7MS #607: How to Succeed in Business Without Really Crying - Part 15
7 Minute Security
by Brian Johnson
2M ago
Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects ..read more
Visit website
7MS #606: Hacking OWASP Juice Shop (2024 edition)
7 Minute Security
by Brian Johnson
2M ago
Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today: Found the score board Bullied the chatbot Fired a DOM XSS Located a confidential document Gave the Juice Shop a devastating zero stars review Fired a DOM XSS which played the OWASP Juice Shop Jingle ..read more
Visit website
7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira
7 Minute Security
by Brian Johnson
2M ago
Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024 ..read more
Visit website
7MS #604: A Two Tool Teaser
7 Minute Security
by Brian Johnson
3M ago
Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, then alert you when the game actually starts! EvilFortiAuthenticator - this tool will allow you to steal administrator API tokens from FortiAuthenticator which can lead to full compromise of the physical device. Happy new ye ..read more
Visit website
7MS #603: Monitoring Your Tailscale Network with Uptime Kuma
7 Minute Security
by Brian Johnson
3M ago
Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in case one is compromised)? Got some ideas? Let me know please ..read more
Visit website
7MS #602: How to Succeed in Business Without Really Crying - Part 14
7 Minute Security
by Brian Johnson
3M ago
Today we're talkin' business! Specifically: How to (gently) say "no" to (some) client projects How to (politely) challenge end-of-year deadlines An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma ..read more
Visit website
7MS #601: Breaking Up With Active Directory
7 Minute Security
by Brian Johnson
3M ago
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers: Why would you want to consider removing AD from your environment? What are common items to plan for? What steps should you take to efficiently plan a migration? What common challenges or considerations will you face ..read more
Visit website
7MS #600: First Impressions of Using AI on Penetration Tests
7 Minute Security
by Brian Johnson
4M ago
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic with Netwrix called Hack the Hackers: Exploring ChatGPT and PentestGPT in Penetration Testing ..read more
Visit website
7MS #599: Baby's First Responsible Disclosure
7 Minute Security
by Brian Johnson
4M ago
Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of: BulletsPassView MITMsmtp mitmproxy ..read more
Visit website
7MS #598: Hacking Billy Madison - Part 4
7 Minute Security
by Brian Johnson
4M ago
Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I: Find Eric's secret SSH back door Locate and decrypt a hidden file with Billy's homework Build wordlists with cewl Save Billy from the evil clutches of Eric Gordon ..read more
Visit website

Follow 7 Minute Security on FeedSpot

Continue with Google
Continue with Apple
OR