Instantly share code, notes, and snippets.

Embed
What would you like to do?
7 Minute Security podcast episode guide

7 Minute Security podcast - full episode guide

Below is a blurb on each podcast episode, as well as a link to the corresponding show notes (if available)


321: Interview with Joe Klein - Part 2

Today's episode is a follow-up interview with Joe Klein, who is my good pal, a former coworker, and a SOC analyst extraordinaire. You might remember Joe from things such as...this podcast - episode #290 to be exact.

When we last left Joe, he had just started an exciting new journey as a SOC analyst, and also picked up a new sweet gig teaching college-level security courses. So Joe and I sat down last week in the 7 Minute Security studios to talk with Joe about a LOT of stuff, like...

View this episode's show notes for more information

320: Interview with Lane Roush of Arctic Wolf

This week I sat down with Lane Roush of Arctic Wolf to discuss the big hairy beast that is...(insert dramatic music here) logging and alerting!

View this episode's show notes for more information

319: Sniper and Firewalls Full of FUD

In today's episode, I talk about my fun experience using the Sn1per automated pentesting tool. It's really cool! It can scan your network, find vulnerabilities and exploit them - all in one swoop! It also does a nice one-two punch of OSINT+recon if you feed it a domain name.

View this episode's show notes for more information

318: Interview with Bjorn Kimminich of OWASP Juice Shop

If you've never heard of the Juice Shop before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes it a fantastic learning tool for Web app pentesters, be they seasoned or total newbs. Bjorn and I sat down (over Skype) to discuss.

View this episode's show notes for more information

317: Interview with Justin McCarthy of StrongDM

Today's interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercial and open source tools (like Comply) to help customers with SOC compliance.

View this episode's show notes for more information

316: How to Succeed in Business Without Really Crying - Part 3

A continuation of #297 and #298 to give you an update on how the 7MS biz is going. Topics covered include a new hire to 7MS (kind of), the weird and varied projects I'm working on, upcoming podcast sponsors (probably in July) and the 7MS "real" office space coming soon to the southern metro of MN (hopefully!)

View this episode's show notes for more information

315: Creating a Personal DR Plan - Part 2

A continuation of episode #314, talking specifically about how to create a pretty bulletproof backup plan using BackBlaze and encrypted USB drives.

View this episode's show notes for more information

314: Creating a Personal DR Plan

In this miniseries we start talking about how to create a personal DR plan so that your loved ones can resume managing your online social media accounts, banking, business, etc. after you cease to be alive.

View this episode's show notes for more information

313: Push-Button Domain Admin Access

In this episode, I talk about how you can use a combination of open source tools to pwn a domain in about 5 minutes!

View this episode's show notes for more information

312: OFF-TOPIC - Boxing a Cat

If someone said to you "Yeah, I know that's frustrating...it's like boxing a cat!" what would you think they meant by that? That's the mystery I try to untangle in this episode.

View this episode's show notes for more information

311: How to Build a Cuckoo Sandbox

This episode talks about how to build a Cuckoo Sandbox for malware analysis. It can be a painful process, but I got you covered with a gist that walks you through everything step by step!

View this episode's show notes for more information

310: Secure the Radio Commercials

This episode features the radio commercials that will be airing on some local radio stations in just a few short weeks!

View this episode's show notes for more information

309: Password Cracking in the Cloud - Part 2

This episode covers how to safely take a dump (heh) of your Active Directory environment and prepare it for a "crack job" in a high-powered Paperspace crackin' VM!

View this episode's show notes for more information

308: Password Cracking in the Cloud

I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud.

View this episode's show notes for more information

307: Writing Security-Focused Radio Commercials

7 Minute Security commercials are coming to a radio station near you!

View this episode's show notes for more information

306: A Peek into the 7MS Mail Bag - Part 2

We've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show:

  • What security certs should a sales person get?
  • What lav mic should I get for podcasting?
  • How do I know if I'm ready to take the OSCP?
  • When are you gonna do some more YouTube videos?
  • When will the PacktPub project be done?

View this episode's show notes for more information

305: Evaluating Endpoint Protection Solutions - Part 2

Today is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is an adversary simulation system that's really awesome! You can essentially setup a virtual attacker and cut it loose on some test machines, which is what I did as part of an endpoint protection evaluation project.

View this episode's show notes for more information

304: Integrating Pwned Passwords with Active Directory

This episode discusses one free and one (relatively) cheap solution to integrate Troy Hunt's Pwned Passwords project into Active Directory.

View this episode's show notes for more information

303: Evaluating Endpoint Protection Solutions

I'm doing an AV endpoint solution "bake off" and (perhaps not surprisingly) finding they're good at finding signature-based stuff, but not stopping attacker-like behavior.

View this episode's show notes for more information

302: Bunnies and Bloodhounds

I've had a fun week with a mixed bag of security related stuff happening, so I thought I'd throw it all in a big stew and cook it up for today's episode. Highlights include a preso I did on Bash Bunnies, and my experience playing with the updated version of Bloodhound!

View this episode's show notes for more information

301: CredDefense

CredDefense is a freakin' sweet tool from the fine folks at Black Hills Information Security that does some really nifty things, like find where people are using weak passwords in your network, and also stopping them from changing their passwords to breached/weak ones in the future!

View this episode's show notes for more information

300: Windows System Forensics 101 - Part 2

This episode continues where #299 left off and specifically focuses on FTKImager, Redline, Dumpit and Volatility

View this episode's show notes for more information

299: Windows System Forensics 101

I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it was hard to boil things down to just an hour!

