Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
30 subscribers
Checked 6d ago
Added six years ago
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to 7 Minute Security
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/all-about-change">All About Change</a></span>
How do we build an inclusive world? Hear intimate and in-depth conversations with changemakers on disability rights, youth mental health advocacy, prison reform, grassroots activism, and more. First-hand stories about activism, change, and courage from people who are changing the world: from how a teen mom became the Planned Parenthood CEO, to NBA player Kevin Love on mental health in professional sports, to Beetlejuice actress Geena Davis on Hollywood’s role in women’s rights. All About Change is hosted by Jay Ruderman, whose life’s work is seeking social justice and inclusion for people with disabilities worldwide. Join Jay as he interviews iconic guests who have gone through adversity and harnessed their experiences to better the world. This show ultimately offers the message of hope that we need to keep going. All About Change is a production of the Ruderman Family Foundation. Listen and subscribe to All About Change wherever you get podcasts. https://allaboutchangepodcast.com/
7MS #669: What I’m Working on This Week – Part 3
Manage episode 475225898 series 2540717
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Hi friends, in this edition of what I’m working on this week:
- 3 pulse-pounding pentests that had…problems
- Something I’m calling the unshadow/reshadow credentials attack
- Heads-up on a new video experiment I’m going to try next week
671 episodes
Share
Manage episode 475225898 series 2540717
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Hi friends, in this edition of what I’m working on this week:
- 3 pulse-pounding pentests that had…problems
- Something I’m calling the unshadow/reshadow credentials attack
- Heads-up on a new video experiment I’m going to try next week
671 episodes
All episodes
×
1 7MS #672: Tales of Pentest Pwnage – Part 70 55:07
55:07 
Play Later 
Play Later 
Lists 
Like 
Liked55:07
Play Later Play Later Lists Like LikedToday’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.…
Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory) . In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat…
1 7MS #670: Adventures in Self-Hosting Security Services 36:48
36:48 Play Later Play Later Lists Like Liked36:48
Play Later Play Later Lists Like LikedHi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip . By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today’s episode with a short live video over at 7MinSec.club .…
1 7MS #669: What I’m Working on This Week – Part 3 42:37
42:37 Play Later Play Later Lists Like Liked42:37
Play Later Play Later Lists Like LikedHi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week
1 7MS #668: Tales of Pentest Pwnage – Part 69 30:22
30:22 Play Later Play Later Lists Like Liked30:22
Play Later Play Later Lists Like LikedHola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post…
Hey friends, our good buddy Joe “The Machine” Skeen and I are back this week with part 2 (check out part 1 !) tackling GOAD SCCM again! Spoiler alert: this time we get DA! YAY! Definitely check out these handy SCCM resources to help you – whether it be in the lab or IRL (in real life): GOAD SCCM walkthrough MisconfigurationManager – tremendous resource for enumerating/attacking/privesc-ing within SCCM This gist from Adam Chester will help you decrypt SCCM creds stored in SQL…
1 7MS #666: Tales of Pentest Pwnage – Part 68 45:35
45:35 Play Later Play Later Lists Like Liked45:35
Play Later Play Later Lists Like LikedToday we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRM ing!…
1 7MS #665: What I'm Working on This Week - Part 2 28:49
28:49 Play Later Play Later Lists Like Liked28:49
Play Later Play Later Lists Like LikedHello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords
In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality…
Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager ! Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin
Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise). I talk about what a blast I'm having hunting APTs in XINTRA LABS , and two cool tools I'm building with the help of Cursor : A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler -captured files to zero in even closer on interesting things such as usernames and passwords in clear text.…
1 7MS #661: Baby’s First Hetzner and Ludus – Part 2 37:53
37:53 Play Later Play Later Lists Like Liked37:53
Play Later Play Later Lists Like LikedToday we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range! Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – you can get a version of pxethief that runs in Linux !…
I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives). Once I got past that , though, I got my first taste of the amazing world of Ludus.cloud , where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it. Can’t say enough good things about Ludus.cloud, but I certainly tried in this episode!…
1 7MS #659: Eating the Security Dog Food - Part 8 28:29
28:29 Play Later Play Later Lists Like Liked28:29
Play Later Play Later Lists Like LikedToday I’m excited about some tools/automation I’ve been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for “last update” changes using a basic Python script…
Hey friends, today we cover: The shiny new 7MinSec Club BPATTY updates A talk-through of the WPA3 downgrade attack, complemented by the YouTube livestream
7
7 Minute Security
1 7MS #657: Writing Rad Security Documentation with Retype 20:36
20:36 Play Later Play Later Lists Like Liked20:36
Play Later Play Later Lists Like LikedHello friends! Today we’re talking about a neat and quick-to-setup documentation service called Retype . In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately. I still absolutely love Docusaurus , but I think Retype definitely gives it a run for its money.…
7
7 Minute Security
1 7MS #656: How to Succeed in Business Without Really Crying - Part 21 45:01
45:01 Play Later Play Later Lists Like Liked45:01
Play Later Play Later Lists Like LikedHappy new year friends! Today we talk about business/personal resolutions, including: New year’s resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident…
7
7 Minute Security
Today we’re doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with cursor.ai , and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy. Links discussed today: AWUS036ACH wifi card (not my favorite anymore) Panda PAU09 N600 (love this one!) The very important Github issue that helped me better understand BPFs and WPA3 attacks TrustedSec article on WPA3 downgrade attacks…
7
7 Minute Security
1 7MS #654: Tales of Pentest Pwnage – Part 67 41:50
41:50 Play Later Play Later Lists Like Liked41:50
Play Later Play Later Lists Like LikedToday we’ve got some super cool stuff to cover today! First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored cherry on top is a tale of pentest pwnage that includes: Abusing SCCM Finding gold in SQL configuration/security audits…
7
7 Minute Security
1 7MS #653: How to Succeed in Business Without Really Crying – Part 20 49:59
49:59 Play Later Play Later Lists Like Liked49:59
Play Later Play Later Lists Like LikedHey friends, today we’re talking about tips to effectively present your technical assessment to a variety of audiences – from lovely IT and security nerds to C-levels, the board and beyond!
