Wednesday, April 24, 2019
7 minute security

7MS #359: Windows 10 Security Baselining

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping...
7 minute security

7MS #358: 4 Ways to Write a Better Pentest Report

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last...
7 minute security

7MS #357: 7 Minutes of IT and Security Tips

Today I'm launching an ongoing series called 7MOIST. It stands for: 7 Minutes of IT and Security Tips The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long! I know, I know! You're saying, "Wait a sec, bub, isn't...
7 minute security

7MS #356: Faster Hard Drive Forensics with CyLR and CDQR

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more...
7 minute security

7MS #355: Mousejacking!

This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to...
7 minute security

7MS #354: Tales of Internal Pentest Pwnage – Part 2

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!): Got DA but can't get...
7 minute security

7MS #353: Tales of Internal Pentest Pwnage – Part 1

Buckle up! This is one of my favorite episodes. Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin...
7 minute security

7MS #352: Recap of Rad Red Team Training

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series. TLDR and TLDL (too long don't listen): go take this training. Please. ...
7 minute security

7MS #351: Turn Windows Logging up to 11

Today's episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and enter code 7MS when completing your signup. In today's episode, I talk about how the level of Windows server/client logging...
7 minute security

7MS #350: Interview with Lewie Wilkinson of Pondurance

Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype...
7 minute security

7MS #349: Interview with Ameesh Divatia of Baffle

Today's featured interview is with Ameesh Divatia, cofounder and CEO at Baffle. Baffle offers an interesting approach to data protection that they call data-centric protection, and the idea is you need to protect information at the record level,...
7 minute security

7MS #348: Cell Phone Security for Tweenagers

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password...
7 minute security

7MS #347: Happy 5th Birthday to 7MS

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password...
7 minute security

7MS #346: Baby’s First Red Team Engagement

WARNING: Today's episode is a bit of an experiment, and I hope you'll hang in there with me for it. I had the opportunity to do a week-long red team engagement, and so I recorded a little summary of the...
7 minute security

7MS #345: Interview with Amber Boone

Coming up on Tuesday, January 22 I'll be doing a Webinar with Netwrix called 4 Ways Your Organization Can Be Hacked. It features a Billy Madison theme and pits evil Eric Gordon against sysadmin Billy Madison. Hope...

Stuxnet Family Tree Grows

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
ZDNet

Another dark web marketplace bites the dust –Wall Street Market

Two major dark web marketplaces for buying illegal products shut down in the span of a month.

Google File Cabinet Plays Host to Malware Payloads

Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.

Demonstration Showcase Brings DevOps to Interop19

Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
isBuzz

What Home Buying Can Teach Us About Continuous Monitoring

Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...