7 Minute Security
Episodes
7MS #509: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 4
23 Feb 2022
Contributed by Lukas
Today we revisit our phishing series with a few important updates that help us run our campaigns more smoothly, such as creating a simple but effect...
7MS #508: Tales of Pentest Pwnage - Part 33
18 Feb 2022
Contributed by Lukas
Hey friends! We have another fun test of pentest pwnage to share with you today, which is kind of tossed in a blender with some first impressions of ...
7MS #507: Interview with Matthew Warner of Blumira
09 Feb 2022
Contributed by Lukas
Today's featured interview is with Matthew Warner, CTO and co-founder of Blumira. We had a great chat about why out-of-the-box Windows logging isn't ...
7MS #506: Tales of Pentest Pwnage - Part 32
03 Feb 2022
Contributed by Lukas
Today's my favorite tale of pentest pwnage (again)! This time we're talking about sAMAccountName spoofing specifically. We also talk about my always...
7MS #505: Pwning Wifi PSKs and PMKIDs with Bettercap
28 Jan 2022
Contributed by Lukas
Hey friends, today I talk about the old school way I used to pwn wifi networks, then a more modern way, and then my new favorite way (spoiler alert:...
7MS #504: Monitoring All Your Cloud Thingies with UptimeRobot
20 Jan 2022
Contributed by Lukas
Hey friends, today we're talking about how to monitor all your cloud thingies (Web servers, mail servers, etc.) with UptimeRobot. And I'm sharing s...
7MS #503: First Impressions of Brute Ratel
12 Jan 2022
Contributed by Lukas
Today's episode is all about Brute Ratel, a command and control center that is super cool, quick to setup, and much easier to use (IMHO) than Cobalt...
7MS #502: Building a Pentest Lab in Azure
05 Jan 2022
Contributed by Lukas
Happy new year friends! Today I share the good, bad, ugly, and BROKEN things I've come across while migrating our Light Pentest LITE training lab fr...
7MS #501: Tales of Pentest Pwnage - Part 31
29 Dec 2021
Contributed by Lukas
Today we're closing down 2021 with a tale of pentest pwnage - this time with a path to DA I had never had a chance to abuse before: Active Directory C...
7MS #500: Interview with John Strand
22 Dec 2021
Contributed by Lukas
HAPPY 500 EPISODES, FRIENDS! That's right, 7MS turned 5-0-0 today, and so we asked John Strand of Black Hills Information Security to join us and ta...
7MS #499: Desperately Seeking a Super SIEM for SMBs - Part 6
16 Dec 2021
Contributed by Lukas
Today we have some cool updates on this SIEM-focused series we've been doing for a while. Specifically, I want to share that one of these solutions ca...
7MS #498: Securing Your Mental Health - Part 2
13 Dec 2021
Contributed by Lukas
Hi everybody, today we're continuing a series we started way back in June called Securing Your Mental Health. Today I talk about some easy and relat...
7MS #497: The Stress and Satisfaction of Offering Live Security Training
02 Dec 2021
Contributed by Lukas
Hey friends, today I'm giving you a peek behind the curtain of our Light Pentest LITE training to talk about the software/hardware we use to make it...
7MS #496: Tales of Pentest Pwnage - Part 30
24 Nov 2021
Contributed by Lukas
Today's tale of pentesting has a bunch of tips to help you maximize your pwnage, including: The new Responder DHCP poisoning module All the cool bel...
7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5
17 Nov 2021
Contributed by Lukas
Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very h...
7MS #494: Interview with Josh Burnham of Liquid Web
10 Nov 2021
Contributed by Lukas
7MS #493: 7MOIST - Part 2
04 Nov 2021
Contributed by Lukas
Hey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back w...
7MS #492: Tales of Pentest Pwnage - Part 29
28 Oct 2021
Contributed by Lukas
Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pen...
7MS #491: Interview with Louis Evans of Arctic Wolf
20 Oct 2021
Contributed by Lukas
Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it...
7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4
13 Oct 2021
Contributed by Lukas
Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then ta...
7MS #489: Ping Castle
06 Oct 2021
Contributed by Lukas
Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and ide...
7MS #488: How to Succeed in Business Without Really Crying - Part 10
29 Sep 2021
Contributed by Lukas
Today we continue our series focused on building a security consultancy and talk about: A phishing campaign that went off the rails, and lessons le...
