7 Minute Security

Hello friends.  Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota.  I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters.  And for those of you asking for a good org to support here in Minnesota, please support Haven Watch.  They give rides/food to people who are detained by ICE and then cut loose – often without their jackets or phones – into the cold of winter with no ride home. Today I pivot more into the technical weeds and offer some tips on: Securing your Signal app config Hardening your iPhone config via lockdown mode

Hello friends, it's good to be back with you.  I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge.  Today I share how my family and community has been affected by it.  And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper – such as tightening up security settings on apps you use, "hardening" your phone, increasing your personal security/privacy posture, and more.

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club.  It's a temporary break, so please don't unsubscribe, unfollow, etc.  I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this.  If you have security projects going on with us now (or want to in the future), nothing has changed there.  It's business as usual. Looking forward to reconnecting with you and providing more updates as soon as possible.

Hey friends, in episode #649 I gave you my first impressions of Twingate.  It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes.  Also, don't forget: Our pentest class is coming up at the end of the month – more info here. We do a Tuesday TOOLSday video every Tuesday over at 7MinSec Club.

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you.  You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share.  So I thought I'd keep this momentum up and share another story of fail with you – this time about a Web app pentest that went south.

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com.  Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the 7MinSec Club episode we did on the topic this week. Also, our January Light Pentest LITE:GOAD class is open for registration here!

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing campaign that had plenty of "bites" but got immediately shut down – for reasons I still don't understand.

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a persistent remote access method Writing a Proxmox post-deployment script that installs Splashtop on the Windows VM, and resets the admin passwords on both VMs, all from the Proxmox SSH console without touching the console on either VM If you feel some of this is better seen than said, on this week's 7MinSec.club Tuesday TOOLSday broadcast we show this in more detail.

Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pentesting puppet!  Muahahahahaah!!!!  Also: This week over at 7MinSec.club we looked at how to defend against some common SQL attacks We're very close to offering our brand new LPLITE:GOAD 3-day pentest course (likely in mid-January). It will get announced on 7MinSec.club first, so please make sure you're subscribed there (it's free!) Did you miss our talk called Should You Hire AI Run Your Next Pentest?  Check it out on YouTube!

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor is it an anti-AI bashing.  Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.

Hello friends!  This week I'm talking about what I'm working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium. Playing with Lithnet AD password protection (I will show this live on next week's Tuesday TOOLSday). The Light Pentest logo contest has a winner!

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time! The topic of today's episode is Pretender (which you can download here and read a lot more about here).  The tool authors explain the motivation behind the tool: "We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of mitm6 and only the name resolution spoofing portion of Responder." On a recent pentest, I used Pretender's "dry run" mode to find a hostname (that didn't exist) that a ton of machines were querying for, and poisoned requests just for that host.  This type of targeted poisoning snagged me some helpful hashes that I was able to crack/relay, all while minimizing the risk of broader network disruption!

Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/testing backups and restores Ensuring your auto coverage is up to snuff

Today I give a quick review of the cloud version of ProjectDiscovery (not a sponsor!).

Today your pal and mine Joe “The Machine” Skeen pwn one of the two Ninja Hacker Academy domains!  This pwnage included: Swiping service tickets in the name of high-priv users Dumping secrets from wmorkstations Disabling AV Extracting hashes of gMSA accounts We didn’t get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind.  Going forward, I’m thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish.  My first thought would be to do one long livestream where we complete NHA start to finish.  Would you be interested?  Let me know at 7MinSec.club, as I’m thinking this could be an interesting piece of bonus content.

In today’s episode: I got a new podcast doodad I really like JitBit as a security ticketing system (not a sponsor) The Threat Hunting with Velociraptor 2-day training was great.  Highly recommend.  I got inspired to take this class after watching the 1-hour primer here.

Today’s tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don’t do this in prod…read this!) Don’t forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at 7MinSec.club!

Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as well.

This week your pal and mine Joe “The Machine” Skeen kept picking away at pwning Ninja Hacker Academy.  To review where we’ve been in parts 1 and 2: We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU We useddacledit.py to give ourselves too much permission on the Computers OU Today we: Did an RBCD attack against the WEB box Requested a service ticket to give us local admin superpowers on WEB Performed a secretsdump against WEB Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could’ve just done the mimikatz dump because I had local admin access!  Oh well, we’ll pick things up again during part 4 next month!)