7
7 Minute Security
1 7MS #652: Securing Your Mental Health - Part 6 41:52
41:52 Play Later Play Later Lists Like Liked41:52
Play Later Play Later Lists Like LikedToday’s episode talks about some things that helped me get through a stressful and hospital-visit-filled Thanksgiving week, including: Journaling Meditation (An activity I’m ashamed of but has actually done wonders for my mental health)
7
7 Minute Security
1 7MS #651: Tales of Pentest Pwnage – Part 66 31:07
31:07 Play Later Play Later Lists Like Liked31:07
Play Later Play Later Lists Like LikedHey friends, we’ve got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate! There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!…
7
7 Minute Security
1 7MS #650: Tales of Pentest Pwnage - Part 65 53:40
53:40 Play Later Play Later Lists Like Liked53:40
Play Later Play Later Lists Like LikedOooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest! I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here . Also, can’t get Rubeus monitor mode to capture TGTs to the registry? Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log In the tangent department, I talk about a personal music project I’m resurrecting to help my community.…
7
7 Minute Security
1 7MS #649: First Impressions of Twingate 1:12:12
1:12:12 Play Later Play Later Lists Like Liked1:12:12
Play Later Play Later Lists Like LikedToday we take a look at a zero-trust / ditch-your-VPN solution called Twingate (not a sponsor but we’d like them to be)! It also doubles nicely as a primary or backup connection for your DIY pentest dropboxes which we’ve talked about quite a bit here . In other news, we’ve moved from Teachable to Coursestack, so if you’ve bought training/ebooks with us before, you should’ve received some emails from us last Friday and can access our new training portal here . (If you THINK you should’ve received enrollment emails from CourseStack and didn’t, drop us a line here .) In the tangent portion of our program, I give a health update on my mom and dad, and talk about some resources I’m exploring to reduce stress and anxiety after what has been a tough week for many of us.…
7
7 Minute Security
Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.
7
7 Minute Security
1 7MS #647: How to Succeed in Business Without Really Crying – Part 19 22:23
22:23 Play Later Play Later Lists Like Liked22:23
Play Later Play Later Lists Like LikedToday we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).
7
7 Minute Security
1 7MS #646: Baby’s First Incident Response with Velociraptor 16:15
16:15 Play Later Play Later Lists Like Liked16:15
Play Later Play Later Lists Like LikedHey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor , a very cool (and free!) tool to find evil in your environment. Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task. The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano , who also was kind enough to publish a handout to accompany the presentation. And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA . More to come on XINTRA’s offering, but so far I’m very impressed!…
7
7 Minute Security
1 7MS #645: How to Succeed in Business Without Really Crying - Part 18 31:02
31:02 Play Later Play Later Lists Like Liked31:02
Play Later Play Later Lists Like LikedToday I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor , ponder drowning myself in blue team knowledge with XINTRA LABS , and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.
7
7 Minute Security
1 7MS #644: Tales of Pentest Pwnage – Part 64 41:09
41:09 Play Later Play Later Lists Like Liked41:09
Play Later Play Later Lists Like LikedHey! I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!…
7
7 Minute Security
1 7MS #643: DIY Pentest Dropbox Tips – Part 11 26:40
26:40 Play Later Play Later Lists Like Liked26:40
Play Later Play Later Lists Like LikedToday we continue where we left off in episode 641 , but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to 7 Minute Security
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
