7 Minute Security Brian Johnson

Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available.  To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increase; not OVH’s fault).  Now we’re exploring Proxmox as an alternative hypervisor, so we’re using today’s episode to kick off a series about the joys and pains of this migration process.

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus!  Specifically we talk about:
We’re going to get a third-party assessment on 7MinSec (the business) Tips for secure email backup/storage Limiting the retention of sensitive data you store in cloud places

Today we’re talking about tips to deal with stress and anxiety:
It sounds basic, but take breaks – and take them in a different place (don’t just stay in the office and do more screen/doom-scrolling) I’ve never gotten to a place in my workload where I go “Ahhh, all caught up!” so I should stop striving to hit that invisible goal. Chiropractic and back massages have done wonders for the tightness in my neck and shoulders For me, video games where you punch and kick things relieves stress as well (including a specific game that’s definitely not for kids!)

We did something crazy today and recorded an episode that was 7 minutes long!  Today we talk about some things that have helped us out in recent pentests:
When using Farmer to create “trap” files that coerce authentication, I’ve found way better results using Windows Search Connectors (.searchConnector-ms) files This matrix of “can I relay this to that” has been super helpful, especially early in engagements

Today’s episode is all about writing reports in Sysreptor.  It’s awesome!  Main takeaways:
The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module Warning: Sysreptor only exports to PDF (no Word version option!) Sysreptor has helped us write reports faster without sacrificing quality

Hey friends, today we’ve got a tale of pentest pwnage that covers:
Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)! Making sure you go after cached credentials Attacking SCCM – Misconfiguration Manager is an absolute gem to read, and The First Cred is the Deepest – Part 2 with Gabriel Prud’homme is an absolute gem to see.  Also, check out sccmhunter for all your SCCM pwnage needs.