7 Minute Security

7 Minute Security

7ms.us
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.


#416: Pi-hole 5.0
May 27 • 35 min
Today we talk about some awesome new features - and a few gotchas - in Pi-hole 5.0.
#415: Cyber News
May 21 • 31 min
Today’s episode kicks off a fun little experiment where my pal Joe Skeen and I cover some of the week’s interesting security news stories, how they might affect you, and what you can do to make you and your company more secure.
#414: Tales of Pentest Fail #4
May 13 • 64 min
Today’s episode talks about four epic tales of pentest/assessment fail.
#413: PCI Professional Certification (PCIP) - Part 3
May 7 • 51 min
Today we talk about the overview and objectives for being a PCIP, how payment card data is leaked/stolen/breached and the definition of some fundamental PCI acronym soup, including PCI DSS, PA-DSS and P2PE.
#412: Tips for Working Safely and Securely From Home
May 1 • 45 min
In today’s episode we share some tips for working more safely and securely from home, which for many of us is our new office for the foreseeable future!
#411: More Fun Stay-at-Home Security Projects
Apr 23 • 54 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today is sort of a…
#410: PCI Professional Certification (PCIP) - Part 2
Apr 16 • 57 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I’m…
#409: PCI Professional Certification (PCIP)
Apr 9 • 40 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today I’m starting a…
#408: Cell Phone Security for Tweenagers - Part 2
Apr 3 • 32 min
This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all…
#407: Four Fun Stay-at-Home Security Projects
Mar 26 • 33 min
In today’s episode I share four fun stay-at-home security projects - three with a security focus and one centered around music. Let’s gooooooooo! FoldingAtHome The Folding At Home project helps use your GPU/CPU cycles for COVID-19 research. From the Web…
#406: Securing Your Family During and After a Disaster - Part 4
Mar 21 • 40 min
This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all…
#405: Tales of Internal Pentest Pwnage - Part 16
Mar 12 • 43 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today’s…
#403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle
Mar 9 • 7 min
Today’s slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness. To kick things off, I’m super excited to share with you two new security-themed songs for some of my favorite…
#402: Interview with Matt Duench of Arctic Wolf
Feb 26 • 72 min
Today I’m joined by Matt Duench (LinkedIn / Twitter), who has a broad background in technology and security - from traveling to over 40 countries around the world working with telecom services, to his current role at Arctic Wolf where he leads product…
#401: Tales of Internal Pentest Pwnage - Part 15
Feb 20 • 61 min
It’s episode 401 and we’re having fun, right? Some things we cover today: The Webinar version of the DIY Pwnagotchi evening will be offered in Webinar format on Tuesday, March 10 at 10 a.m. A quick house fire update - we’re closer to demolition now! I…
#400: Tales of Internal Pentest Pwnage - Part 14
Feb 14 • 64 min
Wow, happy 400th episode everybody! Also, happy SIXTH birthday to the 7MS podcast! Today I’ve got a really fun tale of internal network pentest pwnage to share with you, as well as a story about a “poop-petrator.” Key moments and takeaways include: Your…
#399: Baby’s First Password Cracking Rig
Feb 7 • 42 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Believe…
#398: Securing Your Network with Raspberry Pi Sensors
Jan 30 • 50 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I’ll be…
#397: OPSEC Tips for Security Consultants
Jan 22 • 36 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. I’m…
#396: Tales of Internal Pentest Pwnage - Part 13
Jan 15 • 53 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In last…
#395: Tales of Internal Pentest Pwnage - Part 12
Jan 8 • 65 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In…
#394: DIY Pwnagotchi
Jan 3 • 43 min
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Sung to…
#393: Interview with Peter Kim
Dec 26, 2019 • 84 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Peter Kim of
#392: LAPS Reloaded
Dec 19, 2019 • 24 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting…
#391: Securing Your Family During and After a Disaster - Part 3
Dec 11, 2019 • 49 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting…
#390: Tales of Internal Network Pentest Pwnage - Part 11
Dec 6, 2019 • 62 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting…
#389: Securing Your Family During and After a Disaster - Part 2
Nov 21, 2019 • 36 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! In part 1 of this series
#388: Securing Your Family During and After a Disaster - Part 1
Nov 15, 2019 • 74 min
In today’s episode I talk about how my family’s house and two vehicles were recently destroyed in a fire. The Johnson family is all ok - no injuries, thank God. However, this has turned our world upside down, and over the past week of sleepless nights…
#387: How to Succeed in Business Without Really Crying - Part 7
Nov 10, 2019 • 56 min
Today’s episode features a few important changes to the tools and services I use to run 7MS: Docusign is out and (sort of) replaced with Proposify
#386: Interview with Ryan Manship and Dave Dobrotka - Part 4
Nov 1, 2019 • 84 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! I’m sorry it took me…
#385: A Peek into the 7MS Mail Bag
Oct 22, 2019 • 44 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting
#384: Creating Kick-Butt Credential-Capturing Phishing Campaigns
Oct 12, 2019 • 50 min
In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include: Consider this list of top 9 phishing simulators.…
#383: Tales of Internal Network Pentest Pwnage - Part 10
Oct 1, 2019 • 30 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! This episode is a “sequel”…
#382: Tales of Internal Network Pentest Pwnage - Part 9
Sep 24, 2019 • 34 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting
#381: DIY $500 Pentesting Lab Deployment Tips
Sep 17, 2019 • 38 min
For Windows VMs Take a snapshot right after the OS is installed, as (I believe) the countdown timer for Windows evaluation mode starts upon first “real” boot. Want to quickly run Windows updates on a fresh Win VM? Try this (here’s the source): powershell…
#380: Tales of Internal Network Pentest Pwnage - Part 8
Sep 4, 2019 • 28 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting
#379: Tales of Internal Network Pentest Pwnage - Part 7
Aug 29, 2019 • 43 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! This episode, besides…
#378: Interview with Zane West of Proficio
Aug 22, 2019 • 54 min
In today’s episode, I sit down with Zane West of Proficio. Zane has been in information security for more than 20 years - starting out in the “early days” as a sysadmin and then moved up into global infrastructure architect function in the banking world.…
#377: DIY Pentest Dropbox Tips
Aug 16, 2019 • 28 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting
#376: Tales of SQL Injection Pwnage
Aug 11, 2019 • 38 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting
#375: Tales of Pentest Fail #3
Aug 2, 2019 • 40 min
I swear this program isn’t turning into the Dr. Phil show, but I have to say that sharing tales of fail is extremely therapeutic for me, and based on your comments, it sounds like many of you feel the same way too. Today’s takeaways include: Doing a 8-10…
#374: Tales of Internal Pentest Pwnage - Part 6
Jul 24, 2019 • 72 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Ok, I lied a few episodes…
#373: Tales of Pentest Fail #2
Jul 19, 2019 • 34 min
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today’s episode is a…
#372: Tales of Internal Pentest Pwnage - Part 5
Jul 15, 2019 • 43 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting…
#371: Tales of Internal Pentest Pwnage - Part 4
Jul 12, 2019 • 44 min
Today’s episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting…
#370: Happy Secure 4th!
