Discover7 Minute Security
Claim Ownership
7 Minute Security
Author: Brian Johnson
Subscribed: 2,019Played: 22,481Subscribe
Share
© Brian Johnson
Description
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
653 Episodes
Reverse
Today we’ve got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored cherry on top is a tale of pentest pwnage that includes: Abusing SCCM Finding gold in SQL configuration/security audits
Hey friends, today we’re talking about tips to effectively present your technical assessment to a variety of audiences – from lovely IT and security nerds to C-levels, the board and beyond!
Today’s episode talks about some things that helped me get through a stressful and hospital-visit-filled Thanksgiving week, including: Journaling Meditation (An activity I’m ashamed of but has actually done wonders for my mental health)
Hey friends, we’ve got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate! There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!
Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here. Also, can’t get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log In the tangent department, I talk about a personal music project I’m resurrecting to help my community.
Today we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we’d like them to be)! It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit here. In other news, we’ve moved from Teachable to Coursestack, so if you’ve bought training/ebooks with us before, you should’ve received some emails from us last Friday and can access our new training portal here. (If you THINK you should’ve received enrollment emails from CourseStack and didn’t, drop us a line here.) In the tangent portion of our program, I give a health update on my mom and dad, and talk about some resources I’m exploring to reduce stress and anxiety after what has been a tough week for many of us.
Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.
Today we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).
Hey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment. Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task. The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano, who also was kind enough to publish a handout to accompany the presentation. And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA. More to come on XINTRA’s offering, but so far I’m very impressed!
Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.
Hey! I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!
Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.
Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion: VetSec Fortinet Veterans Program Immersive Labs Cyber Million FedVTE
Today we’re revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level. Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!
This was my favorite pentest tale of pwnage to date! There’s a lot to cover in this episode so I’m going to try and bullet out the TLDR version here: Sprinkled farmer files around the environment Found high-priv boxes with WebClient enabled Added “ghost” machine to the Active Directory (we’ll call it GHOSTY) RBCD attack to be able to impersonate a domain admin using the CIFS/SMB service against the victim system where some higher-priv users were sitting Use net.py to add myself to local admin on the victim host Find a vulnerable service to hijack and have run an evil, TGT-gathering Rubeus.exe – found that Credential Guard was cramping my style! Pulled the TGT from a host not protected with Credential Guard Figured out the stolen user’s account has some “write” privileges to a domain controller Use rbcd.py to delegate from GHOSTY and to the domain controller Request a TGT for GHOSTY Use getST.py to impersonate CIFS using a domain admin account on the domain controller (important thing here was to specify the DC by its FQDN, not just hostname) Final move: use the domain admin ccache file to leverage net.py and add myself to the Active Directory Administrators group
Today’s tale of pentest pwnage talks about the dark powers of the net.py script from impacket.
Today we’re talking pentesting – specifically some mini gems that can help you escalate local/domain/SQL privileges: Check the C: drive! If you get local admin and the system itself looks boring, check root of C – might have some interesting scripts or folders with tools that have creds in them. Also look at Look at Get-ScheduledTasks Find ids and passwords easily in Snaffler output with this Snaffler cleaner script There’s a ton of gold to (potentially) be found in SQL servers – check out my notes on using PowerUpSQL to find misconfigs and agent jobs you might able to abuse!
Hello friends, I’m excited to release BPATTY[RELOADED] into the world at https://bpatty.rocks! – which stands for Brian’s Pentesting and Technical Tips for You! It’s a knowledge base of IT and security bits that help me do a better job doing security stuff! Today I do an ACTUAL 7-minute episode (GASP…what a concept!) covering my favorite bits on the site so far. Enjoy!
Artificial hype alert! I’m working on a NEW version of BPATTY (Brian’s Pentesting and Technical Tips for You), but it is delayed because of a weird domain name hostage negotiation situation. It’s weird. But in the meantime I want to talk about the project (which is a pentest documentation library built on Docusaurus) and how I think it will be bigger/better/stronger/faster/cooler than BPATTY v1 (which is now in archive/read-only mode).
Today we’re talking about eating the security dog food – specifically: Satisfying critical security control #1 Using the Atlassian family of tools to create a ticketing/change control system and wrap it into an asset inventory Leveraging Wazuh as a security monitoring system (with eventual plans to leverage its API to feed Atlassian inventory data)
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
United States
volume its been very low since the last couple episodes it's clear but I'm having to raise the volume a lot