Best This Week In Infosec Podcasts (2025)

1
7.15 - Trust Me, at Least This Week! 38:39

6h ago38:39

38:39

Let's Encrypt now offers certificates with 6-day lifetimes but what does that mean for the commercial TLS trust anchor world? On this episode of Security Noise, Geoff and Skyler are joined by Principal Security Consultant Justin Bollinger to discuss new options for certificate lifetimes and the implications of the new maximum ages, good and bad. Ab…

1
7MS #672: Tales of Pentest Pwnage – Part 70 55:07

3d ago55:07

55:07

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibe…

1
Episode 213 - The So Many Technical Issues Episode 52:06

3d ago52:06

52:06

This week in InfoSec (10:26) With content liberated from the “today in infosec” twitter account and further afield 1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion". https://x.com/todayininfosec/status/1907094503552336134 1st April 2004: The now ubiquitous Gmail service is launched as an invitation-o…

1
#43 Grind Now, Relax Later: The Harsh Reality of Breaking Into Cybersecurity ft. Matthew Younker (Zumi Yumi) 34:29

5d ago34:29

34:29

In this episode of The Hacker’s Cache, Matthew Younker (aka Zumi Yumi) shares the raw truth about what it really took to break into offensive security, working full time, going to college, and grinding for OSCP with almost zero rest. He opens up about the unhealthy sacrifices he made, why OSWA was harder than OSCP, and how his journey from Army haz…

1
7MS #671: Pentesting GOAD 25:18

10d ago25:18

25:18

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hash…

1
#42 Certifications, College, or Bootcamps — What’s Worth It in Cybersecurity? ft. Channa Rajaratne 39:31

12d ago39:31

39:31

In this episode, Channa Rajaratne joins me to unpack one of the most common questions in cybersecurity: should you go after certifications, a college degree, or a bootcamp? We break down the pros and cons of each, share personal experiences, and talk about which path actually helped us get hired. Channa also shares his take on underrated skills lik…

1
7.14 - SOC Market: Trends in Threat Detection 43:13

14d ago43:13

43:13

In this episode of Security Noise, Geoff and Skyler talk with IR Practice Lead Carlos Perez and Security Consultant Zach Bevilacqua about the world of security operations. They discuss current trends, the role of AI, challenges with traditional SIEM tools, and the value of proper logging and monitoring configurations. How important are proactive me…

1
7MS #670: Adventures in Self-Hosting Security Services 36:48

17d ago36:48

36:48

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today’s episode with a short live video o…

1
7MS #669: What I’m Working on This Week – Part 3 42:37

24d ago42:37

42:37

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

1
#41 How to Actually Become a Great Pentester 38:25

26d ago38:25

38:25

What separates a good pentester from a great one? It’s not just about popping shells or passing certs. In this solo episode, I break down the real-world skills that actually matter. Technical, non-technical, and everything in between. I share hard lessons from the field, my thoughts on being well-rounded vs. specialized, and why communication, clie…

1
7MS #668: Tales of Pentest Pwnage – Part 69 30:22

1M ago30:22

30:22

Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: da…

1
#40 Proof You Don’t Need a Degree to Succeed in Cybersecurity ft. Zach Winchester 39:37

1M ago39:37

39:37

In this episode of The Hacker’s Cache, Kyser Clark and Zach Winchester talk about breaking into cybersecurity without a college degree and why it’s not the dealbreaker people think it is. You’ll hear a real-world story of going from firewall configs to full-time pentesting with just an OSCP and hands-on experience. We also get into hardware hacking…

1
7.13 - Oops I Clicked It Again: Business Email Compromise Explained 30:46

1M ago30:46

30:46

How has email security evolved over the years? What challenges do organizations face in protecting against sophisticated phishing attacks? Find out on this episode of Security Noise! Business Email Compromise (BEC) attacks are becoming increasingly common and sophisticated. In this episode, Geoff and Skyler speak with Incident Response Security Con…