Jul 3, 2019 • 7 min
Hey folks, happy secure 4th o’ July! In today’s seven minute episode (Wha? Gasp! Yep…it’s seven minutes!) I kick back a bit, give you some updates and tease/prepare you for some cool full episodes to come in the near future. Topics covered include: NPK,…
#369: Cracking Hashes with NPK
Jun 28, 2019 • 19 min
Today’s episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It’s in compliance with the latest NIST password…
#368: Tales of Pentest Fail
Jun 24, 2019 • 36 min
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out…
#367: DIY Two-Hour Risk Assessment
Jun 16, 2019 • 33 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Hey! I’m on the road again - this time with a tale encompassing: How to conduct a mini risk assessment in just two hours. Some ways to…
#366: Tales of Internal Pentest Pwnage - Part 3
Jun 16, 2019 • 66 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today’s episode was recorded on the way to a new assessment, and since I had nothing but miles and time in front of me, I covered two…
#365: Interview with Ryan Manship and Dave Dobrotka - Part 3
May 30, 2019 • 68 min
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out…
#364: Tales of External Pentest Pwnage
May 23, 2019 • 36 min
This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out…
#363: Interview with Ryan Manship and Dave Dobrotka - Part 2
May 15, 2019 • 57 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Yuss! It’s true! Dave and Ryan are back! Back in episode #326 we met Ryan Manship of
#362: My Dear Friend Impostor Syndrome
May 8, 2019 • 41 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today I take a walk (literally!), get chased by a dog (seriously!) and talk about impostor syndrome and feelings of self-loathing and…
#361: Logging Made Easy
May 3, 2019 • 26 min
Today we’re talking about Logging Made Easy, a project that, as its name implies…makes Windows endpoint logging easy! I love it. It offers a simple, digestible walkthrough of several short “chapters” to get started. These chapters include: Chapter 1 - Set…
#360: Active Directory Security 101 - Part 2
Apr 24, 2019 • 22 min
This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations…
#359: Windows 10 Security Baselining
Apr 19, 2019 • 26 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a…
#358: 4 Ways to Write a Better Pentest Report
Apr 16, 2019 • 39 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we’re talking about everybody’s favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I’ve seen…
#357: 7 Minutes of IT and Security Tips
Apr 11, 2019 • 7 min
Today I’m launching an ongoing series called 7MOIST. It stands for: 7 Minutes of IT and Security Tips The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long! I know, I know! You’re saying, “Wait a sec, bub, isn’t…
#356: Faster Hard Drive Forensics with CyLR and CDQR
Apr 3, 2019 • 24 min
This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In today’s episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources…
#355: Mousejacking!
Mar 27, 2019 • 27 min
This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could…
#354: Tales of Internal Pentest Pwnage - Part 2
Mar 25, 2019 • 38 min
Today’s episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final “wins” that got me to Domain Admin status (and beyond!): Got DA but can’t get to your final “crown…
#353: Tales of Internal Pentest Pwnage - Part 1
Mar 22, 2019 • 42 min
Buckle up! This is one of my favorite episodes. Today I’m kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the “crown jewels” data, so I thought…
#352: Recap of Rad Red Team Training
Mar 14, 2019 • 34 min
I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series. TLD
#351: Turn Windows Logging up to 11
Mar 6, 2019 • 23 min
Today’s episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and enter code 7MS when completing your signup. In today’s episode, I talk about how the level of Windows server/client logging out of the box is…not really…
#350: Interview with Lewie Wilkinson of Pondurance
Feb 20, 2019 • 60 min
Today’s featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via…
#349: Interview with Ameesh Divatia of Baffle
Feb 14, 2019 • 29 min
Today’s featured interview is with Ameesh Divatia, cofounder and CEO at Baffle. Baffle offers an interesting approach to data protection that they call data-centric protection, and the idea is you need to protect information at the record level, not just…
#348: Cell Phone Security for Tweenagers
Feb 6, 2019 • 36 min
Today’s episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It’s in compliance with the latest NIST password…
#347: Happy 5th Birthday to 7MS
Jan 31, 2019 • 49 min
Today’s episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It’s in compliance with the latest NIST password…
#346: Baby’s First Red Team Engagement
Jan 23, 2019 • 50 min
WARNING: Today’s episode is a bit of an experiment, and I hope you’ll hang in there with me for it. I had the opportunity to do a week-long red team engagement, and so I recorded a little summary of the experience at the end of each day, and then pasted…
#345: Interview with Amber Boone
Jan 16, 2019 • 22 min
Coming up on Tuesday, January 22 I’ll be doing a Webinar with Netwrix called 4 Ways Your Organization Can Be Hacked. It features a Billy Madison theme and pits evil Eric Gordon against sysadmin Billy Madison. H
#344: Announcing the 7MS User Group
Jan 9, 2019 • 11 min
I’d like to coordially invite you to the first-ever 7MS User Group meeting, coming up Monday, January 14th at 6 p.m.! You can attend physically, virtually or both! All the info you need is in today’s podcast, as well as here. See you there!