7MS #487: Light Pentest eBook Announcement!
28 Sep 2021
Contributed by Lukas
Hey friends! Today I've got some exciting personal/professional news to share: our Light Pentest eBook - which is a practical, step-by-step playbook...
7MS #486: Interview with Matt Quammen of Blue Team Alpha
22 Sep 2021
Contributed by Lukas
Today our good buddy Joe Skeen and I virtually sit down with Matt Quammen of Blue Team Alpha to talk about all things incident response! Topics co...
7MS #485: Interview with Christopher Fielder
15 Sep 2021
Contributed by Lukas
Today our friend Christopher Fielder from Arctic Wolf is back for an interview four-peat! We had a great chat about making sense of vendor alphabet...
7MS #484: Desperately Seeking a Super SIEM for SMBs - Part 3
08 Sep 2021
Contributed by Lukas
Today we're continuing our series called Desperately Seeking a Super SIEM for SMBs - this time with a focus on a new contender in our bake-off: Perch...
7MS #483: Desperately Seeking a Super SIEM for SMBs - Part 2
01 Sep 2021
Contributed by Lukas
Today we continue our series we started recently (part 1 is here about finding a super SIEM for SMBs. Specifically I have some updates on (and frust...
7MS #482: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 3
26 Aug 2021
Contributed by Lukas
Today we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital b...
7MS #481: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 2
19 Aug 2021
Contributed by Lukas
Today we're revisiting how to make a kick-butt cred-capturing phishing campaign with Gophish, Amazon Lightsail, LetsEncrypt, ExpiredDomains.net a...
7MS #480: Desperately Seeking a Super SIEM for SMBs
12 Aug 2021
Contributed by Lukas
Today we're talking about the SIEM bake-off for SMBs that we've recently embarked on. We're currently evaluating several solutions - either for custom...
7MS #479: A Prelude to PwnTown
06 Aug 2021
Contributed by Lukas
Hey friends, today we're talking about a new security training offering 7MinSec has created called Light Pentest LITE - Live Interactive Training Exp...
7MS #478: Password Cracking in the Cloud - Part 4
29 Jul 2021
Contributed by Lukas
Hey friends, today we're continuing our discussion of password cracking by sharing some methodology that has helped us get a high cred yield, and some...
7MS #477: Cobalt Strike for Newbs
21 Jul 2021
Contributed by Lukas
Today we're talking about Cobalt Strike for newbs - including how to get it up and running, as well as some tools that will help you generate beacons ...
7MS #476: Tales of Pentest Pwnage - Part 28
16 Jul 2021
Contributed by Lukas
**STOP!** If you didn't listen to [last week's episode](https://7ms.us/7ms-475-tales-of-internal-network-pentest-pwnage-part-27/) you might want to, s...
7MS #475: Tales of Internal Network Pentest Pwnage - Part 27
08 Jul 2021
Contributed by Lukas
Yeahhhhhh! Today's another fun tale of pentest pwnage, including: The importance of starting your pentest with an AD account that actually has acces...
7MS #474: Password Cracking in the Cloud - Part 3
30 Jun 2021
Contributed by Lukas
Hey friends! Today we're dusting off an old mini-series about password cracking in the cloud (check out part 1 and part 2) and sharing some awesome...
7MS #473: Interview with Nikhil Mittal
24 Jun 2021
Contributed by Lukas
Hey everybody! Today Joe and I sat down with Nikhil Mittal of Pentester Academy and Altered Security to talk about a whole slew of fun securit...
7MS #473: Interview with Nikhil Mittal
24 Jun 2021
Contributed by Lukas
Hey everybody! Today Joe and I sat down with Nikhil Mittal of Pentester Academy and Altered Security to talk about a whole slew of fun securit...
7MS #472: Interview with Christopher Fielder
16 Jun 2021
Contributed by Lukas
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) an...
7MS #471: Cyber News - Ransomware Should Run Somewhere Edition
09 Jun 2021
Contributed by Lukas
Hey everybody, happy June! Our pal Joe is back to cover some great security stories with us, including: Peloton's leaky API Some Colonial Pipel...
