7MS #573: Securing Your Mental Health – Part 4
Today we're talking about reducing anxiety by hacking your mental health with these tips:
Using personal automation to text people important reminders
Using Remind to create a personal communication "class" with your family members
Using Smartsheet (not a sponsor) to create daily...
7MS #572: Protecting Your Domain Controllers with LDAP Firewall
https://youtube.com/watch?v=x9TWNl2oiVc
Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against SharpHound enumeration, LAPS password enumeration, and the noPac attack.
7MS #571: Simple Ways to Test Your SIEM – Part 2
Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit...
7MS #570: How to Build a Vulnerable Pentest Lab – Part 4
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
https://youtube.com/watch?v=1sgC8Bk7ggA
In today's episode we staged an...
7MS #569: Interview with Jim Simpson of Blumira
Today we're excited to share a featured interview with our new friend Jim Simpson, CEO of Blumira. Jim was in security before it was hip/cool/lucrative, working with a number of startups as well as some big names like...
7MS #568: Lets Play With the 2023 Local Administrator Password Solution!
https://youtube.com/watch?v=Gysf-385rok
Hey friends, today we're playing with the new (April 2023) version of Local Administrator Password Solution (LAPS). Now it's baked right into PowerShell and the AD Users and Tools console. It's awesome, it's a necessary blue team...
7MS #567: How to Build an Intentionally Vulnerable SQL Server
https://youtube.com/watch?v=dJYe_wqJIoA
Hey friends, today we're talking about building an intentionally vulnerable SQL server, and here are the key URLs/commands talked about in the episode:
Download SQL Server here
Install SQL via config .ini file
Or, install SQL via pure command line
Deploy SQL with...
7MS #566: Tales of Pentest Pwnage – Part 47
https://youtube.com/watch?v=6HMQdStLuj0
Ok, I know we say this every time, but it is true this time yet again: this is our favorite tale of pentest pwnage. It involves a path to DA we've never tried before, and introduced us to...
7MS #565: How to Simulate Ransomware with a Monkey
https://youtube.com/watch?v=hHUwmqGsJtA
Hey friends, today we talk through how to simulate ransomware (in a test environment!) using Infection Monkey. It's a cool way to show your team and execs just how quick and deadly an infection can be to your...
7MS #564: First Impressions of OVHcloud Hosted vCenter
Today we offer you some first impressions of OVHcloud and how we're seriously considering moving our Light Pentest LITE training class to it! TLDR:
It runs on vCenter, my first and only virtualization love!
Unlimited VM "powered on" time and...
7MS #563: Cracking and Mapping and Execing with CrackMapExec – Part 2
https://youtube.com/watch?v=ImQMd1dt1DE
Hey friends, today we're covering part 2 of our series all about cracking and mapping and execing with CrackMapExec. Specifically we cover:
# Enumerate where your user has local admin rights:
cme smb x.x.x.x/24 -u user -p password
# Set wdigest...
7MS #562: Cracking and Mapping and Execing with CrackMapExec
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
https://youtube.com/watch?v=cmpALy-wHgk
Hey friends, today we covered many...
7MS #561: Interview with Chris Furner of Blumira
Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today...
7MS #560: 7MOOCH – Dolphin Rides Are Done Dude
Hey friends, I took a mental health break this week and pre-podcasted this episode of a new series called 7MOOCH: 7 Minutes of Only Chuckles. In today's story, we unpack a situation in Hawaii that made me exclaim...
7MS: #559: Tales of Pentest Pwnage – Part 46
https://youtube.com/watch?v=WtW_kSQZmnQ
Ooooo giggidy! Today's episode is about a pentest pwnage path that is super fun and interesting, and I've now seen 3-4 times in the wild. Here are some notes from the audio/video that will help bring this...
Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine
Staff able to watch customers in the bathroom? Tick! Obviously shabby infosec? Tick! Training AI as an excuse for data retention? Tick! America's Federal Trade Commission has made Amazon a case study for every cautionary tale about how sloppily...
Ukraine war blurs lines between cyber-crims and state-sponsored attackers
This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
We need to refine and secure AI, not turn our backs on the technology
While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites
WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites.
The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