#343: Interview with Dan DeCloss
Jan 2, 2019 • 60 min
Psssst! Wanna come to the first ever 7MS User Group meeting? It’s coming up on January 14th. You can join in person or virtually! Head here for more information! Dan DeCloss (a.k.a. wh33lhouse on Slack and @PlexTracFTW a
#342: Interview with Matt McCullough
Dec 26, 2018 • 105 min
Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard work, aggressive networking and taking advantage of…
#341: How to Fix Unquoted Service Paths
Dec 19, 2018 • 16 min
Today’s episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It’s in compliance with the latest NIST password…
#340: Forensics 101 Reloaded and The CryptoLocker Music Video
Dec 13, 2018 • 22 min
Last week I had the fun privilege of speaking twice at the Minnesota Goverment IT Symposium on the following topics: Forensics 101: This was a “reloaded” talk that I started earlier this year (and covered in episode 299 and
#339: A Pulse-Pounding Impromptu Physical Pentest
Dec 6, 2018 • 19 min
On a recent security assessment I was thrown for a loop and given the opportunity to do a two-part physical pentest/SE exercise - with about 5 minutes notice(!). Yes, it had me pooping my pants, but in retrospect it was an amazing experience. This is the…
#338: SIEMple Tests for Your SIEM Solution
Nov 28, 2018 • 17 min
Today’s episode talks about some SIEMple tests you can run on your SIEM (OMg see what I did there? I took the word simple and made it SIEMple. Genius stuff, right? And there’s no extra charge for it!). And if you’re just now starting to shop around for a…
#337: Happy Secure Thanksgiving
Nov 21, 2018 • 27 min
Happy Thanksgiving! In this episode I: Share some things I’m thankful for - like you! Talk about a fun episode I’m working on that has some SIEMple tests you can use to test your SIEM (omg see what I did there? So clever) Announce the 7MS user’s group…
#336: How to Succeed in Business Without Really Crying - Part 6
Nov 14, 2018 • 23 min
Welcome to part 6 of our miniseries all about the ups, downs, trials and tribulations of being a small, one-person security start up. In this episode I detail out all the software/services I use to run 7 Minute Security, LLC in hopes it might help you run…
#335: Cool Stuff I Just Learned From Red Teamers
Nov 8, 2018 • 13 min
Today I’m excited to brain-dump a bunch of cool stuff I learned at a red team conference called ArcticCon this week. Although this conference observes the Chatham house rule I’m just going to talk about a few things from a general, high level.…
#334: IT Security Horrors That Keep You Up at Night
Nov 1, 2018 • 23 min
This week I got to celebrate Halloween with my friends at Netwrix by co-hosting a Webinar called IT Security Horrors That Keep You Up at Night. The content was a modified version of the Blue Team on a Budget talk I’ve been doing the past year or so, and…
#333: Pentesting Potatoes
Oct 25, 2018 • 13 min
This week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Project7 crew and picked up a lot of cool tools and tips I share in today’s episode: The Badger Infosec group…
#332: Low Hanging Hacker Fruit
Oct 17, 2018 • 8 min
In this episode I’m releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy things to implement. And my hope is it can be a…
#331: How to Become a Packtpub Author - Part 3
Oct 10, 2018 • 7 min
It’s done! It’s done!! It’s DONE!!! That’s right mom, my PacktPub course called Mastering Kali Linux Network Scanning is done! In today’s episode I: Recap the course authoring experience Explain my super anal retentive editing process that takes 4 hours fo
#330: Interview with Nathan Hunstad of Code42
Oct 3, 2018 • 52 min
In today’s episode, I’m excited to be joined in the studio by Nathan Hunstad, Director of Security at Code42. Nathan and I had a great chat about Code42’s new security offering called Code42 Forens
#329: Active Directory Security 101
Sep 27, 2018 • 21 min
Today’s episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people…
#328: How to Succeed in Business Without Really Crying - Part 5
Sep 19, 2018 • 28 min
This episode is a cavalcade of fun! Why? First, I’ve got a big announcement: I’ve accepted a new position. “What?!” exclaimed my mom. “I thought you were president of 7MS, what the what?” No worries, it’s business as usual, and my responsibilities at 7MS…
#327: Interview with John Strand
Sep 12, 2018 • 46 min
Today’s episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people…
#326: Interview with Ryan Manship and Dave Dobrotka
Sep 6, 2018 • 93 min
Today’s episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to www.dashlane.com/7ms and use the code 7MS for 10% off a year of Dashlane Premium! Today I’m super pumped to be joined…
#325: Integrating Pwned Passwords with Active Directory - Part 2
Aug 30, 2018 • 19 min
Today’s episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt’s Pwned Passwords into your
#324: How to Succeed in Business Without Really Crying - Part 4
Aug 23, 2018 • 20 min
It’s been a while so I thought I’d update you on how things are going on the business front. Here are the big updates I want to share with you in today’s episode: A new 7MS hire that’s going to hunt sales opportunities! My approach to finding podcast…
#323: 7 Ways to Not Get Hacked
Aug 16, 2018 • 18 min
I’m putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I’m trying to broil this list down to 7 key things to focus on. Here’s my list thus far: Passwords…
#322: My First Live Radio Interview
Aug 9, 2018 • 53 min
I had an exhilarating and terrifying experience this week doing my first ever live radio interview! As a quick bit of background, this interview was part of the 7MS radio marketing campaign that I’ve talked about my “How to Succeed in Business Without…
#321: Interview with Joe Klein - Part 2
Aug 1, 2018 • 107 min
Today’s episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. Today’s episode is a follow-up interview with Joe Klein, who is my…
#320: Interview with Lane Roush of Arctic Wolf
Jul 25, 2018 • 63 min
Today’s episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week I sat down with Lane Roush of Arctic Wolf to discuss the…
#319: Sniper and Firewalls Full of FUD
Jul 19, 2018 • 18 min
Today’s episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. In today’s episode, I talk about my fun experience using the Sn1per…
#318: Interview with Bjorn Kimminich of OWASP Juice Shop
Jul 11, 2018 • 60 min
Today’s episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week’s show is another interview episode - this time with my…
#317: Interview with Justin McCarthy of StrongDM
Jul 5, 2018 • 48 min
Today’s interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercial and open source tools (like Comply) to help customers with SOC compliance. Justin schooled me (in a nice way) about a lot of things, including: What…
#316: How to Succeed in Business Without Really Crying - Part 3
Jun 27, 2018 • 22 min
In this episode I wanted to give you some cool/fun updates as it relates to 7MS the business! Specifically: A new member of the 7MS team (kinda!) The weird and varied projects I’m working on Upcoming podcast sponsors (probably in July) 7MS has a “real”…
#315: Creating a Personal DR Plan - Part 2
Jun 21, 2018 • 11 min
As a continuation of last week’s episode I’m now making a bit of progress in finding a good backup solution that protects USB backups both at rest and when pumped up to the cloud. I mentioned I’ve been using BackBlaze for backups (not a sponsor), and they…
#314: Creating a Personal DR Plan
Jun 13, 2018 • 15 min
You probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it’s grim to think about “What will my loved ones do to get into my accounts, backups, photos, social…
#313: Push-Button Domain Admin Access
Jun 7, 2018 • 18 min
As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else “loud.” The tools you’ll…
#312: OFF-TOPIC - Boxing a Cat
May 30, 2018 • 18 min
It has been a heck of a week (in a good way), and I’m taking a break from security so you can help me untangle a mystery that’s been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was…
#311: How to Build a Cuckoo Sandbox
May 24, 2018 • 15 min