View this episode's show notes for more information

298: How to Succeed in Business Without Really Crying - Part 2

Today's episode focuses on:

  • How I'm finding leads/projects to work on

  • The interesting conversations I'm having with customers who seem a little tired of the traditional pentest/assessment song and dance

View this episode's show notes for more information

297: How to Succeed in Business Without Really Crying

So back in episode 287 I talked about how I was upgrading 7 Minute Security and turning it into an LLC. Since then I've gotten a lot of questions like "Hey, how do I start my own security company? What's it cost? How do you find business? Are you living in your mom's basement, or has 7MS found some success?" I try to live like an open book, so I talk about this and more on today's episode!

View this episode's show notes for more information

296: WEFFLES - Windows Event Logging Forensic Logging Enhancement Services

WEFFLES stands for Windows Event Logging Forensic Logging Enhancement Services and is Microsoft's cool (and free!) console for responding to incidents and hunting threats. I had a chance to play with it in the lab this week and for the most part, the install of WEFFLES went well, but I had one minor issue that was cleared up easily.

View this episode's show notes for more information

295: Interview with Kevin Keane

Today I'm excited to be joined by my friend and advisor Kevin Keane who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy.

View this episode's show notes for more information

294: GDPR Me ASAP

We're talkin' about GDPR today! GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are.

View this episode's show notes for more information

293: How to Become a Packtpub Author - Part 2

Back in episode 280 I talked about how I started working with PacktPub to start authoring a video course on vulnerability scanning using Kali. Since that episode I've found that recording and editing high quality video clips is taking waaaaaayyyyyyyyyyy longer than I'd like, but it's worth it to create good stuff! PacktPub authored a tool called Panopto to make videos, but I found it a little frustrating to work with, so today I talk about my janky - but functional - recording setup.

View this episode's show notes for more information

292: OFF-TOPIC - How I Nearly Killed My Sister with a Snowball

Topic really says it all. I did indeed almost kill my sister with snow. Spoiler alert: she lives.

View this episode's show notes for more information

291: The Quest for Critical Security Controls - Part 4

I love CIS controls, if that wasn't apparent already. And I adore this neat spreadsheet for doing CIS-focused controls assessments.

View this episode's show notes for more information

290: Interview with Joe Klein

My pal and former coworker Joe Klein joins me in the virtual studio to discuss his career as a diesel mechanic and insurance guru, and "How to leave a stable job, take a huge pay cut and start a risky infosec internship (sounds like the name of a broadway musical!"

View this episode's show notes for more information

289: I'm Dipping My Toes in Windows Forensics

I'm working on a course all about Windows system forensics - specifically focused on triaging malware and also being able to put someone "at the scene of a keyboard" - like if you need to tie a user to actions they took on a machine.

View this episode's show notes for more information

288: I'm BURPing a Lot

I can't tell you how fun it has been to get back in the pentesting saddle and hack some Web sites these past few weeks. This episode features some tips/tricks others taught me that have helped me get back in the swing of things.

View this episode's show notes for more information

287: Introducing 7 Minute Security LLC

7MS is not just a podcast anymore! I'm taking the plunge and making a business out of this beast!

View this episode's show notes for more information

286: The Quest for Critical Security Controls - Part 3

More CIS goodness, focused this time on a great CIS implementation guide for SMEs, a tool called Netdisco for locating endpoints by MAC or IP, and a great book for blue-teamers called Defensive Security Handbook

View this episode's show notes for more information

285: The Quest for Critical Security Controls - Part 2

A continuation of episode 284, focusing on some cool CIS adherence tools like MacMon and Fingbox.

View this episode's show notes for more information

284: The Quest for Critical Security Controls

This episode focuses on my love for the Critical Security Controls, which CIS describes as "...a prioritized set of actions that protect your critical systems and data from the most pervasive cyber attacks. They embody the critical first steps in securing the integrity, mission, and reputation of your organization."

View this episode's show notes for more information

283: OFF-TOPIC - I Love Cops and COPS

My plans for this week's podcast went hush-hush, kablooie, bye-bye, see ya, adios. So, I'm pinch-hitting and going off-topic and talking about...of all things...cops. Now wait! Wait wait! Don't run away. I'm not going all political on you or anything like that. I promise. Give today's episode a listen:

View this episode's show notes for more information

282: A Peek into the 7MS Mailbag

I'm gonna level with you: it's been a heck of a week. So I thought I'd try something a little different (and desperate?) and use this episode to answer some FAQs that come in via email and Twitter DM.

View this episode's show notes for more information

281: Baby's First Infosec Conference

I went to my first ever banking-focused infosec conference a few weeks ago (WBA's Secure-IT) and learned a ton.

I met some really great people and had many productive conversations around security. The main takeaways from the conference are discussed in today's podcast episode.

View this episode's show notes for more information

280: How to Become a PacktPub Author

I'm excited to announce I'm going to be a PacktPub author! I'm going to work with them to create a course on network/vulnerability scanning. I'm pumped, but kinda nervous, so when I had the initial conversations with PacktPub staff, I made sure I hit them with my burning questions.

View this episode's show notes for more information

279: Patching Solutions Bake-Off - Part 4

This episode focuses on Ivanti and PDQ Inventory/Deploy as potential patching solutions for your environment.

View this episode's show notes for more information

278: Interview with SE Guru Rob Sell

Rob Sell is an IT manager who has been working in IT for many years, with a focus on information security specifically for the last 4 years. He recently came home from Defcon 25 with a third place in the SE CTF.

Rob sat down with me to discuss the CTF, how to make an outstanding CTF audition video, OSINT tools/tips/techniques, the value of tech/security certifications, career advice and much more!

View this episode's show notes for more information

277: Patching Solutions Bake-Off - Part 3

This episode focuses on ManageEngine Desktop Central (and spoiler alert: I really dig it!).

View this episode's show notes for more information

276: The CryptoLocker song

The worldwide Internet debut of an original infosec-themed song called CryptoLocker'd, and as the name implies, it's about a CryptoLocker incident.

