Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increa

7MS #621: Eating the Security Dog Food - Part 6

14 days ago 23m 37s

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about: We’re going to get a third-party assessment on 7MinSec (the business) Tips for secure emai

7MS #620: Securing Your Mental Health - Part 5

18 days ago 22m 54s

Today we’re talking about tips to deal with stress and anxiety: It sounds basic, but take breaks – and take them in a different place (don’t just stay in the office and do more screen/doom-scrolling) I’ve never gotten to a place in my workload

7MS #619: Tales of Pentest Pwnage – Part 56

25 days ago 7m 2s

We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create “trap” files that coerce authentication, I’ve found way bett

7MS #618: Writing Savage Pentest Reports with Sysreptor

Apr 5th, 2024 38m 30s

Today’s episode is all about writing reports in Sysreptor. It’s awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module W

7MS #617: Tales of Pentest Pwnage – Part 55

Mar 29th, 2024 36m 19s

Hey friends, today we’ve got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say

7MS #616: Interview with Andrew Morris of GreyNoise

Mar 22nd, 2024 59m 4s

Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about: Young Andrew’s early adventures in hacking his school’s infrastructure (note: don’t try this at home, kids!) Meeting a pe

7MS #615: Tales of Pentest Pwnage – Part 54

Mar 19th, 2024 21m 48s

Hey friends, sorry I’m so late with this (er, last) week’s episode but I’m back! Today is more of a prep for tales of pentest pwnage, but topics covered include: Make sure when you’re snafflin‘ that you check for encrypted/obfuscated logins a

7MS #614: How to Succeed in Business Without Really Crying - Part 16

Mar 8th, 2024 36m 21s

How much fun I had attending and speaking at Netwrix Connect Being a sales guy in conference situations without being an annoying sales guy in conference situations A recap of the talk I co-presented about high profile breaches and lessons we

7MS #613: Tales of Pentest Pwnage – Part 53

Mar 1st, 2024 33m 24s

Today’s tale of pentest covers: Farming for credentials (don’t forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus

7MS #612: Pentestatonix - Part 2

Feb 25th, 2024 32m 23s

Hello friends, we’re still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we’ve been learning along the way: Snaffler – pairs nicely with PowerHuntShares to find juicy tidbits within file/folder shares

7MS #611: Pentestatonix

Feb 19th, 2024 34m 3s

Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagemen

7MS #610: DIY Pentest Dropbox Tips – Part 9

Feb 9th, 2024 20m 25s

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL: The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files,

7MS #609: First Impressions of Sysreptor

Feb 2nd, 2024 30m 51s

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike

7MS #608: New Tool Release - EvilFortiAuthenticator

Jan 26th, 2024 43m 46s

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subse

7MS #607: How to Succeed in Business Without Really Crying - Part 15

Jan 19th, 2024 39m 54s

Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-o

7MS #606: Hacking OWASP Juice Shop (2024 edition)

Jan 12th, 2024 29m 51s

Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We g

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

Jan 5th, 2024 58m 1s

Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure t

7MS #604: A Two Tool Teaser

Jan 2nd, 2024 26m 4s

Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to tak

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

Dec 24th, 2023 28m 22s

Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscal

7MS #602: How to Succeed in Business Without Really Crying - Part 14

Dec 15th, 2023 44m 35s

Today we're talkin' business! Specifically: How to (gently) say "no" to (some) client projects How to (politely) challenge end-of-year deadlines An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in fa

7MS #601: Breaking Up With Active Directory

Dec 11th, 2023 27m 54s

Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers: Why would you want to consider removing AD from your

7MS #600: First Impressions of Using AI on Penetration Tests

Dec 1st, 2023 22m 39s

Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI replace pentesters as we know them today? I

7MS #599: Baby's First Responsible Disclosure

Nov 25th, 2023 38m 36s

Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into th

7MS #598: Hacking Billy Madison - Part 4

Nov 17th, 2023 24m 43s

Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I: Find Eric's secret SSH back door Locate and decrypt a hidden file with