This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me
#310: Secure the Radio Commercials
May 18, 2018 • 12 min
Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a “hook” to contact 7MS for help securing your church. The commercials themselves are embedded…
#309: Password Cracking in the Cloud - Part 2
May 9, 2018 • 13 min
Cracking passwords in the cloud is super fun (listen to last week’s episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their…
#308: Password Cracking in the Cloud
May 2, 2018 • 11 min
I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today’s episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you’ve got things to…
#307: Writing Security-Focused Radio Commercials
Apr 25, 2018 • 12 min
Hey, so this week I am without my main machine - thus no jingle or “jungle boogie” intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it’s more of…
#306: A Peek into the 7MS Mail Bag - Part 2
Apr 19, 2018 • 18 min
We’ve dug into some pretty technical topics the last few weeks so we’re gonna take it easy today. Below are some FAQs and updates I’ll cover on today’s show: FAQs What security certs should a sales person get? What lav mic should I get for podcasting? How…
#305: Evaluating Endpoint Protection Solutions - Part 2
Apr 12, 2018 • 11 min
Today is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is an adversary simulation system that’s really awesome! You can essentially setup a virtual attacker and cut it loose on some test machines, which is what I did…
#304: Integrating Pwned Passwords with Active Directory
Apr 5, 2018 • 17 min
I’ve been super pumped about Troy Hunt’s Pwned Passwords project ever since it came out - especially when I saw a tweet about using it in Active Dire
#303: Evaluating Endpoint Protection Solutions
Mar 28, 2018 • 14 min
I’m working on a fun project right now where I’m evaluating endpoint protection solutions for a client. They’re faced with a choice of either refreshing endpoints to the latest gen of their current product, or doing a rip and replace with something else.…
#302: Bunnies and Bloodhounds
Mar 22, 2018 • 16 min
I’ve had a fun week with a mixed bag of security related stuff happening, so I thought I’d throw it all in a big stew and cook it up for today’s episode. Here are the highlights: Bash bunny preso I had a fun opportunity this week to speak to some property…
#301: CredDefense
Mar 15, 2018 • 15 min
Intro CredDefense is a freakin’ sweet tool from the fine folks at Black Hills Information Security that does some really nifty things: Password filter Lets say you use the out-of-the-box password policy that comes with Active Directory, and y
#300: Windows System Forensics 101 - Part 2
Mar 8, 2018 • 16 min
In today’s continuation of last week’s episode I’m continuing a discussion on using free tools to triage Windows systems - be they infected or just acting suspicious. Specifically, those tools include: FTK Imager - does a dandy job of creating memory…
#299: Windows System Forensics 101
Feb 28, 2018 • 10 min
I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it’s hard to boil things down to just an hour. For the first part of the presentation, I…
#298: How to Succeed in Business Without Really Crying - Part 2
Feb 14, 2018 • 17 min
Last week I talked about how business has been going with the LLC. Today I answer some additional questions that I didn’t have time to address: How I’m finding leads/projects to work on (TLDR: I’m NOT sending 1TB of PDFs to people, spamming them, calling…
#297: How to Succeed in Business Without Really Crying
Feb 7, 2018 • 16 min
Intro Here’s some of the “juice” that has helped 7MS have a successful start: Support system Ok so I think if you’re going to have a successful business, you need an awesome support system. Mine consists of some of these things: Faith - I’m a Christian…
#296: WEFFLES - Windows Event Logging Forensic Logging Enhancement Services
Feb 1, 2018 • 14 min
WEFFLES are delicious! WEFFLES stands for Windows Event Logging Forensic Logging Enhancement Services and is Microsoft’s cool (and free!) console for responding to incidents and hunting threats. I had a chance to play with it in the lab this week and for…
#295: Interview with Kevin Keane
Jan 24, 2018 • 59 min
Today I’m excited to be joined by my friend and advisor Kevin Keane (Twitter / LinkedIn) who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy. Kevin and I sit down to talk about: How SMBs can take some productive…
#294: GDPR Me ASAP
Jan 17, 2018 • 11 min
GDPR in a nutshell GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process personal information about EU citizens must clearly explain…
#293: How to Become a Packtpub Author - Part 2
Jan 3, 2018 • 15 min
Back in episode 280 I talked about how I started working with PacktPub to start authoring a video course on vulnerability scanning using Kali. Since that episode I’ve found that recording and editing high quality video clips is taking waaaaaayyyyyyyyyyy…
#292: OFF-TOPIC - How I Nearly Killed My Sister with a Snowball
Dec 28, 2017 • 11 min
Hey folks, I had originally planned to cover the CredDefense toolkit but I couldn’t get it working. I’m basically having the same issue that someone reported here. Sooooo….will have to save that for next week. In the meantime, this episode feature
#291: The Quest for Critical Security Controls - Part 4
Dec 20, 2017 • 13 min
Did I mention I love the Critical Security Controls? I do. And here’s an absolute diamond I found this week: This site (http://www.auditscripts.com/free-resources/critical-security-controls/) offers awesome CSC-mapping tools (and they’re free!),…
#290: Interview with Joe Klein
Dec 13, 2017 • 52 min
My pal and former coworker Joe Klein joins me in the virtual studio to discuss: His career as a diesel mechanic and insurance guru How to leave a stable job, take a huge pay cut and start a risky infosec internship (sounds like the name of a broadway…
#289: I’m Dipping My Toes in Windows Forensics
Dec 6, 2017 • 13 min
Two weird things happening in this episode: I’m not in the car, and thus not endangering myself and others while podcasting and driving! My once beloved lav mic made a trip through the Johnson family’s washer and dryer. I don’t know that she’ll ever…
#288: I’m BURPing a Lot
Nov 30, 2017 • 14 min
Sorry the podcast is late this week - but it’s all for good reasons! I’m busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you: Mac High Sierra root bug Did you hear about this? Basically anybody could…
#287: Introducing 7 Minute Security LLC
Nov 22, 2017 • 12 min
Well, after over-teasing this last week, I’m excited to announce that I’ve started my own company! 7 Minute Security, LLC gives me an outlet to do all my favorite infosec stuff, such as: Network assessments Vulnerability scanning Penetration testing…
#286: The Quest for Critical Security Controls - Part 3
Nov 16, 2017 • 9 min
We’re continuing to hammer on the CSCs again this week. Here’s some rad resources that can get your CSC efforts in the right direction: CIS Implementation Guide for SMEs CIS Cybersecurity quarterly newsle
#285: The Quest for Critical Security Controls - Part 2
Nov 9, 2017 • 12 min
Nothing to do with security, but I’ve heard this song way too much this week. I love the CIS Controls but it seems like there isn’t a real good hands-on implementation guide out there. Hrmm…maybe it’s time to create one? Speaking of that, check out the
#284: The Quest for Critical Security Controls
Nov 1, 2017 • 12 min
For a long time I’ve been electronically in love with the Critical Security Controls. Not familiar with ‘em? The CIS site describes them as: The CIS Controls are a prioritized set of actions that protect your critical systems and data from the most…
#283: OFF-TOPIC - I Love Cops and COPS
Oct 27, 2017 • 18 min
My plans for this week’s podcast went hush-hush, kablooie, bye-bye, see ya, adios. So, I’m pinch-hitting and going off-topic and talking about…of all things…cops. Now wait! Wait wait! Don’t run away. I’m not going all political on you or anything like…
#282: A Peek into the 7MS Mail Bag
Oct 18, 2017 • 11 min