7MS #470: First Impressions of Meraki Networking Gear
02 Jun 2021
Contributed by Lukas
Today we're doing something new - a first impressions episode of Meraki networking gear. Note: this is not a sponsored episode, but rather a foll...
7MS #469: Interview with Philippe Humeau of CrowdSec
26 May 2021
Contributed by Lukas
Hey friends! Today we're talking with Philippe Humeau, CEO of CrowdSec, which is "an open-source massively multiplayer firewall able to analyze visit...
7MS #468: Eating the Security Dog Food - Part 3
20 May 2021
Contributed by Lukas
Today we continue the series on eating your own security dog food! Specifically, we talk about: Keeping a log and procedure for sanitizing systems ...
7MS #467: How to Succeed in Business Without Really Crying - Part 9
12 May 2021
Contributed by Lukas
Hey everybody! I stayed in a hotel for the first time in over a year and boy oh boy...I hope I didn't get COVID from the bedsheets! Anyhow, on that jo...
7MS #466: Attacking and Defending Azure AD Cloud (CARTP)
05 May 2021
Contributed by Lukas
Welp, I need another security certification like I needed a bunch to the retinas, but even after all the fun (and pain) of CRTP I couldn't help but ...
7MS #465: Cyber News - The FBI Might Be Getting Into the IR Biz Edition
28 Apr 2021
Contributed by Lukas
Hey friends! Today Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I talk about some of our favorite news stories, including: FBI removes hacker ba...
7MS #464: Interview with Christopher Fielder of Arctic Wolf
22 Apr 2021
Contributed by Lukas
Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk a...
7MS #463: DIY Pentest Dropbox Tips - Part 5
14 Apr 2021
Contributed by Lukas
In the last two episodes of this series (#449 and #450) we've been diving into how to not only speed up the process of spinning up a DIY pentest dro...
7MS #462: Pentesting with the Hak5 Key Croc
07 Apr 2021
Contributed by Lukas
Today we talk through our first engagement using Hak5 Key Croc to steal and exfil data. In the past, my internal monologue when a new Hak5 toy is re...
7MS #461: Tales of Internal Network Pentest Pwnage - Part 26
31 Mar 2021
Contributed by Lukas
OK I probably say this every time, but I'm gonna say it again: this tale of pwnage is my one of my favs - and not because of the tools/tradecraft, but...
7MS #460: Why I'm Throwing My UniFi Gear Into the Ocean
24 Mar 2021
Contributed by Lukas
Hey friends! Warning: this is not a "typical" 7MS episode where we try hard to deliver some level of security value. Instead, today is a big, fat,...
7MS #459: Cyber News - Microsoft Exchange Makes the World Cry Edition
17 Mar 2021
Contributed by Lukas
Happy mid-March! Our good pal Gh0sthax joins us today for another hot dish of cyber news! Stories include: Microsoft Exchange cyber attack - Hac...
7MS #458: Interview with Tanya Janca
11 Mar 2021
Contributed by Lukas
Today we're super excited to share a featured interview with Tanya Janca of WeHackPurple! Tanya has been in software development from the moment s...
7MS #457: Tales of Internal Network Pentest Pwnage - Part 25
04 Mar 2021
Contributed by Lukas
Hi! This episode of pentest pwnage is a fun one because it was built for speeeeeeeeeeeeeeeed. Here's some of the things we're doing/running when tim...
7MS #456: Certified Red Team Professional - Part 4
25 Feb 2021
Contributed by Lukas
Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training an...
7MS #455: Tales of Internal Network Pentest Pwnage - Part 24
19 Feb 2021
Contributed by Lukas
Hey everybody! Sorry that we're late again with today's episode, but I got COVID shot #2 and it kicked my behind BIG TIME today. But I'm vertical toda...
7MS #454: Cyber News - Lets Switch to Typewriters Edition
11 Feb 2021
Contributed by Lukas
Happy almost-mid-February! Today Gh0sthax cooked up some great news stories for us to chew on, including: Sudo bug gives root access to mass numbe...
7MS #453: Interview with Marcello Salvati
04 Feb 2021
Contributed by Lukas
Today's featured interview is with Marcello Salvati of Black Hills Information Security. Marcello is a.k.a. byt3bl33d3r, and known for his many cont...
