs

  •  
  • Share
    Mark as Played
    Today we share some first impressions of Tailscale, a service that advertises itself as "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere." Is it really that cool and easy? Listen to today's episode to find out!
    Share
    Mark as Played

    Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effective fake O365 portal, and being aware that some email systems may "pre-click" malicious links before users ever actually do.

    Share
    Mark as Played

    Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ShellcodePack.

    We were on a bunch of pentests recently where we needed to dump credentials out of memory. We usually skim this article and other dumping techniques, but this time nothing seemed to work. After some discussion with colleagues, we were pointed to nanodump, which I believe...

    Share
    Mark as Played
    Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't super awesome, "free" ways to get logging turned up to 11 (Microsoft's audit policy recommendationssysmonsysmon modular), as well as how to get better logging in hard-to-reach places like Kerberos. Be sure to also check out Blumira's resources on detecting K...
    Share
    Mark as Played
    Today's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always-under-construction list of things I try early in a pentest for maximum pwnage:
  • Run PingCastle
  • Do the SharpHound/BloodHound dumps
  • Run the DHCP poisoning module of Responder
  • Check the ms-DS-MachineAccountQuota value in the domain - if its at the default (10), then any user can add m...
  • Share
    Mark as Played
    Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert: I use Bettercap).
    Share
    Mark as Played

    Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobotAnd I'm sharing some fun tips to monitor your internal thingies as well - without the use of any extra agent software.

    Share
    Mark as Played

    Today's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup, and much easier to use (IMHO) than Cobalt Strike. I also talk specifically about some of my favorite command line features, how slick and simple lateral movement is, and the "killer feature" that makes me giggle like the bad guy from Sonic the Hedgehog.

    In the tangent department, Mrs. 7MS makes an appearance via ph...

    Share
    Mark as Played

    Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab from on-prem VMware ESXi to Azure. It has been a fun and frustrating process, but my hope is that some of the tips in today's episode will save you some time/headaches/money should you setup a pentesting training camp in the cloud.

    Things I like

  • No longer relying on a single poin...

  • Share
    Mark as Played

    Popular Podcasts

      Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

      Crime Junkie

      If you can never get enough true crime... Congratulations, you’ve found your people.

      Morbid: A True Crime Podcast

      It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.

      Stuff You Should Know

      If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.

      Sympathy Pains

      Hosted by Laura Beil (Dr. Death, Bad Batch), Sympathy Pains is a six-part series from Neon Hum Media and iHeartRadio. For 20 years, Sarah Delashmit told people around her that she had cancer, muscular dystrophy, and other illnesses. She used a wheelchair and posted selfies from a hospital bed. She told friends and coworkers she was trapped in abusive relationships, or that she was the mother of children who had died. It was all a con. Sympathy was both her great need and her powerful weapon. But unlike most scams, she didn’t want people’s money. She was after something far more valuable.

    Advertise With Us

    For You

      Music, radio and podcasts, all free. Listen online or download the iHeart App.

      Connect

      © 2022 iHeartMedia, Inc.