I’m gonna level with you: it’s been a heck of a week. So I thought I’d try something a little different (and desperate?) and use this episode to answer some FAQs that come in via email and Twitter DM. Today’s burning questions include: Q: Do I think it’s…
#281: Baby’s First Banking Infosec Conference
Oct 11, 2017 • 15 min
I went to my first ever banking-focused infosec conference a few weeks ago (WBA’s Secure-IT) and learned a ton. I met some really great people and had many productive conversations around security. The main takeaways from the conference that I talk about…
#280: How to Become a Packtpub Author
Oct 4, 2017 • 11 min
I’m excited to announce I’m going to be a PacktPub author! I’m going to work with them to create a course on network/vulnerability scanning. I’m pumped, but kinda nervous, so when I had the initial conversations with PacktPub staff, I made sure I hit them…
#279: Patching Solutions Bake-Off - Part 4
Sep 28, 2017 • 15 min
Intro The patching solutions review concludes this week with Ivanti’s patch solution, as well as PDQ Deploy/Inventory. As a quick reminder, here’s where our bake-off currently sits: Ninite (covered in
#278: Interview with Rob Sell
Sep 21, 2017 • 56 min
Intro We’re breaking ground with this episode, folks! For the first time in 7MS history, we’ve got a guest on the show (finally, right?!). Rob Sell is an IT manager who has been working in IT for many years, with a focus on information security…
#277: Patching Solutions Bake-Off - Part 3
Sep 13, 2017 • 13 min
ManageEngine Desktop Central Overall, I have to bluntly say that I really enjoyed playing with ManageEngine’s solution. It’s got a crap-ton of features built into it - above and beyond patching - that I think IT/security folks will really appreciate. Pros…
#276: The CryptoLocker song
Sep 6, 2017 • 12 min
This is it! The worldwide Internet debut of an original infosec-themed song called CryptoLocker’d, and as the name implies, it’s about a CryptoLocker incident. Here’s the quick back story: A few years ago a worked on an incident response where a user got…
#275: Patching Solutions Bake-Off - Part 2
Aug 30, 2017 • 11 min
This episode continues our series on comparing popular patching solutions, such as: Ninite ManageEngine Ivanti PDQ Ninite This week I focused on Ninite, and here’s the TLDR version: Pros Does one thing (third party patching) and does it really well…
#274: Speaking at ILTACON - Part 4
Aug 23, 2017 • 15 min
I’m back from Vegas! My talk went really well and I’m excited to tell you about it in today’s episode. First, some conference/trip highlights: During the ILTACON conference I attended a great talk by Don McMillan about how to infuse humor into your work…
#273: Speaking at ILTACON - Part 3
Aug 16, 2017 • 9 min
I ran out of time in episode #272 to tell you about why preparing to be a speaker for ILTACON was way more stressful that preparing for Secure360 a few months ago. The main points of difference/stress were: ILTA wanted to see PowerPoint deck progress…
#272: Speaking at ILTACON - Part 2
Aug 16, 2017 • 11 min
This is part 2 of a series focusing on public speaking - specifically for the ILTACON conference happening in Vegas this week. In this episode I share a high-level walkthrough of my talk and the 10 “Blue Team on a Budget” tips that the talk will focus on.…
#271: Patching Solutions Bake-Off - Part 1
Aug 9, 2017 • 10 min
Seems like every business I meet with needs some sort of help in the patching department. Maybe they’ve got the Microsoft OS side of the house under control, but the third-party stuff is lacking. Or vice-versa. Either way, the team I work with is excited…
#270: IDS on a Budget - Part 4
Aug 3, 2017 • 12 min
I spent a bunch of time with Security Onion the last couple week’s and have been lovin’ it! I ran the install, took all the defaults, ran the updates, and pretty much just let it burn in on my prod (home) environment. After a few days, I went back to…
#269: Documentation
Jul 27, 2017 • 13 min
Documentation is super boring, right? Yet it’s critical to getting your client/audience excited about making their security better! In this episode I talk about my mixed feelings towards the “big” standards like ISO/NIST/etc. and how a more tactical,…
#268: IDS on a Budget - Part 3
Jul 19, 2017 • 12 min
Been having a blast working with the beta branch of the Sweet Security project and it anxious to try the latest fixes of the beta branch. Give it a look! I also spent a lot of time the last few nights playing with Security Onion and love it. After zipping…
#267: Backup Disasters
Jul 18, 2017 • 11 min
Today’s episode is a horror story about how I recently lost 5+ years of CrashPlan backups due to what I’m calling a…small clerical error. Yes, this oopsie was 100% my fault, but I think backup providers can do a better job of warning us (via text or…
#266: IDS on a Budget - Part 2
Jul 13, 2017 • 10 min
This week I’ve continued to play with the awesome Sweet Security IDS solution you can throw on a Raspberry Pi 3. A big update to share is that there is a beta branch which has some cool new features, such as the ability to break the Bro + ELK stack across…
265: IDS on a Budget - Part 1
Jul 5, 2017 • 10 min
I’ve been wanting to get a Bro IDS installed for a long time now - and for several reasons: It looks fun! My customers have expressed interest It will be part of my upcoming ILTACON session. So this weekend I started getting the ha
#264: Hacking Wordpress
Jun 29, 2017 • 11 min
I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with…
#263: Make Nessus Reporting Fun Again!
Jun 25, 2017 • 13 min
Tell me I can’t be the only one who regularly wants to combine a bunch of small Nessus scans files into a big fat Nessus scan file, and then make pretty pictures/graphs/summaries that the customer can easily understand? Over the last few weeks I must’ve…
#262: Speaking at ILTACON
Jun 14, 2017 • 10 min
Through kind of a weird series of events, I have an opportunity to speak at ILTACON this summer in Vegas (baby!). I’ll be talking about some things you can do if you suspect your perimeter is breached, as well as low-hanging fruit you can implement to…
#261: Blind Network Security Assessments
Jun 7, 2017 • 10 min
This week I had the fun opportunity to do a “blind” network security assessment - where basically we had to step into a network we’d never seen before and make some security posture recommendations. I’ve found that the following software/hardware is quite…
#260: PwnPro 101 - Part 2
Jun 2, 2017 • 12 min
I’m continuing to love the our PwnPro and had a chance to use it on a customer assessment this week. For the most part the setup/install was a breeze. Just had a few hiccups that the Pwnie support team straightened me out on right away. In the episode I…
#259: OFF-TOPIC - Home Robbery Attribution
May 24, 2017 • 9 min
Warning! Warning! This is an off-topic episode! I try really hard to create valuable weekly content about IT/security. However, sometimes a virtual grenade goes off in my life and prevents me from having the necessary time/resources to get my act…
#258: Speaking at Secure360 - Part 2
May 18, 2017 • 14 min
Intro I mentioned last week that I was speaking at the Secure360 conference here in the Twin Cities, and at that time I was preparing a talk called Pentesting 101: No Hoodie Required. I was so nervous that I’ve basically spent the last week breathing…
#257: Speaking at Secure360
May 11, 2017 • 11 min
The nervous butterflies are chewing up my organs this week. Why? Because I’m speaking at Secure360 next Tuesday and
#256: AlienVault Certified System Engineer - Part 2
May 3, 2017 • 11 min
So a few weeks ago I did an episode about the AlienVault Certified Security Engineer certification, and last Friday I took a stab at the test. I failed. It kicked my butt. Today I’m here to both rant about the unfairness of the test and
#255: PwnPro 101
Apr 26, 2017 • 10 min
I’m kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies…
#254: Bash Bunny
Apr 19, 2017 • 10 min
I’ve been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I’m doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started…
#253: Desperately Seeking Service Accounts
Apr 13, 2017 • 9 min
Find the show notes here!