View this episode's show notes for more information

275: Patching Solutions Bake-Off - Part 2

This episode focuses on the Ninite 3rd-party app patching solution.

View this episode's show notes for more information

274: Speaking at ILTACON - Part 4

'm back from Vegas! My talk went really well and I'm excited to tell you about it in today's episode.

View this episode's show notes for more information

273: Speaking at ILTACON - Part 3

I ran out of time in episode #272 to tell you about why preparing to be a speaker for ILTACON was way more stressful that preparing for Secure360 a few months ago.

View this episode's show notes for more information

272: Speaking at ILTACON - Part 2

In this episode I share a high-level walkthrough of my talk and the 10 "Blue Team on a Budget" tips that the talk will focus on.

View this episode's show notes for more information

271: Patching Solutions Bake-Off - Part 1

Today we kick off a multi-part series comparing/contrasting popular patching solutions:

  • Ivanti
  • Ninite
  • ManageEngine
  • PDQ Deploy

View this episode's show notes for more information

270: IDS on a Budget - Part 4

This is a continued deep dive into Security Onion and how I used it on my own VM test network to flag some suspicious download and other behavior.

View this episode's show notes for more information

269: Documentation

In this episode I talk about my mixed feelings towards the "big" standards like ISO/NIST/etc. and how a more tactical, down-to-earth documentation approach might be more effective in some cases.

View this episode's show notes for more information

268: IDS on a Budget - Part 3

This episode is a deeper dive into Security Onion, which is a really powerful - and free! - tool. I've been having a blast with it.

View this episode's show notes for more information

267: Backup Disasters

Today's episode is a horror story about how I recently lost 5+ years of CrashPlan backups due to what I'm calling a...small clerical error.

View this episode's show notes for more information

266: IDS on a Budget - Part 2

A continuation of the IDS on a budget series, this time talking about tools/projects such as Sweet Security and Security Onion.

View this episode's show notes for more information

265: IDS on a Budget - Part 1

Today's episode kicks off a series on implementing an IDS on the free/cheap!

View this episode's show notes for more information

264: Hacking Wordpress

In this episode I talk about some tools/tips to help you pentest a WordPress instance.

View this episode's show notes for more information

263: Make Nessus Reporting Fun Again!

A found a cool - and very affordable! - tool to help pretty up and simplify the raw data coming out of a Nessus report.

View this episode's show notes for more information

262: Speaking at ILTACON

Through kind of a weird series of events, I have an opportunity to speak at ILTACON this summer in Vegas (baby!). I'll be talking about some things you can do if you suspect your perimeter is breached, as well as low-hanging fruit you can implement to better defend against breaches.

View this episode's show notes for more information

261: Blind Network Security Assessments

In this episode, I talk about some tips/tools to assist you with a "blind" network assessment - in which you're asked to assess a network you've never seen before.

View this episode's show notes for more information

260: PwnPro 101 - Part 2

A continuation of our discussion on the cool PwnPro pentesting device. This time we dive into using PwnPro remotely via reverse shells.

View this episode's show notes for more information

259: OFF-TOPIC - Home Robbery Attribution

I had a scary incident at home recently where I was pretty sure my home was burglarized by a 5th grader. Once I found the real suspect, I was speechless.

View this episode's show notes for more information

258: Speaking at Secure360 - Part 2

Good news - my first security conference speaking experience went really well, and I want to tell you all about it in this episode.

View this episode's show notes for more information

257: Speaking at Secure360

In this episode I talk about my first ever security conference speaking experience!

View this episode's show notes for more information

256: AlienVault Certified System Engineer - Part 2

This episode is a big fat rant about the AlienVault Certified System Engineer test, which I felt was extremely frustrating and, well, kinda cheap.

View this episode's show notes for more information

255: PwnPro 101

A review of a cool piece of hardware (that you can easily control remotely) called PwnPro.

View this episode's show notes for more information

254: Bash Bunny

A brief review of Hak 5's new mischievous USB-based hacking tool, the Bash Bunny.

View this episode's show notes for more information

253: Desperately Seeking Service Accounts

This episode discusses Powershell scripts and other free tools you can use to enumerate local service/user accounts on machines.

View this episode's show notes for more information

252: LAPS - Local Administrator Password Solution

Microsoft LAPS is a tool that allows you to randomize and strengthen the local administrator passwords across your AD enterprise!

View this episode's show notes for more information

251: Blackholing Malvertising with Pi-Hole

This episode features a nifty - and free! - DNS server package that can also blackhole malvertising. It's called Pi-Hole.

View this episode's show notes for more information

250: The PBS Telethon Episode!

Today I celebrate the 250th episode of 7MS by asking for your support :-)

View this episode's show notes for more information

249: AlienVault Certified Security Engineer - Part 1

This episode is about my journey to become an AlienvVault Certified Security Engineer.

View this episode's show notes for more information

248: How to Hack the 10 O'clock News

I had the fun opportunity to work with a local news outlet to do a story on wifi/ioT hacking.

View this episode's show notes for more information

247: Webapp Pentest Tool Bake-Off - Part 4

Today's focus is on the Qualys toolset.

View this episode's show notes for more information

246: Webapp Pentest Tool Bake-Off - Part 3

Today's focus is on Netsparker.

View this episode's show notes for more information

245: Webapp Pentest Tool Bake-Off - Part 2

Today's focus is on AppSpider.

View this episode's show notes for more information

244: Webapp Pentest Tool Bake-Off - Part 1

This episode kicks off a mini-series on comparing/contrasting Webapp pentest tools. Today's episode focuses on Acunetix.

View this episode's show notes for more information

243: ZOMG Logo Design Contest!