1
7MS #667: Pentesting GOAD SCCM - Part 2! 28:52

1M ago28:52

28:52

Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1!) tackling GOAD SCCM again! Spoiler alert: this time we get DA! YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resou…

1
#39 Q&A: Struggling with Burnout? Here’s Why It Might Be a Good Thing 39:15

1M ago39:15

39:15

Burnout sucks, but what if it's actually a sign of growth? In this episode of The Hacker’s Cache, I break down why burnout isn’t always the enemy and how pushing yourself to the limit can actually make you better. Just like lifting weights to failure builds muscle, hitting burnout and recovering makes you mentally stronger. I’ll share my own experi…

1
7MS #666: Tales of Pentest Pwnage – Part 68 45:35

2M ago45:35

45:35

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!…

1
#38 Fired or Freed? Turning a Cybersecurity Layoff into Your Next Big Break w Justin Mahon 39:17

2M ago39:17

39:17

Getting laid off can feel like the end of the road, but what if it’s actually the beginning of something bigger? In this episode of The Hacker’s Cache, Justin Mahon shares his journey from military IT to offensive security, including how he bounced back after a cybersecurity layoff and landed in a better position than before. We break down the real…

1
7MS #665: What I'm Working on This Week - Part 2 28:49

2M ago28:49

28:49

Hello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords

1
7.12 - CactusCon: A Succulent Security Event 25:22

2M ago25:22

25:22

In this episode, Geoff and Skyler talk with TrustedSec Security Consultants Whitney Phillips and Justin Bollinger about their recent presentations and experiences at CactusCon in Mesa, Arizona. Justin delves deep into the complexities surrounding the Common Vulnerabilities and Exposures (CVE) identification process and bug bounty programs, highligh…

1
#37 He Hacked for 1000 Days Straight: Here’s How It Landed Him a Cybersecurity Job ft. Constantinos Kaplanis 24:59

2M ago24:59

24:59

In this episode of The Hacker’s Cache, I sit down with Constantinos Kaplanis, a senior penetration tester who took an unconventional path into cybersecurity. With no prior IT experience, he grinded his way into the field—applying to 500 jobs, enduring countless rejections, and proving his skills through sheer persistence. One of his biggest accompl…

1
Episode 222 - The Disappearing Episodes Episode 46:44

2M ago46:44

46:44

This week in InfoSec (11:22) With content liberated from the “today in infosec” twitter account and further afield 27th February 2002: Timothy Allen Lloyd was sentenced to 41 months in prison for activating a logic bomb at Omega Engineering, 20 days after being fired as a network administrator. https://x.com/todayininfosec/status/189525558888147402…

1
7MS #664: What I’m Working on This Week 25:38

2M ago25:38

25:38

In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality…

1
#36 The OSCP Won’t Save You ft. Tyler Ramsbey 44:55

2M ago44:55

44:55

Many aspiring penetration testers believe that earning the OSCP is the ultimate proof of their skills—but what happens when they step into a real-world engagement? In this episode of The Hacker’s Cache, Tyler Ramsbey joins me to break down the hard truth about OSCP, the gaps it leaves in real-world pentesting, and why experience always outweighs ce…

1
7MS #663: Pentesting GOAD SCCM 29:41

2M ago29:41

29:41

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager! Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

1
7.11 - Time Is Running Out For TikTok 35:53

2M ago35:53

35:53

It's time to talk about TikTok! On this episode of Security Noise, Geoff and Skyler speak with Senior Security Consultants Kelsey Segrue and Travis Kaun about algorithms, data security, and how we got to where we are today with the popular Chinese-owned app. They also discuss other Chinese technologies and devices that you may want to keep an eye o…

1
#35 Q&A: The Harsh Truth: You NEED to Code for Cybersecurity Mastery 36:04

2M ago36:04

36:04

If you want to be an expert in cybersecurity, coding isn’t optional—it’s essential. In this Q&A episode of The Hacker’s Cache, I break down why learning to code separates the entry-level professionals from the true experts and how AI is shifting the skills needed in offensive security. I also dive into the different career paths available after lan…