7MS #452: Enterprise Attacker Emulation and C2 Implant Development
28 Jan 2021
Contributed by Lukas
Hey everyone! Hope you're having a great week. Today Gh0sthax and I do a brain dump and recap of a cool (and mind-exploding) course we took last wee...
7MS #451: Deep Freeze
22 Jan 2021
Contributed by Lukas
Today we talk about a cool product called Deep Freeze, which, as its name implies, can "freeze" your computer in a known/good/frozen state. Then you ...
7MS #450: DIY Pentest Dropbox Tips - part 4
15 Jan 2021
Contributed by Lukas
Hey friends! We're continuing our series on pentest dropbox building - specifically playing off last week's episode where we started talking abou...
7MS #449: DIY Pentest Dropbox Tips - Part 3
07 Jan 2021
Contributed by Lukas
Happy new year! This episode continues our series on DIY pentest dropboxes with a focus on automation - specifically as it relates to automating t...
7MS #448: Certified Red Team Professional - Part 3
30 Dec 2020
Contributed by Lukas
Today, Gh0sthax and I talk about week 3/4 of the CRTP - Certified Red Team Professional training, and how it's kicking our butts a bit. Key point...
7MS #447: Cyber News - The End of 2020 as We Know It Edition
23 Dec 2020
Contributed by Lukas
Merry Christmas! Happy holidays! Please enjoy the last cyber news edition of 2020, brought to us by our good pal Gh0stHax. Stories covered include: ...
7MS #446: Certified Red Team Professional - Part 2
17 Dec 2020
Contributed by Lukas
Today's episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today's episode include: I...
7MS #445: Certified Red Team Professional
09 Dec 2020
Contributed by Lukas
Welp, I need another certification like I need a hole in the head, but that didn't stop me from signing up for the Certified Red Team Professional. S...
7MS #444: Interview with Christopher Fielder of Arctic Wolf
02 Dec 2020
Contributed by Lukas
Happy December! Today I virtually sat down with Christopher Fielder of Arctic Wolf, who started his career in security at 18 (I was just playing a ...
7MS #443: Cyber News - Thankful for Patches Edition
26 Nov 2020
Contributed by Lukas
Happy Thanksgiving! While the turkey and pie settle in your belly, why not also digest some fantastic security news stories with our pal Gh0sthax? To...
7MS #442: Tales of Internal Network Pentest Pwnage - Part 23
19 Nov 2020
Contributed by Lukas
Hey friends, I dare declare this to be my favorite tale of internal pentest pwnage so far. Why? Because the episode features: Great blue team tools...
7MS #441: SharpGPOAbuse
15 Nov 2020
Contributed by Lukas
Hello friends! Sorry to be late with this episode (again) but we've been heads-down in a lot of cool security work, coming up for air when we can! Tod...
7MS #440: Tales of Internal Network Pentest Pwnage - Part 22
08 Nov 2020
Contributed by Lukas
Hi! Sorry to be so late with this episode, but I'm excited to share with you another fun tale of pentest pwnage! Key points from today's episode inclu...
7MS #439: Cyber News - Ransomware is Definitely Still a Thing Edition
29 Oct 2020
Contributed by Lukas
Happy October and merry Halloween everybody! We're back with our buddy Joe "the machine" Skeen who is also now a Principal Security Engineer for 7M...
7MS #438: PCI Professional Certification (PCIP) - Part 4
21 Oct 2020
Contributed by Lukas
Yay - I'm a PCIP now! I welcome you to check out our past episodes on PCIP, but in some ways this will be the be all, end all episode on the topi...
7MS #437: Homecoming and Home ioT Security - Part 3
14 Oct 2020
Contributed by Lukas
Hello! This episode is a true homecoming in that I actually recorded it from home. Yay! WARNING!!! WARNING!!! This episode contains a ton of singi...
7MS #436: Cleaning Up Your Cloud Clutter
07 Oct 2020
Contributed by Lukas
Hey, hope you're having a great week! The last few weeks have had somewhat of a homecoming and home cleaning theme. To continue that train of thought...
7MS #435: Homecoming and Home ioT Security - Part 2
02 Oct 2020
Contributed by Lukas
Hi again! It's sort of fun to release two episodes in one week for a change. If you missed part 1 on our ioT security series, check it out here. To...
