7 Minute Security

https://youtube.com/watch?v=VYUeNZYRfrw Today my Paul and I continued hacking Billy Madison (see part one here) and learned some interesting things: You can fuzz a URL with a specific file type using a format like this: wfuzz -c -z file,/root/Desktop/wordlist.txt --hc 404 http://x.x.x.x/FUZZ.cap To...

https://youtube.com/watch?v=E1uwq52zXnQ In today's tale of pentest pwnage we talk about: The importance of local admin and how access to even one server might mean instant, full control over their backup or virtualization infrastructure Copying files via WinRM when copying over SMB is...

https://youtube.com/watch?v=cCiYKgF_tF8 Today Amanda Berlin from Blumira teaches us how to unlock the power of Sysmon so we can gain insight into the good, bad and ugly things happening on our corporate endpoints!  Key takeaways:Sysmon turns your windows logging up to...

https://youtube.com/watch?v=mb_hUOGVaWY Today my pal Paul from Project7 and I hack the heck out of Billy Madison a vulnerable virtual machine that is celebrating its 7th anniversary this month!

https://youtube.com/watch?v=eQIBnIz2Mgo Today, sadly, might be the last episode of DIY pentest dropbox tips for a while because I found (well, ChatGPT did actually) the missing link to 100% automate a Kali Linux install! Check episode #449 for more info...

https://youtube.com/watch?v=0rppW3PCG3Y Hey friends, today I'm super excited to share I found the missing link! Specifically, the missing piece that now allows me to create fully automated Windows 10 installs that serve as virtual pentest jumpboxes. Here are the...

In today's tale of pwnage, we'll talk about how domain trusts can be dangerous because they have...well...trust issues.

https://youtube.com/watch?v=0Wi52Cxat4Y Today we talk about crafting cool cred-capturing phishing campaigns with Caddy server! Here's a quick set of install commands for Ubuntu: sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt'...

https://youtube.com/watch?v=P4wXGKiSXvE Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck. This one-liner will literally get Wazuh installed in about 5 minutes: curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh...

https://youtube.com/watch?v=J-slqoogLQw (Sorry, I don't know how to count. The video says it's pwnage part 48, but it's actually part 49) Oooo, giggidy! Today's tale of pentest pwnage is about pwning vCenter with CVE-2021-44228 - a vulnerability that lets us...

https://youtube.com/watch?v=2jqtE0SYFZ0 Today me and my pal Paul from Project7 did a live hacking session and finally got the Callahan Auto brake pad Web app back online! Hopefully you enjoyed this hacking series. The feedback has been great, so...

https://youtube.com/watch?v=32oBdqtEEPI Hey friends, today we're continuing our series on pwning the Tommy Boy VM on VulnHub VM! P.S. did you miss part one? Check it out on YouTube. Joe "The Machine" Skeen and I had a blast...

Today I'm excited to share a featured interview with our new friend Mike Toole of Blumira. We talk about all things EDR, including: How does it differ from something like Windows Defender? What things do I need to keep in...

Holy schnikes - this episode is actually 7 minutes long! What a concept! Anyway, today I give you a couple tips that have helped me pwn some internal networks the last few weeks, including: Getting a second (and third?) opinion...

Hey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! The tools covered today include: PHP-HTTP-TARPIT A tool to confuse and waste...