7 Minute Security
19 FOLLOWERS
A weekly infosec podcast about pen-testing, blue teaming, and building a career in security.
7 Minute Security
2M ago
Today we talk about some business-y things like:
A pre first impressions opinion on Sysreptor
Why I'm not worried about AI replacing manual pentesting (yet)
My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects ..read more
7 Minute Security
2M ago
Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today:
Found the score board
Bullied the chatbot
Fired a DOM XSS
Located a confidential document
Gave the Juice Shop a devastating zero stars review
Fired a DOM XSS which played the OWASP Juice Shop Jingle ..read more
7 Minute Security
2M ago
Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024!
P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588.
Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024 ..read more
7 Minute Security
3M ago
Today we tease two upcoming tool releases (shooting for Q1, 2024):
TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, then alert you when the game actually starts!
EvilFortiAuthenticator - this tool will allow you to steal administrator API tokens from FortiAuthenticator which can lead to full compromise of the physical device.
Happy new ye ..read more
7 Minute Security
3M ago
Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in case one is compromised)? Got some ideas? Let me know please ..read more
7 Minute Security
3M ago
Today we're talkin' business! Specifically:
How to (gently) say "no" to (some) client projects
How to (politely) challenge end-of-year deadlines
An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma ..read more
7 Minute Security
3M ago
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers:
Why would you want to consider removing AD from your environment?
What are common items to plan for?
What steps should you take to efficiently plan a migration?
What common challenges or considerations will you face ..read more
7 Minute Security
4M ago
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox.
Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic with Netwrix called Hack the Hackers: Exploring ChatGPT and PentestGPT in Penetration Testing ..read more
7 Minute Security
4M ago
Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of:
BulletsPassView
MITMsmtp
mitmproxy ..read more
7 Minute Security
4M ago
Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I:
Find Eric's secret SSH back door
Locate and decrypt a hidden file with Billy's homework
Build wordlists with cewl
Save Billy from the evil clutches of Eric Gordon ..read more