7 Minute Security
Technology Podcasts
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Location:
United States
Genres:
Technology Podcasts
Description:
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Language:
English
Website:
https://7ms.us/
Episodes
7MS #626: Web Pentesting Pastiche
5/31/2024
Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about:
Burp Suite EnterpriseCaidowfuzzwfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc 200 “https://somedomain.com/shopping?&qty=%2FUZZ” -p 10.0.7.11:8080KNOXSShttps://github.com/xnl-h4ck3r/knoxnl In the tangent dept, I moan about how I hate some things about Proxmox but am also starting to love it.
In the tangent #2 department, I talk about tinnitus and acupuncture!
Duration:00:50:10
7MS #625: A Peek into the 7MS Mail Bag - Part 4
5/24/2024
Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag! Today’s questions include:
Spoiler: no – I’m interested in doing the XINTRA labs (not sure if it includes a cert)
Duration:00:44:00
7MS #624: Tales of Pentest Pwnage – Part 57
5/17/2024
Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off. But I didn’t want today’s episode to just be “Hey friends, check out the YouTube version of this attack!” so I also cover:
firstBurp Enterpriseall these steps
Duration:00:29:04
7MS #623: Prelude to a Tale of Pentest Pwnage
5/10/2024
Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to 7minsec.com to see the notes in all their glory.
Duration:00:24:52
7MS #622: Migrating from vCenter to Proxmox - Part 1
5/5/2024
Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increase; not OVH’s fault). Now we’re exploring Proxmox as an alternative hypervisor, so we’re using today’s episode to kick off a series about the joys and pains of this migration process.
Duration:00:16:31
7MS #621: Eating the Security Dog Food - Part 6
4/26/2024
Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about:
Duration:00:23:37
7MS #620: Securing Your Mental Health - Part 5
4/21/2024
Today we’re talking about tips to deal with stress and anxiety:
take breaks
Duration:00:22:54
7MS #619: Tales of Pentest Pwnage – Part 56
4/14/2024
We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests:
Farmer.searchConnector-msmatrixthisthat
Duration:00:07:02
7MS #618: Writing Savage Pentest Reports with Sysreptor
4/5/2024
Today’s episode is all about writing reports in Sysreptor. It’s awesome! Main takeaways:
reptor Python moduleonly
Duration:00:38:30
7MS #617: Tales of Pentest Pwnage – Part 55
3/29/2024
Hey friends, today we’ve got a tale of pentest pwnage that covers:
cached credentialsMisconfiguration ManagerThe First Cred is the Deepest – Part 2sccmhunter
Duration:00:36:19
7MS #616: Interview with Andrew Morris of GreyNoise
3/22/2024
Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about:
Duration:00:59:04
7MS #615: Tales of Pentest Pwnage – Part 54
3/19/2024
Hey friends, sorry I’m so late with this (er, last) week’s episode but I’m back! Today is more of a prep for tales of pentest pwnage, but topics covered include:
snafflin
Duration:00:21:48
7MS #614: How to Succeed in Business Without Really Crying - Part 16
3/8/2024
Netwrix Connectannoying
Duration:00:36:21
7MS #613: Tales of Pentest Pwnage – Part 53
3/1/2024
Today’s tale of pentest covers:
Farmingunderstand trusted zonesSnafflingStealing Kerberos tickets
Duration:00:33:24
7MS #612: Pentestatonix - Part 2
2/25/2024
Hello friends, we’re still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we’ve been learning along the way:
SnafflerPowerHuntSharesGroup3rFarmer
Duration:00:32:23
7MS #611: Pentestatonix
2/19/2024
Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagements:
GraphRunnerpasswordPowerUpSQLdeeeefffffinitely Invoke-SQLAudit -Verbose
Duration:00:34:03
7MS #610: DIY Pentest Dropbox Tips – Part 9
2/9/2024
Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL:
bad Kali metapackageisolinux > txt.cfgtxt.cfg
Duration:00:20:25
7MS #609: First Impressions of Sysreptor
2/2/2024
Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. It is easy to stand up with Docker, has built-in MFA and a great hybrid WYSIWYG/code editor. The only scary part? There is no export to Word (insert suspenseful music here!) - your reports just go right to PDF, friends! The killer feature for us, though, is the ability to create reports from the command line and send files, notes and findings to Sysreptor automagically!
Duration:00:30:51
7MS #608: New Tool Release - EvilFortiAuthenticator
1/26/2024
Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party:
EvilFortiAuthenticatorFortiAuthenticatorBulletsPassViewFortinet's documentationmaintenance modeMITMsmtpTCMLobbyBBQnothing
Duration:00:43:46
7MS #607: How to Succeed in Business Without Really Crying - Part 15
1/19/2024
Today we talk about some business-y things like:
A pre first impressions opinion on Sysreptor
Why I'm not worried about AI replacing manual pentesting (yet)
My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects
Duration:00:39:54