7MS is getting all grown up and launching a logo contest through 99Designs

View this episode's show notes for more information

242: Bye Bye Dream Job - Part 4

Here's what I'm doing in my new gig! View this episode's show notes for more information

241: Bye Bye Dream Job - Part 3

How to gracefully transition from old job to new job.

View this episode's show notes for more information

240: Bye Bye Dream Job - Part 2

How to stand out during phone screenings and interviews

View this episode's show notes for more information

239: Bye Bye Dream Job - Part 1

In 2016 I had my favorite job ever: a work-from-home gig doing nothing but but pentesting. But, sadly, all good things must (sometimes) come to an end, so this episode focuses on getting out there, enlisting the help of recruiters, touching up the ol' resume, etc.

View this episode's show notes for more information

238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary

How to use a combination of NMAP (for scanning), Papertrailapp (for logging) and OpenCanary (for trapping bad guys!) on your network.

View this episode's show notes for more information

237: Network Monitoring 101 - Part 1: Nessus

Focuses on installing and configuring Nessus (a tool that can serve as both a port scanner and a vuln-finder)

View this episode's show notes for more information

236: From "Derp!" to Domain Admin with MOVEit Central

A story about a weird pentest with some strange restrictions that, while initially feeling like an unfair situation, turned into an awesome opportunity to get creative and worm my way into Domain Admin territory!

View this episode's show notes for more information

235: Pwning Billy Madison

A walkthrough of pwning the Billy Madison VM hosted at VulnHub.

View this episode's show notes for more information

234: Pentesting OWASP Juice Shop - Part 5

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

233: Pentesting OWASP Juice Shop - Part 4

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

232: Pentesting OWASP Juice Shop - Part 3

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

231: Pentesting OWASP Juice Shop - Part 2

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

230: Pentesting OWASP Juice Shop - Part 1

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

229: Intro to Docker for Pentesters

I know I'm old and unhip, but I just got turned on to Docker, and in this episode I wanted to share two cool ways to use it to beef up your pentest skills.

View this episode's show notes for more information

228: Fun with Bettercap

All about installing, configuring and using Bettercap.

View this episode's show notes for more information

227: Lets Encrypt - Installing SSL Certs for Nessus and Ubiquiti Unifi

Back in episode #220 I went through how to get a cloud-hosted UniFi controller setup so you could do cool things like implement a voucher system for your guests. A next natural step is securing the controller with a proper SSL cert, and thanks to this great article from Steve Jenkins, it's not as hard as it might look. I use it as the backbone of my video demo.

View this episode's show notes for more information

226: DIY 500 Dollar Pentesting Lab - Part 3

This episode is part 3 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Part 2 covered network/storage configuration.

View this episode's show notes for more information

225: DIY 500 Dollar Pentesting Lab - Part 2

This episode is part 2 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Today we walk about the network/storage configuration.

View this episode's show notes for more information

224: DIY 500 Dollar Pentesting Lab - Part 1

This episode is part 1 of a series all about setting up a virtual pentesting lab for about 500 bucks. We're kicking off the series with a segment on selecting hardware, getting ESXi installed to a USB drive and then getting all the components hooked up and powered on.

View this episode's show notes for more information

223: Vulnhub Walkthrough - Tommy Boy

The following is a semi-spoilerish walkthrough of the vulnerable Tommy Boy VM, hosted on Vulnhub.

View this episode's show notes for more information

222: OFF-TOPIC - THE FINAL CHAPTER!

This episode is the good/bad news of why I won't be doing off-topic episodes anymore.

View this episode's show notes for more information

221: News and Links Roundup

View this episode's show notes for more information

220: Installing Ubiquiti EdgeRouter X and AP - Part 3

Conclusion of the Ubiquiti series - see #215 and #217 for parts 1 and 2.

View this episode's show notes for more information

219: News and Links Roundup

View this episode's show notes for more information

218: OFF-TOPIC - My Top 5 Favorite and Least Favorite Things About The Division

In today's off-topic episode I talk about my 5 favorite (and least favorite) things about Tom Clancy's The Division for Xbox One. Topics include: dumb boss battles, phantoms and floaters, and unnecessary celebrations.

View this episode's show notes for more information

217: Installing Ubiquiti EdgeRouter X and AP - Part 2

Continuation of the series started in episode #215.

View this episode's show notes for more information

216: News and Links Roundup

View this episode's show notes for more information

215: Installing Ubiquiti EdgeRouter X and AP - Part 1

In today's episode I kick off a multi-part series on ditching my previously beloved Almond router in lieu of a Ubiquiti Edge Router X and access point.

View this episode's show notes for more information

214: News and Links Roundup

View this episode's show notes for more information

213: Building a Vulnerable VM (The Prequel)

In this episode, I share a short list of virtual landmines you'll want to avoid when building your vulnerable VM for vulnhub.com.

View this episode's show notes for more information

212: News and Links Roundup

View this episode's show notes for more information

211: OFF-TOPIC - IT Horror Stories - Part 2

In today's episode I share some big news (SPOILER ALERT: I'm building a vulnhub.com vulnerable VM!) and also tell you about a client that was happy to pay me to watch progress bars for hours, but not happy to give me a 15 minute break for dinner.

View this episode's show notes for more information

210: Vulnhub Walkthrough - Mr. Robot

The following is a semi-spoilerish walkthrough of the Mr. Robot VM from Vulnhub by Jason (couldn't find a link for him! Hrmm....mysterious!).

View this episode's show notes for more information

209: News and Links Roundup

View this episode's show notes for more information

208: OFF-TOPIC - The Jackwagon Who Stole My Drums!

This off-topic episode is about a "friend" (I'm using air quotes) of mine who stole a set of drums from me. Then he sold them for dirt cheap, promised to pay me back (but didn't) and force me to take him to court. "Fun stuff!" Brian said sarcastically! Tune into today's episode to see where this heated legal battle is at.