#252: LAPS - Local Administrator Password Solution
Apr 5, 2017 • 8 min
Show notes are here.
#251: Blackholing Malvertising with Pi-Hole
Mar 29, 2017 • 10 min
Show notes are here
#250: The PBS Telethon Episode!
Mar 23, 2017 • 10 min
Show notes for today’s episode can be found here!
#249: AlienVault Certified Security Engineer - Part 1
Mar 16, 2017 • 9 min
Show notes are here.
#248: How to Hack the 10 O’clock News
Mar 9, 2017 • 11 min
Show notes are here.
#247: Webapp Pentest Tool Bake-Off - Part 4
Mar 1, 2017 • 9 min
Show notes are here.
#246: Webapp Pentest Tool Bake-Off - Part 3
Feb 22, 2017 • 11 min
Site notes are here. Enjoy.
#245: Webapp Pentest Tool Bake-Off - Part 2
Feb 17, 2017 • 9 min
Show notes are here.
#244: Webapp Pentest Tool Bake-Off - Part 1
Feb 8, 2017 • 10 min
Show notes are here
#243: ZOMG Logo Design Contest!
Feb 2, 2017 • 9 min
Here are today’s show notes!
#242: Bye Bye Dream Job - Part 4
Jan 25, 2017 • 10 min
We’ve reached the end of this series, and I come into this final chapter bearing good news: I have a job! So in today’s episode, I just wanted to kick back and share some cool things I’m working on as I ramp up in this new adventure (and that will also…
#241: Bye Bye Dream Job - Part 3
Jan 18, 2017 • 13 min
Show notes are here
#240: Bye Bye Dream Job - Part 2
Jan 11, 2017 • 12 min
Show notes are here.
#239: Bye Bye Dream Job - Part 1
Jan 4, 2017 • 9 min
Show notes: https://7ms.us/7ms-239-bye-bye-dream-job-part-1
#238: Network Monitoring 101 - Part 2: NMAP, Papertrailapp and OpenCanary
Nov 30, 2016 • 8 min
Show notes: https://7ms.us/7ms-238-network-monitoring-101-part-2-nmap-papertrailapp-and-opencanary
#237: Network Monitoring 101 - Part 1: Nessus
Nov 23, 2016 • 8 min
Show notes: https://7ms.us/7ms-237-network-monitoring-101-part-1-nessus
#236: From “Derp!” to Domain Admin with MOVEit Central
Nov 16, 2016 • 11 min
Show notes: https://7ms.us/7ms-236-from-derp-to-domain-admin-with-moveit-central
#235: Pwning Billy Madison
Nov 10, 2016 • 10 min
Show notes: https://7ms.us/7ms-235-pwning-billy-madison
#234: Pentesting OWASP Juice Shop - Part 5
Nov 3, 2016 • 7 min
Show notes: https://7ms.us/7ms-234-pentesting-owasp-juice-shop-part5
#233: Pentesting OWASP Juice Shop - Part 4
Oct 19, 2016 • 7 min
Show notes: https://7ms.us/7ms-233-pentesting-owasp-juice-shop-part-4/
#232: Pentesting OWASP Juice Shop - Part 3
Oct 12, 2016 • 8 min
Show notes: https://7ms.us/7ms-232-pentesting-owasp-juice-shop-part-3
#231: Pentesting OWASP Juice Shop - Part 2
Oct 5, 2016 • 8 min
Show notes: https://7ms.us/7ms-231-pentesting-owasp-juice-shop-part-2/
#230: Pentesting OWASP Juice Shop - Part 1
Sep 28, 2016 • 8 min
Show notes: https://7ms-230-pentesting-owasp-juice-shop-part-1
#229: Intro to Docker for Pentesters
Sep 21, 2016 • 8 min
Show notes: https://7ms.us/7ms-229-intro-to-docker-for-pentesters
#228: Fun with Bettercap
Sep 14, 2016 • 8 min
Show notes: https://7ms.us/7ms-228-fun-with-bettercap/
#227: Lets Encrypt - Installing SSL Certs for Nessus and Ubiquiti Unifi
Sep 7, 2016 • 9 min
Show notes: https://7ms.us/7ms-227-lets-encrypt-installing-ssl-certs-for-nessus-and-ubiquiti-unifi-2/
#226: DIY $500 Pentesting Lab - Part 3
Sep 1, 2016 • 8 min
Show notes: https://7ms.us/7ms-226-diy-500-pentesting-lab-part-3/
#225: DIY $500 Pentesting Lab - Part 2
Aug 24, 2016 • 9 min
Show notes: https://7ms.us/7ms-225-diy-500-pentesting-lab-part-2/
#224: DIY $500 Pentesting Lab - Part 1
Aug 17, 2016 • 9 min
Show notes: https://7ms.us/7ms-224-diy-500-pentesting-lab-part-1/
#223: Vulnhub Walkthrough - Tommy Boy
Aug 10, 2016 • 9 min
Show notes: https://7ms.us/7ms-223-vulnhub-walkthrough-tommy-boy/
#222: OFF-TOPIC - THE FINAL CHAPTER!
Aug 9, 2016 • 5 min
Show notes: https://7ms.us/7ms-222-off-topic-the-final-chapter/
#221: News and Links Roundup
Aug 5, 2016 • 9 min
Show notes: https://7ms.us/7ms-221-news-and-links-roundup/
#220: Installing Ubiquiti EdgeRouter X and AP - Part 3
Aug 2, 2016 • 10 min
Show notes: https://7ms.us/7ms-220-installing-ubiquiti-edgerouter-x-and-ap-part-3/
#219: News and Links Roundup
Jul 29, 2016 • 10 min
Show notes: https://7ms.us/7ms-219-news-and-links-roundup/
#218: Off-TOPIC - My Top 5 Favorite and Least Favorite Things About The Division
Jul 27, 2016 • 11 min
Show notes: https://7ms.us/7ms-218-off-topic-my-top-5-favorite-and-least-favorite-things-about-the-division/
#217: Installing Ubiquiti EdgeRouter X and AP - Part 2
Jul 26, 2016 • 10 min
Show notes: https://7ms.us/7ms-217-installing-ubiquiti-edgerouter-x-and-ap-part-2/
#216: News and Links Roundup
Jul 22, 2016 • 13 min
Show notes: https://7ms.us/7ms-216-news-and-links-roundup/
#215: Installing Ubiquiti EdgeRouter X and AP - Part 1
Jul 21, 2016 • 9 min
Here you can provide a detailed description about your podcast. You may wish to include: topics that will be discussed, your episode schedule, who hosts the show, any guests that have or will appear and what kind of people may enjoy your show.
