7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
…
continue reading
Career Hacker Academy Podcasts
If you’re looking to pivot into your next big role, make more impact, increase your salary, or break into a top tech company, this podcast is for you. Yannick Kpodar, a LinkedIn alum, was once a struggling business graduate who couldn’t find a job. Through trial and error, he learned the “secrets” to hacking the job hunt process and leapfrogging in his career. Since then, he’s been able to break into B2B Sales in a Fortune 100 company, pivot into Product Marketing at Linkedin in San Francisc ...
…
continue reading
Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!
…
continue reading
1
7MS #683: What I'm Working on This Week - Part 4
30:50
30:50
Play later
Play later
Lists
Like
Liked
30:50
This week I’m working on a mixed bag of fun security and marketing things: A pentest I’m stuck on My latest lab CTF obsession: Ninja Hacker Academy A cool “about 7MinSec” marketing video that was recorded in a pro studio!
…
continue reading
1
7MS #682: Securing Your Family During and After a Disaster – Part 7
30:59
30:59
Play later
Play later
Lists
Like
Liked
30:59
Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.…
…
continue reading
Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.…
…
continue reading
1
7MS #680: Tips for a Better Purple Team Experience
26:48
26:48
Play later
Play later
Lists
Like
Liked
26:48
Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context
…
continue reading
1
7MS #679: Tales of Pentest Pwnage – Part 73
30:12
30:12
Play later
Play later
Lists
Like
Liked
30:12
In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday. I also talk about Exegol’s licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).
…
continue reading
1
7MS #678: How to Succeed in Business Without Really Crying – Part 22
33:39
33:39
Play later
Play later
Lists
Like
Liked
33:39
Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!…
…
continue reading
1
7MS #677: That One Time I Was a Victim of a Supply Chain Attack
13:48
13:48
Play later
Play later
Lists
Like
Liked
13:48
Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!
…
continue reading
1
7MS #676: Tales of Pentest Pwnage – Part 72
59:34
59:34
Play later
Play later
Lists
Like
Liked
59:34
Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.
…
continue reading
Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!…
…
continue reading
1
7MS #674: Tales of Pentest Pwnage – Part 71
49:00
49:00
Play later
Play later
Lists
Like
Liked
49:00
Today’s tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustrat…
…
continue reading
Today we’re excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local ad…
…
continue reading
1
7MS #672: Tales of Pentest Pwnage – Part 70
55:07
55:07
Play later
Play later
Lists
Like
Liked
55:07
Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibe…
…
continue reading
Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hash…
…
continue reading
1
7MS #670: Adventures in Self-Hosting Security Services
36:48
36:48
Play later
Play later
Lists
Like
Liked
36:48
Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today’s episode with a short live video o…
…
continue reading
1
7MS #669: What I’m Working on This Week – Part 3
42:37
42:37
Play later
Play later
Lists
Like
Liked
42:37
Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week
…
continue reading
1
7MS #668: Tales of Pentest Pwnage – Part 69
30:22
30:22
Play later
Play later
Lists
Like
Liked
30:22
Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: da…
…
continue reading