View this episode's show notes for more information

207: Vulnhub Walkthrough - Sidney

The following is a semi-spoilerish walkthrough of the Sidney VM from Vulnhub by Knightmare2600.

View this episode's show notes for more information

206: Vulnhub Walkthrough - Stapler

The following is a semi-spoilerish walkthrough of the Stapler VM from Vulnhub by g0tmi1k.

View this episode's show notes for more information

205: News and Links Roundup

View this episode's show notes for more information

204: OFF-TOPIC - IT Horror Stories!

Today's off-topic show is one of my favorite IT horror stories, featuring a red-hot angry lawyer who was having password issues. I had the joy of dealing with his hair-trigger temper on a Saturday over a crappy cell phone connection.

View this episode's show notes for more information

202: News and Links Roundup

View this episode's show notes for more information

201: OFF-TOPIC - Audio Clip Extravaganza

In this first ever 7MS audio clip extravaganza, I offer the following two mini-journeys for your ears:

  1. I get my young son red hot mad at me as I sing I See the Moon and even some Beyonce tunes to cheer him up.

  2. I entered a contest to remix a Barenaked Ladies song (Easy), but they wouldn't even accept my entry! Maybe you will :'(

View this episode's show notes for more information

200: Vulnhub Walkthrough - Milnet

The following is a semi-spoilerish walkthrough of the Milnet VM from Vulnhub by @teh_warriar.

View this episode's show notes for more information

199: News and Links Roundup

View this episode's show notes for more information

198: Two Pretty Cool Pentest Stories

  • One about finding a XXE vuln in a popular commercial product.

  • One about an employee who did a Webapp pentest on a product as it was being pitched to him

View this episode's show notes for more information

197: Vulnhub Walkthrough - SickOS 1.2

The following is a semi-spoilerish walkthrough of the SickOS 1.2 VM from Vulnhub by @D4rk36.

View this episode's show notes for more information

196: News and Links Roundup

View this episode's show notes for more information

195: Why AppSpider is Grinding My Gears

This episode is why AppSpider is grinding my gears right now. I have found a site that, when scanned, will cause AppSpider to go ka-blooooey!

View this episode's show notes for more information

194: Vulnhub Walkthrough - Simple

The following is a semi-spoilerish walkthrough of the Simple VM from Vulnhub by @RobertWinkel.

View this episode's show notes for more information

193: News and Links Roundup

View this episode's show notes for more information

191: Vulnhub Walkthrough - Kevgir

This is a semi-spoilerish walkthrough of the Kevgir VM from Vulnhub by canyoupwn.me.

View this episode's show notes for more information

190: Infosec News and Links Roundup

View this episode's show notes for more information

189: OFFTOPIC - Reviews of The Family Fang and Tumbledown

Today's off-topic episode features two mini movie reviews: The Family Fang and Tumbledown.

View this episode's show notes for more information.

188: Vulnhub Walkthrough - DroopyCTF

The following is a semi-spoilerish walkthrough of the DroopyCTF VM from Vulnhub by Knightmare.

View this episode's show notes for more information.

187: Infosec News and Links Roundup

View this episode's show notes for more information.

186: OFFTOPIC - Reviews of Brooklyn and The Revenant

Today's off-topic episode contains two mini movie reviews Brooklyn and The Revenant.

View this episode's show notes for more information.

185: Vulnhub Walkthrough - Lord of the Root

The following is a semi-spoilerish walkthrough of the Lord of the Root VM from Vulnhub by KookSec.

View this episode's show notes for more information.

184: Infosec News and Links Roundup

View this episode's show notes for more information.

183: OFFTOPIC-The Invitation

A movie review of The Invitation.

View this episode's show notes for more information.

182: Vulnhub Walkthrough - SickOs

The following is a semi-spoilerish walkthrough of the SickOs VM from Vulnhub by D4rk.

View this episode's show notes for more information.

181: Infosec News and Links Roundup

View this episode's show notes for more information.

180: Vulnhub Walkthrough - Skydog CTF

The following is a semi-spoilerish walkthrough of the Skydog CTF VM from Vulnhub by James Bower.

View this episode's show notes for more information.

179: Bring New Life to an Old Mac with OSX Server

In this episode I talk about how I took my aging Mac Mini and gave it some reasons to live! By installing a 20 dollar app you can make your old Mac cache software updates, host Time Machine network backups, become a DHCP/DNS server, push iPad policies and more!

View this episode's show notes for more information.

178: Infosec News and Links Roundup

View this episode's show notes for more information.

177: A Not Totally Sucky Way to Backup and Share Photos

In this episode I talk about a not completely sucky way to backup and share photos seamlessly (almost) from multiple phones.

View this episode's show notes for more information.

176: DIY SSH Honeypot with Cowrie

Recently I covered the Kippo SSH honeypot and a few folks brought to my attention that this project was a little long in the tooth, and had been superseded by Cowrie. So this episode focuses on Cowrie!

View this episode's show notes for more information.

175: Infosec News and Links Roundup

View this episode's show notes for more information.

174: DIY SSH Honeypot with Kippo - Part 2

In this episode I took my Kippo installation to the next step by incorporating mysql.

View this episode's show notes for more information.

173: DIY SSH Honeypot with Kippo

Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here's a super fast getting started guide.

View this episode's show notes for more information.

172: Infosec News and Links Roundup

View this episode's show notes for more information.

171: OFF-TOPIC - Easter Music

This is probably the most off-topic of all off-topic episodes - in that the topic isn't really a topic at all. Instead, I offer up two of my favorite worship songs to get us in an Easter mindset for the weekend. Have a listen.

View this episode's show notes for more information.