#214: News and Links Roundup
Jul 16, 2016 • 13 min
Show notes: https://7ms.us/7ms-214-news-and-links-roundup/
#213: Building a Vulnerable VM (The Prequel)
Jul 12, 2016 • 8 min
Show notes: https://7ms.us/7ms-213-building-a-vulnerable-vm-the-prequel/
#212: News and Links Roundup
Jul 8, 2016 • 12 min
Show notes: https://7ms.us/7ms-211-news-and-links-roundup/
#211: OFF-TOPIC - IT Horror Stories - Part 2
Jul 7, 2016 • 9 min
Show notes: https://7ms.us/7ms-211-off-topic-it-horror-stories-part-2/
#210: Vulnhub Walkthrough - Mr. Robot
Jul 4, 2016 • 7 min
Show notes: https://7ms.us/7ms-210-vulnhub-walkthrough-mr-robot/
#209: News and Links Roundup
Jul 1, 2016 • 11 min
Show notes: https://7ms.us/7ms-209-news-and-links-roundup/
#208: OFF-TOPIC - The Jackwagon Who Stole My Drums!
Jun 29, 2016 • 8 min
Show notes: https://7ms.us/7ms-208-off-topic-the-jackwagon-who-stole-my-drums/
#207: Vulnhub Walkthrough - Sidney
Jun 27, 2016 • 9 min
Show notes: https://7ms.us/7ms-207-vulnhub-walkthrough-sidney/
#206: Vulnhub Walkthrough - Stapler
Jun 20, 2016 • 8 min
Show notes: https://7ms.us/7ms-206-vulnhub-walkthrough-stapler/
#205: News and Links Roundup
Jun 17, 2016 • 15 min
Show notes here: https://7ms.us/7ms-205-news-and-links-roundup/
#204: OFF-TOPIC - IT Horror Stories!
Jun 16, 2016 • 11 min
Show notes: https://7ms.us/7ms-204-off-topic-it-horror-stories/
#203: Vulnhub Walkthrough - FristiLeaks
Jun 13, 2016 • 10 min
Show notes: https://7ms.us/7ms-203-vulnhub-walkthrough-fristileaks/
#202: News and Links Roundup
Jun 10, 2016 • 11 min
Show notes: https://7ms.us/7ms-202-news-and-links-roundup/
#201: OFF-TOPIC - Audio Clip Extravaganza
Jun 8, 2016 • 13 min
Show notes: https://7ms.us/7ms-201-off-topic-audio-clip-extravaganza/
#200: Vulnhub Walkthrough - Milnet
Jun 6, 2016 • 10 min
Show notes here: https://7ms.us/7ms-200-vulnhub-walkthrough-milnet/
#199: News and Links Roundup
Jun 3, 2016 • 12 min
Show notes: https://7ms.us/7ms-199-news-and-links-roundup/
#198: Two Pretty Cool Pentest Stories
Jun 2, 2016 • 11 min
Show notes: https://7ms.us/7ms-198-two-pentest-stories/
#197: Vulnhub Walkthrough - SickOS 1.2
May 31, 2016 • 9 min
Show notes: https://7ms.us/7ms-197-vulnhub-walkthrough-sickos-1-2/
#196: News and Links Roundup
May 27, 2016 • 14 min
Show notes here: https://7ms.us/7ms-196-news-and-links-roundup/
#195: Why AppSpider is Grinding My Gears
May 25, 2016 • 8 min
Show notes: https://7ms.us/7ms-195-why-appspider-is-grinding-my-gears/
#194: Vulnhub Walkthrough - Simple
May 23, 2016 • 9 min
Show notes here: https://7ms.us/7ms-194-vulnhub-walkthrough-simple/
#193: News and Links Roundup
May 20, 2016 • 14 min
Show note here: https://7ms.us/7ms-193-news-and-links-roundup/
#192: Podcast Like Nobody’s Listening and Blog Like Nobody’s Reading
May 19, 2016 • 9 min
Show notes here: https://7ms.us/7ms-192-podcast-like-nobodys-listening/
#191: Vulnhub Walkthrough - Kevgir
May 16, 2016 • 7 min
Show notes: https://7ms.us/7ms-191-vulnhub-walkthrough-kevgir/
#190: Infosec News and Links Roundup
May 13, 2016 • 15 min
Show notes: https://7ms.us/7ms-190-infosec-news-and-links-roundup/
#189: OFFTOPIC - Reviews of The Family Fang and Tumbledown
May 11, 2016 • 7 min
Show notes: https://7ms.us/7ms-189-offtopic-reviews-of-the-family-fang-and-tumbledown/
#188: Vulnhub Walkthrough - DroopyCTF
May 9, 2016 • 11 min
Show notes: https://7ms.us/7ms-188-vulnhub-walkthrough-droopyctf/
#187: Infosec News and Links Roundup
May 6, 2016 • 14 min
Show notes: https://7ms.us/7ms-187-infosec-news-and-links-roundup/
#186: OFFTOPIC - Reviews of Brooklyn and The Revenant
May 4, 2016 • 9 min
Show notes: https://7ms.us/7ms-186-offtopic-reviews-of-brooklyn-and-the-revenant/
#185: Vulnhub Walkthrough - Lord of the Root
May 3, 2016 • 7 min
Show notes here: https://7ms.us/7ms-185-vulnhub-walkthrough-lord-of-the-root/
#184: Infosec News and Links Roundup
Apr 29, 2016 • 16 min
Show notes here: https://7ms.us/7ms-184-infosec-news-and-links-roundup/
#183: OFFTOPIC-The Invitation
Apr 28, 2016 • 8 min
Show notes here: https://7ms.us/7ms-183-offtopic-the-invitation/
#182: Vulnhub Walkthrough - SickOs
Apr 25, 2016 • 9 min
Show notes here: https://7ms.us/7ms-182-vulnhub-walkthrough-sickos/
#181: Infosec News and Links Roundup
Apr 23, 2016 • 11 min
Show notes here: https://7ms.us/7ms-181-infosec-news-and-links-roundup/
#180: Vulnhub Walkthrough: Skydog CTF
Apr 21, 2016 • 12 min
Show notes here: https://7ms.us/7ms-180-vulnhub-walkthrough-skydog-ctf/
#179: Bring New Life to an Old Mac with OSX Server
Apr 19, 2016 • 10 min
Show notes here: https://7ms.us/7ms-179-bring-new-life-to-an-old-mac-with-osx-server/
#178: Infosec News and Links Roundup
Apr 15, 2016 • 13 min
Show notes here: https://7ms.us/7ms-178-infosec-news-and-links-roundup/
#177: A Not Totally Sucky Way to Backup and Share Photos
Apr 14, 2016 • 9 min
Show notes are here: https://7ms.us/7ms-177-a-not-totally-sucky-way-to-backup-and-share-photos/
#176: DIY SSH Honeypot with Cowrie
Apr 11, 2016 • 8 min
Check out the show notes here: https://7ms.us/7ms-176-diy-ssh-honeypot-with-cowrie-2/
#175: Infosec News and Links Roundup
Apr 1, 2016 • 13 min
Show notes are here: https://7ms.us/7ms-175-infosec-news-and-links-roundup/
