7 Minute Security

Mar 29, 2024

Hey friends, today we’ve got a tale of pentest pwnage that covers:

• Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)!
• Making sure you go after cached...

Mar 22, 2024

Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share.  Andrew chatted with us about:

• Young Andrew’s early adventures in hacking his school’s infrastructure (note: don’t try this at home, kids!)
• Meeting a pentester for the first time, and getting his first pentesting...

Mar 19, 2024

Hey friends, sorry I’m so late with this (er, last) week’s episode but I’m back!  Today is more of a prep for tales of pentest pwnage, but topics covered include:

• Make sure when you’re snafflin‘ that you check for encrypted/obfuscated logins and login strings – it might not be too tough to decrypt them!
• On...

Mar 8, 2024

• How much fun I had attending and speaking at Netwrix Connect
• Being a sales guy in conference situations without being an annoying sales guy in conference situations
• A recap of the talk I co-presented about high profile breaches and lessons we can learn from...

Mar 1, 2024

Today’s tale of pentest covers:

• Farming for credentials (don’t forget to understand trusted zones to make this happen properly!)
• Snaffling for juice file shares
• Stealing Kerberos tickets...