170: Pentesting in a Vacuum - Part 3

This weekend I was tasked with pentesting a subset of a few specific hosts, and also running some scenarios such as "An attacker has a presence on one of the machines, what can he do to further grab creds/info and use that to escalate permissions/privs in the environment?"

View this episode's show notes for more information.

169: Infosec News and Links Roundup

View this episode's show notes for more information.

168: Upgrading and Securing Your Digital Ocean Ghost Blog

This weekend, while I was comforting my barfing son, I did some securing and tune-up work on this blog, which is a Ubuntu Digital Ocean droplet running on the Ghost blogging platform. Here's the spit and polish that was applied.

View this episode's show notes for more information.

167: My Misadventures with SOAP Web Services

TLDR: Before I'd do another SOAP Web services test, I'd ask (demand) the following from the dev team:

  • WSDLs for all services in scope
  • SoapUI project file populated with valid request for each Web service (so I can distinguish responses and app behavior).

View this episode's show notes for more information.

166: Infosec News and Links Roundup

View this episode's show notes for more information.

165: DIY Podcast

Well, my first choice for topic today (DIY retro gaming console) fell through (ARGH!) so today I chat about another topic people ask about: what tools/services go into making a podcast. Here's my setup in a nutshell.

View this episode's show notes for more information.

164: Pentesting in a Vacuum - Part 2

This is a continuation of episode #158, in which I described my challenges in creating a 20-server Kali environment with no Internet access.

View this episode's show notes for more information.

163: Infosec News and Links Roundup

View this episode's show notes for more information.

162: OFF-TOPIC - Deadpool

This episode is a mini review of DEADPOOL! I had a huge reservation about Deadpool before seeing it, but the film squashed it...and has restored my faith in the superhero franchises! I give it an A!

View this episode's show notes for more information.

161: DIY Wifi Network Graphing & Dojo Scavenger Vulnerable Webapp

Back in episode 157 I mentioned talked about a great article that walks you through using Kali to create a map of the wifi networks around you. I had a need to go through this exercise over the weekend, so here's my condensed walkthrough.

View this episode's show notes for more information.

160: Infosec News and Links Roundup

View this episode's show notes for more information.

159: OFF-TOPIC - What Size Company is Right for Me? (and a review of the Steve Jobs movie)

People have been writing in asking if they should work in a huge company or a small consulting/IT shop. I think they both have their pros and cons, but in this episode I attempt to oversimplify the decision with this question: How many hats do you want to wear?

View this episode's show notes for more information.

158: Pentesting in a Vacuum

How do you keep 20 Kali boxes setup with Metasploit Pro and updated without any access to the Internet? Carefully, I guess :-). In today's episode I talk about some of those challenges, as well as progress made thus far.

View this episode's show notes for more information.

157: Infosec News and Links Roundup

View this episode's show notes for more information.

156: OFF-TOPIC - 3 Ways to be a More Connected Parent

I never thought working from home would make it harder to transition to "home time" when the clock strikes 5 p.m. Today's episode discusses 3 ways I'm trying to be a more connected parent.

View this episode's show notes for more information.

155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

Things discussed today:

  • We could make 1 million dollars if we made a tool that could correlate data from all the popular pentesting tools.
  • The differences in vuln descriptions between AppSpider and Nexpose really grind my gears!
  • My parents' dog wears a 50 dolalr LL Bean jacket - wha?

View this episode's show notes for more information.

154: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

153: Ex Machina (and special musical guest)

Today's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!

View this episode's show notes for more information.

152: Review of the Almond 2015 Wireless Router

This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement.

View this episode's show notes for more information.

151: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

150: OFFTOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

View this episode's show notes for more information.

149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

View this episode's show notes for more information.

148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

View this episode's show notes for more information.

147: DIY Hosted Mutillidae

In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out.

View this episode's show notes for more information.

146: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

145: OFF-TOPIC - Sicario and The Walk

In today's off-topic episode I review two movies: Sicario and The Walk.

View this episode's show notes for more information.

144: Shoulder-Surfing with Seasoned Pentesters

I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.

View this episode's show notes for more information.

143: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

142: OFF-TOPIC - Media Servers and Making a Murderer

This off-topic episode covers: * Media servers - I'm a newb in this area and could use your help in setting up a config that actually works! * Making a Murderer - this is a fantastic show!

View this episode's show notes for more information.

141: Happy (Belated) New Year!

Happy (belated) new year! This episode is more of a "What am I listening to, a PBS telethon?!" kind of thing, and I'm sorry for that. But I want to cover: * Scheduling changes for 2016 - we're gonna be 3 times a week! * A new documentation project I'm working on called BPATTY (Brian's Pentesting and Technical Tips for You) * A way you can support the podcast financially.

View this episode's show notes for more information.

140: OFFTOPIC - Video Games I'm Currently Playing

This episode talks about some cool video games I've been playing lately: * Metal Gear Solid Phantom Pain (Xbox 360) * Rise of the Tomb Raider (Xbox 360) * Luminocity (iPhone) * Super Mario Maker (Wii U) I recommend 'em all!

View this episode's show notes for more information.

139: Securing Your Life - Part 2

Back in episode #93 I talked about securing your life - in other words, asking yourself "What would happen if I was dead right now? Do I have adequate insurance? Are my finances in order? How about estate planning?" This episode continues that train of thought, and I share some new changes I've made in my "life security" department.

View this episode's show notes for more information.

138: OFFTOPIC - The Hateful Eight

Looks like I'm one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #disappointed.

View this episode's show notes for more information.

137: OFFTOPIC - Welcome to Leith

This off-topic episode talks about one of the most gripping and disturbing documentaries I've ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremacist group moved in next door?

View this episode's show notes for more information.

136: Python for Newbs

One skill that's been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing.. But I'm trying to remedy that in 2016 by learnin' me some Python, and I picked up a great book called Python Crash Course, which has been exactly what this newb needed. At the time of publishing, you can get 30% off with the coupon code CRASHCOURSE!