1
7MS #662: Pentesting Potatoes - Part 2 37:39

2M ago37:39

37:39

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise). I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building…

1
#34 Why Top Pentesters Make More Money (Most Ignore This Skill) ft. Spencer Alessi 43:58

3M ago43:58

43:58

Kyser Clark sits down with senior penetration tester Spencer Alessi to discuss a skill that separates top-tier pentesters from the rest—client communication. While technical prowess is essential, Spencer shares how clear, proactive communication can make or break a pentest engagement, impact client trust, and even determine career growth. They also…

1
7MS #661: Baby’s First Hetzner and Ludus – Part 2 37:53

3M ago37:53

37:53

Today we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range! Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – y…

1
#33 Are Cybersecurity Bootcamps a Scam? ft. Keith Coleman 40:04

3M ago40:04

40:04

Are cybersecurity bootcamps worth the hefty price tag, or are they just another overhyped shortcut to nowhere? In this episode of The Hacker’s Cache, I sit down with Keith Coleman, a seasoned cybersecurity professional with experience in pentesting, security engineering, DevSecOps, and more. We break down the true value of bootcamps, why many gradu…

1
7.10 - Authentication in 2025 37:13

3M ago37:13

37:13

In this episode of Security Noise, Geoff and Skyler are joined by two TrustedSec experts, Security Consultant Edwin David and Principal Security Consultant Justin Bollinger, to talk about the evolution of authentication and what it looks like in 2025. We discuss passwordless authentication, multi-factor authentication (MFA), and the implications of…

1
7MS #660: Baby's First Hetzner and Ludus 34:34

3M ago34:34

34:34

I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives). Once I got past that, though, I got my first taste of the amazing world of Ludus.cloud, where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it. Can’t say enough good t…

1
#32 From Physical Security to Penetration Testing: Paul Nieto III's Journey 41:22

3M ago41:22

41:22

Kyser Clark is joined by Paul Nieto, a seasoned penetration tester with over 22 years of experience spanning physical and cybersecurity. Paul shares his journey from physical security to offensive security, detailing how his curiosity and drive for challenges led to a successful career pivot. They discuss the importance of networking, the debate be…

1
7MS #659: Eating the Security Dog Food - Part 8 28:29

3M ago28:29

28:29

Today I’m excited about some tools/automation I’ve been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for “last update” changes using a basic Python script…

1
#31 Q&A: Are Tech Giants Planning to Replace Us with AI? 31:57

3M ago31:57

31:57

Kyser Clark dives into the growing role of AI in the tech industry and its potential to replace mid-level professionals. Inspired by comments from tech leaders like Mark Zuckerberg, we explore why companies are investing heavily in AI, how it could reshape the middle-class job market, and what it means for cybersecurity professionals. Kyser shares …

1
7MS #658: WPA3 Downgrade Attacks 32:58

3M ago32:58

32:58

Hey friends, today we cover: The shiny new 7MinSec Club BPATTY updates A talk-through of the WPA3 downgrade attack, complemented by the YouTube livestream

1
7.9 - User Enum CONversation w/ nyxgeek 27:34

3M ago27:34

27:34

In this episode, Geoff and Skyler are joined by TrustedSec's Force Cloud Security Practice Lead @nyxgeek to talk about his findings after 3 years of user enumeration in Azure! He also dives into techniques and the implications of "presence data" in Microsoft Teams. We get a preview of his conference talks at (the now past) Shmoocon and HackCon, whi…

1
#30 Uncovering a $200M Fraud Ring with David Taxer 43:00

3M ago43:00

43:00

David Taxer, a cybersecurity expert with over 12 years of experience, shares the incredible story of uncovering a $200 million fraud ring disguised under a major corporation. Learn how his unique background in SEO and intelligence helped him expose insider threats and fraudulent schemes, as well as the challenges he faced as a whistleblower. This e…

