Preview Mode Links will not work in preview mode

7 Minute Security

May 31, 2024

Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about:

  • Burp Suite Enterprise
  • Caido – a lightweight alternative to Burp
  • wfuzz – Web fuzzer.  Using a proxy:wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc...

May 24, 2024

Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag!  Today’s questions include:

  • How do you price internal network penetration tests?
  • Have you ever had to deal with a difficult client...

May 17, 2024

Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off.  But I didn’t want today’s episode to just be “Hey friends, check out the...

May 10, 2024

Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation).  The show notes don't format well here in the podcast notes, so head to to see the notes in all their glory.

May 5, 2024

Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available.  To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increase; not OVH’s fault).  Now we’re exploring Proxmox as an alternative...