7MS #434: Homecoming and Home ioT Security
01 Oct 2020
Contributed by Lukas
WE'RE HOME! After almost a year after our fire, we're back, baby! This episode is somewhat of a homecoming that dovetails into an episode about ioT s...
7MS #433: Cyber News - Security Skills Gap Edition
23 Sep 2020
Contributed by Lukas
Hi! Today our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax has prepared some cyber-licious actionable news stories for us to chew on. Today's storie...
7MS #432: Tales of Internal Network Pentest Pwnage - Part 21
16 Sep 2020
Contributed by Lukas
Yay! It's time for another tale of pentest pwnage! Highlights include: Making sure you take multiple rounds of "dumps" to get all the delicious loca...
7MS #431: How to Succeed in Business Without Really Crying - Part 8
09 Sep 2020
Contributed by Lukas
Today we're talking business! We've got some exciting news and updates to share with you since we last did a "crying" episode last fall: 7MS hired a ...
7MS #430: Interview with Dan DeCloss
02 Sep 2020
Contributed by Lukas
Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and ...
7MS #429: Cyber News - Free Bitcoin for Everybody Edition
26 Aug 2020
Contributed by Lukas
Hola! We're back again with our amigo Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to d...
7MS #428: Tales of Internal Network Pentest Pwnage - Part 20
19 Aug 2020
Contributed by Lukas
Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits: My understanding is that in order...
7MS #427: Interview with Ameesh Divatia from Baffle
12 Aug 2020
Contributed by Lukas
Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discu...
7MS #426: Tales of Internal Pentest Pwnage - Part 19
07 Aug 2020
Contributed by Lukas
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customer...
7MS #425: DIY Pentest Dropbox Tips - Part 2
30 Jul 2020
Contributed by Lukas
Today's episode is all about creating and deploying your own pentest dropbox! In part 1 I talked about some "gotchas" but this time around I'm ready...
7MS #424: Cyber News - Everything is Pwned Edition
22 Jul 2020
Contributed by Lukas
Hello! We're back with our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. ...
7MS #423: Tales of Internal Pentest Pwnage - Part 18
15 Jul 2020
Contributed by Lukas
This is an especially fun tale of pentest pwnage because it involves D.D.A.D. (Double Domain Admin Dance) and varying T.T.D.A. (Time to Domain Admin)....
7MS #422: Eating the Security Dog Food - Part 2
10 Jul 2020
Contributed by Lukas
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit [safepass.me](h...
7MS #421: Cyber News - Verizon DBIR Edition
01 Jul 2020
Contributed by Lukas
Today my pal Gh0sthax and I pick apart the Verizon Data Breach Investigations Report and help you turn it into actionable items so you can better ...
7MS #420: Tales of Internal Pentest Pwnage - Part 17
26 Jun 2020
Contributed by Lukas
Today's episode is a fun tale of pentest pwnage! Interestingly, to me this pentest had a ton of time-sponging issues on the front end, but the TTDA (T...
7MS #419: Eating the Security Dog Food
17 Jun 2020
Contributed by Lukas
Today we're talking about eating the security dog food! What do I mean by that? Well, a lot of security companies I worked for in the past preached to...
7MS #418: Securing Your Mental Health
11 Jun 2020
Contributed by Lukas
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me f...
7MS #417: Vulnerability Scanning Tips and Tricks
04 Jun 2020
Contributed by Lukas
Today's episode is all about getting the most value out of your vulnerability scans, including: Why, IMHO you should only do credentialed scans ...
7MS #416: Pi-hole 5.0
28 May 2020
Contributed by Lukas
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers...
7MS #415: Cyber News
21 May 2020
Contributed by Lukas
Today's episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week's interesting security news stories, how they mi...
7MS #414: Tales of Pentest Fail #4
14 May 2020
Contributed by Lukas
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me f...
7MS #413: PCI Professional Certification (PCIP) - Part 3
07 May 2020
Contributed by Lukas
Hey everybody! I hope you're hanging in there during quarantine and staying healthy. Today is part 3 of our ongoing series all about becoming a PCIP....
7MS #412: Tips for Working Safely and Securely From Home
01 May 2020
Contributed by Lukas
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers...
7MS #411: More Fun Stay-at-Home Security Projects
24 Apr 2020
Contributed by Lukas
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for ...