View this episode's show notes for more information.

135: I Got a New Job - Part 4

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

134: I Got a New Job - Part 3

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

133: I Got a New Job - Part 2

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

132: I Got a New Job - Part 1

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

View this episode's show notes for more information.

131: How to Attempt a Two Week Pentest in Two Days

The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.

View this episode's show notes for more information.

130: Sqlmap and Sqlninja FTW

This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.

View this episode's show notes for more information.

129: Embarrassing Stories

In this episode I talk about face-planting in my office at the first job I had out of college.

View this episode's show notes for more information.

128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.

View this episode's show notes for more information.

127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

View this episode's show notes for more information.

126: Get Your Name Out There

This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!

View this episode's show notes for more information.

125: Securing Your Life - Part 2

Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.

View this episode's show notes for more information.

124: Sprinkles

This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.

View this episode's show notes for more information.

123: Doing a "Redo" Assessment

This episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the original questions over again? Especially when I have little to no time to prepare for the "redo" interview?

View this episode's show notes for more information.

122: OFFTOPIC-An Apology to Elephants

This episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town.

View this episode's show notes for more information.

121: Migrating from Tumblr to Ghost - Part 2

Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections.

View this episode's show notes for more information.

120: The Purge!

Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 6. Plus (spoiler alerts!) in 2016 we're moving to a Monday/Wednesday/Friday release schedule. Yep, 7MS three times a week - thanks for the idea, mom!

View this episode's show notes for more information.

119: Migrating from Tumblr to Ghost - Part 1

In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!

View this episode's show notes for more information.

118: Should Phishing be Fair?

This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"

117: OFFTOPIC - Alive Inside

Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.

116: Tips for a Succesful Vulnerability Scan

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

115: OFFTOPIC - Love and Mercy

We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.

114: PCI Pentesting 101 - Part 3

Part 3 on my series about PCI pentesting. Yeah. That.

113: Big Bag of Random Security Stuff

Yep, this episode is EXACTLY what the title implies.

112: This is Sparta!

This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!

111: Hacking WPA Enterprise - Part 2

The thrilling (?) conclusion of my experience hacking WPA Enterprise.

110: Hacking WPA Enterprise - Part 1

This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2!

109: OFFTOPIC - It Follows and Backcountry

Movie reviews of It Follows and Backcountry.

108: I'm Going to PWAPT! - Part 2

Here's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!

107: I'm Going to PWAPT!

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

106: A Day in the Life of an Information Security Analyst

A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!

105: OFFTOPIC - Big Bag of Random Sauce

Today's totally random episode covers: 1. How bad does this podcast's logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I'm taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode strategy.

104: LANTurtle First Impressions

Hey I just got a LANTurtle and....these are my first impressions!

103: OFFTOPIC - I Was in a Movie Once

This is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.

102: Recon-ng!

I'm a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here's the video I mentioned in the podcast - my first look at Recon-ng in action:

101: OFFTOPIC - I Am Chris Farley

The new(ish) Chris Farley documentary is fantastic - see it!

100: Assessment Curses Can Be Blessings

Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.

99: How to Deliver Bad News in a Good Way

Today's episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.

98: Intro to PCI Scoping

So far I've focused on the technical aspects of PCI, but I'm trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This episode shares some interesting tidbits I learned while doing some QSA "shadowing" on an assessment of a restaurant.

97: OFFTOPIC - Limbo

We're going off topic today and talking about video games! LIMBO for the Xbox!

96: How to Make Enemies During a Security Assessment

Yep, we're talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).

95: How to Make Friends During a Security Assessment

When you start a security assessment with a company, not everybody's gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space situation where they're interviewing for their jobs. This episode talks about some ways you might be able to get your assessment off to a right start.

94: Learn How to Burp - Part 1

I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!

93: Securing Your Life

So yeah, this is kind of off-topic, but have you thought about security in the sense of "What kinds of security things should I be doing before I'm dead?" Today's episode explores that.

92: You're Not Ready for Big Boy Security Pants

Sometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What's the right thing to do when, for lack of a better term, the client isn't ready to put on their security big boy points?

91: Umbrella

Today's episode is about Umbrella, a product from OpenDNS that provides a layer of protection against malware, wifi-jacking and other threats.

90: OFFTOPIC - Citizenfour

We're going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.

89: AppSpider

Today we're talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn't a commercial or paid advertisement. I just like sharing things that I like and use.

88: Glasswire

This episode's about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)

87: Presenting the Right Findings to the Right Audience

Today I talk about challenge I run into when I'm delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody "gets it" but also go level enough that the recommendations have some teeth?

86: OSWP-The Final Chapter!

This episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as much as I can without getting into trouble) about the exam and give you some pointers to pass it!

85: What is The Penetration Testers Framework (PTF)?

Need an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the PTF! That's what we're talkin' about on today's podcast.

84: DIY Pwn Pad

Hey have you heard of Pwn Pads? They're an awesome network pentesting tool that leverages a Nexus tablet - which you can either buy right from Pwnie Express, or create your own if you have a certain model of Nexus lying around. I just happened to have the right Nexus model around, so this podcast episode chronicles my trial and error (mostly error) in making a DIY Pwn Pad!

P.S. to get the Android tools installed on Ubuntu 14.04, run these commands:

sudo add-apt-repository ppa:nilarimogard/webupd8sudo apt-get updatesudo apt-get install

83: Wifi Pineapple First Impressions

In this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you'll probably want one too.

82: OSWP - Part 3

The OSWP series is coming to a close. One final episode today and then the four-quel episode will be all about the test!

81: OSWP - Part 2

A continuation of our thrilling, exciting, mind-blowing series on OSWP (Offensive Security Wireless Professional)!