1
7MS #657: Writing Rad Security Documentation with Retype 20:36

4M ago20:36

20:36

Hello friends! Today we’re talking about a neat and quick-to-setup documentation service called Retype. In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus, but I think Retype definitely gives it a run for its mo…

1
#29 InfoSec Pat’s Journey From Network Engineer to Cyber Mentor: 41:40

4M ago41:40

41:40

Kyser Clark interviews Patrick Gorman, also known as InfoSec Pat, a seasoned cybersecurity professional with over 23 years of experience. They discuss the importance of certifications in the cybersecurity field, the challenges of retaining knowledge, and the journey of creating educational content on YouTube. Pat shares insights on his motivations …

1
7MS #656: How to Succeed in Business Without Really Crying - Part 21 45:01

4M ago45:01

45:01

Happy new year friends! Today we talk about business/personal resolutions, including: New year’s resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident…

1
#28 Outwork the Competition: Winning the Cybersecurity Career Game 28:03

4M ago28:03

28:03

In this episode, Kyser Clark discusses the competitive landscape of cybersecurity, emphasizing the importance of culture fit, the reality of job openings, and how to stand out in a crowded field. He highlights the necessity of hard work, continuous learning, and the value of soft skills in securing a position. Additionally, he addresses the misconc…

1
7MS #655: Happy Hacking Holidays 58:08

4M ago58:08

58:08

Today we’re doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with cursor.ai, and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy. Links discussed today: AWUS036ACH wifi card (not my favorite anymore) Panda PAU09 N600 (love this one!) The very important Gith…

1
#27 Red Team Reality: Building the Hacker's Edge ft. Mike Ortiz 45:31

4M ago45:31

45:31

In this conversation, Mike Ortiz discusses various aspects of cybersecurity, focusing on the importance of curiosity, the dynamics between red and blue teams, and the transition into red teaming. He emphasizes the need for collaboration between teams and the significance of understanding the foundational roles in cybersecurity. Mike also shares his…

1
7.8 - Farewell 2024 47:00

4M ago47:00

47:00

Find out what's in Security Noise 2024 Wrapped in this special year-end episode! Is AI being used to shape public perceptions and military strategies? Are we living in a simulation or is this all one big PsyOp? Geoff and Skyler are joined by IR Practice Lead and Director of Security Intelligence Carlos Perez to discuss how cybersecurity has evolved…

1
#26 Q&A: The Certification Everyone Asks For (Is It Overrated?) 27:44

4M ago27:44

27:44

In this Q&A episode, Kyser Clark addresses various questions related to cybersecurity certifications, focusing on the relevance of CISSP in 2025, the comparison between CPTS and OSCP, and the role of OSCP as a gatekeeper certification. He also discusses the value of TCM and INE certifications and provides insights on the time investment required fo…

1
7MS #654: Tales of Pentest Pwnage – Part 67 41:50

5M ago41:50

41:50

Today we’ve got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored che…

1
#25 Beyond Compliance: How Hackers Think and What Companies Miss ft. Albert Corzo 41:12

5M ago41:12

41:12

Kyser Clark engages with cybersecurity expert Albert Corzo, who shares his extensive experience in ethical hacking, bug bounty programs, and the importance of certifications in the field. Albert discusses his past experiences, including hacking the U.S. government, and emphasizes the need for understanding cybercrime and threat actors to better pro…

1
Episode 211 - The Last of the Year Episode 51:19

5M ago51:19

51:19

This week in InfoSec (11:10) With content liberated from the “today in infosec” twitter account and further afield 4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised re…

1
7MS #653: How to Succeed in Business Without Really Crying – Part 20 49:59

5M ago49:59

49:59

Hey friends, today we’re talking about tips to effectively present your technical assessment to a variety of audiences – from lovely IT and security nerds to C-levels, the board and beyond!

Podcasts Worth a Listen

This Week In Infosec Podcasts

Podcasts Worth a Listen

Quick Reference Guide