7 Minute Security

7 Minute Security

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.... Show More

Episodes

October 14, 2020 39 min

Hello! This episode is a true homecoming in that I actually recorded it from home. Yay!

WARNING!!! WARNING!!! This episode contains a ton of singing. If you don't like singing, do not listen!!!

With that said, I wanted to follow up on part 1 and 2 of this series and share some additional cool tools that others have told me about in regards to securing and monitoring all your ioTs!

  • Home Assistant - is described on its Wikipedia...

  • Read more
    Share
    Mark as Played

    Hey, hope you're having a great week! The last few weeks have had somewhat of a homecoming and home cleaning theme. To continue that train of thought, over the last few days I've gotten heavy into cleaning up my cloud clutter - cloud services, email, file sharing, etc. - in an effort to be more secure and have a reduced digital footprint. Today's tips include:

  • Double-check that any device you have that supports full-d...

  • Read more
    Share
    Mark as Played

    Hi again! It's sort of fun to release two episodes in one week for a change. If you missed part 1 on our ioT security series, check it out here. Today we dive into some free/cheap monitoring solutions you can use to keep tabs on your ioT network (or any network, really):

  • Nagios - it's old school but gets the job done. This article helped me get it going on an RPi.

  • SolarWinds IP monitor - it was quick and easy to get up an...

  • Read more
    Share
    Mark as Played

    WE'RE HOME! After almost a year after our fire, we're back, baby!

    This episode is somewhat of a homecoming that dovetails into an episode about ioT security. I've basically done a 180 degree spin on ioT stuff. I now love the coolness and convenience of these things while simultaneously being terrified of the security risks. Is there a happy balance somewhere between the two? Maybe. Today we dive into ioT security, speci...

    Read more
    Share
    Mark as Played

    Hi! Today our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax has prepared some cyber-licious actionable news stories for us to chew on. Today's stories include:

  • Cybersecurity skills gap (powered by lack of career development!)

  • Which cyber jobs are hot - or not?

  • Mysterious wave of DDoS attacks

  • The Magecart threat group pwns thousands of ecommerce sites

  • On a parting note, don't forget to patch your DCs against ...

    Read more
    Share
    Mark as Played

    Yay! It's time for another tale of pentest pwnage! Highlights include:

  • Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds.

  • Why lsassy is my new best friend.

  • I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here's my script to quickly give Ubuntu a Kali-like flair:

  • sudo apt-get update sudo apt-get upgrade -...
    Read more
    Share
    Mark as Played

    Today we're talking business! We've got some exciting news and updates to share with you since we last did a "crying" episode last fall:

  • 7MS hired a VP of sales and marketing: Clyde Cooper!
  • We've added some new tools to our tools/services gist:
  • Having a true sales force for the first time has prompted us to invest in Salesforce. There are a few gotchas with signing up for a Salesforce trial and then migrating to ...
  • Read more
    Share
    Mark as Played
    September 2, 2020 56 min

    Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and you should definitely check out PlexTrac's upcoming Webinar about runbooks on September 9!). We also did a PlexTrac 101 Webinar with them recently!

    You may remember Dan from such podcasts as this one when we first talked to him in 2019. Dan and I have a lot in common in that we bo...

    Read more
    Share
    Mark as Played

    Hola! We're back again with our amigo Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include:

  • The Twitter hack that promised free Bitcoin for everybody - with good coverage by Krebs and Threatpost

  • Garmin's personal and painful experience with ransomware

  • Joe offers 7 tips any org can use to reduce their likelihood of getting...

  • Read more
    Share
    Mark as Played

    Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits:

  • My understanding is that in order for mitm6 relay attacks to work against DCs, those DCs have to have LDAPS config'd properly. Use nmap -sV -p646 name.of.domain.controller to verify this (thanks this site for the tip!)

  • PowerView is awesome when used with Find-InterestingDomainShareFile to find interesting fi...

  • Read more
    Share
    Mark as Played

    Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discuss a slew of additional hot security topics, including:

    Misconfigured cloud databases

  • Why is this such a common issue, and how can we address it?
  • Wait wait wait...I just spun up a machine in Azure, AWS, Digital Ocean, etc. Isn't it secure because....it's the cloud?
  • What to...
  • Read more
    Share
    Mark as Played

    This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

    First and foremost, I have to say that 7 Minute Security's official stance on toads is that nobody should be licking them at any time, for any reason. Also, I can neither confirm no...

    Read more
    Share
    Mark as Played

    Today's episode is all about creating and deploying your own pentest dropbox! In part 1 I talked about some "gotchas" but this time around I'm ready to dump a whole slug of specific and updated tips on ya! Below are the tips covered in this episode that are better read than said:

    For the Windows VM
  • Turn on RDP with PowerShell:
  • Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-n...
  • Read more
    Share
    Mark as Played

    Hello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include:

  • Hackers are trying to steal admin passwords from F5 devices
  • Secret service reports increase in hacked MSPs
  • Most Popular Home Routers Have ‘Critical’ Flaws
  • "Sigred" DNS vulnerability in Microsoft DNS
  • Share
    Mark as Played

    This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin). The key takeaways I want to share from these tests are as follows:

  • Responder.py -i eth0 -rPv is AWESOME. It can make the network rain hashes like manna from heaven!
  • Testing the egress firewall is easy with this script. Consider this SANS article for guidance on ports to lock down.
  • Test...
  • Read more
    Share
    Mark as Played

    SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](https://safepass.me/?7ms422 for more details, and tell them 7 Minute Security sent you to get a 10% discount!

    Today's episode continues the work we started in episode #419. We talk about the importance of having a good foundation of security documentation - including a reading out...

    Read more
    Share
    Mark as Played

    Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better defend your network!

    I'm especially excited because today's episode marks two important 7MS firsts:

  • The episode has been crafted by a professional podcast producer
  • The episode has been transcribed by a professional transcription service
  • Share
    Mark as Played

    Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (Time to Domain Admin) was maybe my fastest ever.

    I had to actually roll a fresh Kali VM to upload to the customer site, and I learned (the hard way) to make that VM disk as lean as possible. I got away with a 15 gig drive, and the OS+tools+updates took up about 12 gig.

    One ...

    Read more
    Share
    Mark as Played

    Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to clients about the importance of having a good security program, but didn't have one of their own! I'm trying to break that pattern now that I'm in a position to lead an information security program for 7MS.

    In today's episode we talk about getting your company sta...

    Read more
    Share
    Mark as Played

    SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

    Today's episode is all about mental health! I talk about some of my challenges with stress/anxiety and how I finally put on my big boy pants, dropped some misconceptions and decided to do something abo...

    Read more
    Share
    Mark as Played

    Chat About 7 Minute Security

    Popular Podcasts

    Crime Junkie
    Stuff You Should Know
    Stuff You Should Know
    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.
    Dateline NBC
    Dateline NBC
    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
      Music, radio and podcasts, all free. Listen online or download the iHeartRadio App.

      Connect

      © 2020 iHeartMedia, Inc.