80: OSWP - Part 1

This episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.

79.5: UPDATE(!) on My Love-Hate Relationship with Nessus

In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!

79: My Love/Hate Relationship with Nessus

In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.

78: It's All About Segmentation

In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!

77: OFFTOPIC - Rickrolling Your Coworkers for Fun and Profit

This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!

76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

75: OFFTOPIC - My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

73: PCI Pentesting 101 – Part 2

This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password!

72: PCI Pentesting 101

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.

71: OFFTOPIC - Mad Max

We’re going totally off topic today and doing a movie review of Mad Max!

70: Get the Most out of Your DNS!

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.

69: I’m Not Responsible for Your Information Insecurity

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better.

68: Is Training and Awareness Worth It or Worthless?

This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless!

67: Wifi Sniffing is Fun - Part 2

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup.

66: I’m Excited to Go Phishing – Part 2

This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed.

65: OFFTOPIC - Still Alice

Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice.

64: Wifi Sniffing is Fun - Part 1

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way.

63: I’m Excited to Go Phishing

This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person?

62: You Should Run LAPS

Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience.

61: Why Local Admin Rights Suck

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights.

60: How Not to Suck at Customer Service

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach?

59: Traveling with a Red Giant – Part 2

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode is about some cool things I learned about it.

58: What Should We Do First?

At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture.

57: How to Review a Firewall

n this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a good automated tool.

56: OFFTOPIC – Catching Up and Blowing Noses

A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town!

55: OFFTOPIC – What’s in Brian’s Murse?

Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks.

54: Traveling with a Red Giant

If you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock only when actively buying things, and lock whenever you're not.

53: Are You Ready to Get Robbed?

Business DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good backups and DR in place?

52: OFFTOPIC – My Son is Really Loyal

It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me.

51: CEH vs. OSCP

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you.

50: OSCP – The Final Chapter – part 2!

At last, the epic conclusion of the maddening, redeeming OSCP journey.

49: OSCP – The Final Chapter – part 1!

We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP!

48: So I Gave My Eight Year Old a Computer

Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in!

47: Logging and Alerting RELOADED

Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment.

46: So You Want to Be a Hacker?

So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers has changed dramatically.

45: OFFTOPIC – Why I Stopped Pirating Software

Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will make someone want to stop pirating software forever, immediately.

44: OFFTOPIC – Annoying People at the YMCA

Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why.

43: Why Web Site Vulnerability Scanners Can Ruin Your Day

Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this.

42: Vulnerability Scans vs. Pentests

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to explain the difference (in my mind, anyway).

41: OSCP – Part 7

Tired of talking about OSCP yet? Me neither!

40: OSCP - Part 6

Yep, OSCP continues to kick my butt. I hope this episode helps it kick yours less.

39: Infosec on the Disney Boat

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies.

38: OFFTOPIC - Health and Infosec

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape.

37 - Keimpx

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx.

36: OSCP - Part 5

More OSCP discussion goodness.

35: OSCP - Part 4

More about the challenging, rage-inducing OSCP training experience.

34: The Hacker Playbook

I found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook.

32: OSCP - Part 3

An obvious (hopefully) tip that will save you a ton of time.

31: Network Detective

Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more.

30: Managing Privileged Accounts

Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem.

29: Follow Up Then!

This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then!

28: Infosec for Kids?

This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind.

27: Backing Up with Crashplan

This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan.

26: The Importance of Training and Awareness

This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.”

25: Writing Better Pentest Reports

This episode talks about some pointers, tools and tips towards writing better pentest reports.

24: Why Wireless Scares Me

This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web.

23: OSCP - Part 2

Part 2 of the OSCP series, focusing on how you need to make sure you document everything as you go!

22: Black Squirrel

This episode is about using Black Squirrel for phishing campaigns.

View this episode's show notes for more information.

21: OSCP - Part 1

In this episode I talk about my venture into Offensive Security and the OSCP certification!

20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home.

View this episode's show notes for more information.

19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills.

View this episode's show notes for more information.

18: Wireless Security 101

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments.

View this episode's show notes for more information.

17: How to Pass the Certified Ethical Hacker Exam

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam.

View this episode's show notes for more information.

16: PwnPad Initial Impressions - part 2!

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting.

15: PwnPad Initial Impressions

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting.

View this episode's show notes for more information.

14: H8 4 Win 8 (audio)

In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong.

View this episode's show notes for more information.

13: How to Get Pwned by HP

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware!

View this episode's show notes for more information.

12: Why My Domains Have Gan to Gandi

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts.

View this episode's show notes for more information.

11: Overtraining your iPhone Touch ID

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone.

View this episode's show notes for more information.

10: Information Security for the Whole Family - part 2

In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids.

View this episode's show notes for more information.

9: Information Security for the Whole Family

A chat about sharing passwords with your spouse and how you should probably make home network production changes after hours :-).

View this episode's show notes for more information.

8: CISSP - Is That the Cert for Me?

All about the CISSP certification, what it covers, how to study for it, and how to pass it!

View this episode's show notes for more information.

7: External Vulnerabilities that Byte

In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up.

View this episode's show notes for more information.

6: Fun Firewall Rules - part 2

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place.

View this episode's show notes for more information.

5: Fun Firewall Rules - part 1

In this episode I talk about some basic firewall rules that many organizations don’t have in place.

View this episode's show notes for more information.

4: Patch Strategies: Part 2

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear.

View this episode's show notes for more information.

3: Patch Strategies: Part 1

Here are some strategies for getting patching done the right way.

View this episode's show notes for more information.

2: The Importance of Logging and Alerting

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached.

View this episode's show notes for more information.

1: Epic Introduction

In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-).

View this episode's show notes for more information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment