Skip to content

Instantly share code, notes, and snippets.


Brian Johnson braimee

View GitHub Profile
braimee /
Last active Jan 21, 2021
Mostly painless Cuckoo Sandbox install

How to Build a Cuckoo Sandbox Malware Analysis System

I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso

Build your Linux Cuckoo VM

  1. Setup a Ubuntu 16.04 64-bit desktop VM (download here) in VMWare with the following properties:
  • 100GB hard drive
  • 2 procs
  • 8 gigs of RAM
braimee /
Last active Jan 16, 2021
Password cracking in the cloud
braimee /
Last active Dec 30, 2020
A list of tools and services I use to help run my business

Tools and services I use to run 7 Minute Security, LLC

This gist complements a series of podcast episodes I do called How to Succeed in Business Without Really Crying. In part 6 of this series I list a bunch of tools and services I use to help me conduct security assessments and also balance the taxes/books. Here is that full list in all its gist-y glory:

Google Domains

There are lots of registrars out there, and as far as I can tell, they offer about the same amount of features and same pricing for each domain. Since I have such a large footprint already in Google services with my account, moving domains under their roof was pretty easy and made sense. I've also had to use their technical support a few times and found the response times - and level of service - to be stellar.

Microsoft Office

You know it and probably love or hate it. Lots of people tell me "Just use Google Docs! Just us

braimee /
Last active Dec 26, 2020
Some simple security tests you can run to test the effectiveness of your SIEM


In episode 338 of the 7 Minute Security podcast, I talked about a recent engagement where I helped a customer do a bit of a SIEM solution bake-off. This gist is the companion to that episode, and is broken down into the following two sections:

  • Questionnaire - a series of questions you can ask SIEM vendors to gather as many data points about their products and services as possible

  • SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts on some things it should indeed whine about


Introduction / Purpose

braimee /
Last active Dec 10, 2020
7 Minute Security podcast episode guide

7 Minute Security podcast - full episode guide

Below is a blurb on each podcast episode, as well as a link to the corresponding show notes (if available). I apologize but this gist is often a little outdated, so to view the show notes for the latest episodes be sure to also check out

393: Interview with Peter Kim

Today features the long-awaited interview with Peter Kim of The Hacker Playbook series!

View this episode's show notes for more information

braimee /
Last active Dec 8, 2020
Pwning internal networks automagically


This document pools several awesome tools and blog entries together (see "Resources" at the end of this doc) in an attempt to automate the process of getting an initial foothold on a network in a situation where you have no valid credentials.

Download and install ntlmrelay

Ok, so one weird thing I'm trying to figure out is if I install ntlmrelay as the first tool we'll use, these steps seem to work ok:

git clone /opt/impacket
cd /opt/impacket
pip install .
braimee /
Last active Nov 3, 2020
Active Directory hash dump n' crack methodology

Creating AD backup dump of user accounts and hashes

Upgrade to latest version of PowerShell

Check your version with:


If you are below Major: 5, Minor:1 head to Microsoft's download site to get the latest.

braimee /
Last active Aug 27, 2020
7 Minute Security Webinar Series

7 Minute Security Webinar Series

Below is a list of Webinars hosted by 7 Minute Security:

Upcoming Webinars:

More coming soon!

Past Webinars:

Dealing with Rejection: A DMARC Discussion

Thursday, August 20, 2020 @ 10:00 a.m. CST

braimee / piholeblock.txt
Created Jun 10, 2020
PiHole test block list
View piholeblock.txt
braimee /
Last active Apr 7, 2020
Tweenager Cell Phone Contract

Below is the cell phone agreement I have with my kids. It was largely inspired by this contract which had some excellent ideas.

Tweenager Cell Phone Responsibilities

  • I understand that my cell phone is a privilege, not a right. Mom and dad can look at anything on my phone and take it away for any length of time and for any reason.

Quiet times

I will silence and put away or turn off my phone:

  • At 7:30 p.m. each night, and I will put the phone on the charger upstairs