These are the Slack channels featured on the 7 Minute Security Slack channel:
A channel for the 7MS User's Group, which is slated to start monthly(ish) in January, 2019. Currently looking for interested sponsors, speakers and attendees!
Basically just a place to receive RSS notifications when the BPATTY project gets updated.
Trying to stop those pesky pentesters and other adversaries? Share your favorite defensive tools, tips, scripts and strategies!
This document complements the Active Directory security topics talked about on the 7 Minute Security podcast miniseries related to Active Directory - specifically #329. The purpose of this doc is to compile resources we can all use to make our Active Directory environments more physically and logically secure. Here we go....
I can't tell you how many companies I've run into that have flippin' Fort Knox around their DCs at their primary office (cameras, motion detectors, angry guard dogs, snipers, etc.) but then the branch office has a DC under the receptionist's desk with no security controls. Make sure all domain controllers are physically locked down. I think a good minimum config is to have the DC locked in a room with keycard access - where only a subset of employees have physical access.
This gist focuses on (relatively) free and (relatively) easy things organizations can do to better protect their networks without buying yet another black box with blinking lights.
Got some ideas of your own that should be on this list? Please leave a comment below!
Microsoft has a great paper on the topic that gives some nice high level recommendations:
It's a new (and hopefully fun) interview format I want to engage in with members of the information security community on the 7 Minute Security podcast.
I'm Brian from 7 Minute Security, LLC and I've been having a blast doing some longer-form interviews with security folks, but I thought it would be fun to do a shorter-form outline where I ask 7 questions (ok, maybe a few more than 7...but I like lucky numbers). Some questions will be serious. Others will not.
Check these out:
I had a heck of a time getting a Cuckoo sandbox running, and below I hope to help you get one up and running relatively quickly by detailing out the steps and gotchas I stumbled across along the way. I mention this in the references at the end of this gist, but what you see here is heavily influenced by this article from Nviso
This document pools several awesome tools and blog entries together (see "Resources" at the end of this doc) in an attempt to automate the process of getting an initial foothold on a network in a situation where you have no valid credentials.
Ok, so one weird thing I'm trying to figure out is if I install ntlmrelay as the first tool we'll use, these steps seem to work ok:
git clone https://github.com/CoreSecurity/impacket.git /opt/impacket
cd /opt/impacket
pip install .
Check your version with:
$Psversiontable.psversion
If you are below Major: 5, Minor:1 head to Microsoft's download site to get the latest.
This document is under construction, but is intended to get you up and running quickly with cracking hashes in the cloud using the Paperspace service.
Resources used for this article:
Tired of recruiters pinging you about jobs that you don't care about or are under/overqualified for, but you'd like to utilize their time/skills/talent to find gigs you DO want? Customize this template and send it to them!
Hello,
Thanks for your email. The position you sent me is not a fit, however, here are some of the things I’d be looking for if I were to consider another position:
You said you wouldn't do it
You said you wouldn't click that link
But you totally did
It’s clear you didn’t stop and think
How the promise of a free burrito would be all that it took
To open up our networks to virtual crooks