#174: DIY SSH Honeypot with Kippo - Part 2
Mar 31, 2016 • 8 min
Show notes here: https://7ms.us/7ms-174-diy-ssh-honeypot-with-kippo-part-2/
#173: DIY SSH Honeypot with Kippo
Mar 28, 2016 • 8 min
Show notes here: https://7ms.us/7ms-173-diy-ssh-honeypot-with-kippo/
#172: Infosec News and Links Roundup
Mar 28, 2016 • 12 min
Show notes here: https://7ms.us/7ms-172-infosec-news-and-links-roundup/
#171: OFF-TOPIC - Easter Music
Mar 23, 2016 • 10 min
Show notes (actually, MUSIC notes in this case) can be found here: https://7ms.us/7ms-161-off-topic-easter-music/
#170: Pentesting in a Vacuum - Part 3
Mar 21, 2016 • 10 min
Show notes are here: https://7ms.us/7ms-170-pentesting-in-a-vacuum-part-3/
#169: Infosec News and Links Roundup
Mar 18, 2016 • 10 min
Show notes are here: https://7ms.us/7ms-169-infosec-news-and-links-roundup/
#168: Upgrading and Securing Your Digital Ocean Ghost Blog
Mar 17, 2016 • 11 min
Show notes are here! Go to https://7ms.us/7ms-168-upgrading-and-securing-your-digital-ocean-ghost-blog/
#167: My Misadventures with SOAP Web Services
Mar 17, 2016 • 8 min
Show notes are here: https://7ms.us/7ms-167-my-first-dandy-experience-with-soap-web-services/
#166: Infosec News and Links Roundup
Mar 11, 2016 • 12 min
Show notes are here: https://7ms.us/7ms-166-infosec-news-and-links-roundup/
#165: DIY Podcast
Mar 9, 2016 • 8 min
Show notes for today’s episode are right here: https://7ms.us/7ms-165-diy-podcast/
#164: Pentesting in a Vacuum - Part 2
Mar 7, 2016 • 8 min
Check out the show notes for today’s episode here: https://7ms.us/7ms-164-pentesting-in-a-vacuum-part-2/
#163: Infosec News and Links Roundup
Mar 4, 2016 • 16 min
Show notes here: https://7ms.us/7ms-163-infosec-news-and-links-roundup/
#162: OFF-TOPIC - Deadpool
Mar 2, 2016 • 8 min
Show notes for today’s episode are here: https://7ms.us/7ms-162-off-topic-deadpool/
#161: DIY Wifi Network Graphing & Dojo Scavenger Vulnerable Webapp
Feb 29, 2016 • 8 min
Show notes are here - enjoy! https://7ms.us/7ms-161-diy-wifi-network-graph-and-dojo-scavenger-vulnerable-webapp/
#160: Infosec News and Links Roundup
Feb 26, 2016 • 12 min
Today’s show notes are here: https://7ms.us/7ms-160-friday-infosec-news-and-links-roundup/
#159: OFF-TOPIC - What Size Company is Right for Me? (and a review of the Steve Jobs movie)
Feb 24, 2016 • 10 min
Today’s show notes are here: https://7ms.us/7ms-159-off-topic-what-size-company-is-right-for-me/
#158: Pentesting in a Vacuum
Feb 22, 2016 • 10 min
Today’s swell show notes are at: https://7ms.us/7ms-158-pentesting-in-a-vacuum/
#157: Infosec News and Links Roundup
Feb 19, 2016 • 11 min
Today’s show notes are here: https://7ms.us/7ms-157-infosec-news-and-links-roundup/
#156: OFF-TOPIC - 3 Ways to be a More Connected Parent
Feb 17, 2016 • 10 min
Today’s show notes: https://7ms.us/7ms-156-off-topic-3-ways-to-be-a-more-connected-parent/
#155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs
Feb 15, 2016 • 9 min
Here are the show notes for today: https://7ms.us/7ms-155-million-dollar-pentest-idea-notepad-tricks-and-ll-bean-jackets-for-dogs/
#154: Friday Infosec News and Links Roundup
Feb 12, 2016 • 13 min
Episode show notes are here: https://7ms.us/7ms-154-friday-infosec-news-and-links-roundup/.
#153: OFF-TOPIC - Ex Machina (and special musical guest)
Feb 10, 2016 • 11 min
Today’s episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!
#152: Review of the Almond 2015 Wireless Router
Feb 8, 2016 • 10 min
This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement. I just happen to REALLY like this little router.
#151: Friday Infosec News and Links Roundup
Feb 5, 2016 • 11 min
Here are some of my favorite stories and links for this week! Training opportunities NMAP course from Udemy - $24 for a limited time (I think) How to handle the the thoughtless compliance zombie hordes - by BHIS is comi
#150: OFF-TOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery
Feb 3, 2016 • 10 min
Preview16 wordsIn today’s off-topic episode I review the following movies: Bone Tomahawk Goodnight Mommy Misery Loves Comedy
#149: Securing Your Life - Part 3
Feb 1, 2016 • 8 min
This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we’re particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your…
#148: OFF-TOPIC - Apple Watch Review
Jan 27, 2016 • 9 min
Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.
#147: DIY Hosted Mutillidae
Jan 25, 2016 • 8 min
In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out. Here are the basic commands to run to lock down the Digital Ocean droplet’s iptables firewall: *Flush existing…
#146: Friday Infosec News and Links Roundup
Jan 22, 2016 • 10 min
Here are some of my favorite stories and links for this week! If you missed last week’s BURN IT ALL! Webcast, it’s now online as a Youtube video. There is still time to register for the Real World Web Penetration Testi
#145: OFF-TOPIC - Sicario and The Walk
Jan 20, 2016 • 7 min
In today’s off-topic episode I review two movies: Sicario and The Walk.
#144: Shoulder-Surfing with Seasoned Pentesters
Jan 18, 2016 • 7 min
I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.
#143: Friday Infosec News and Links Roundup
Jan 15, 2016 • 8 min
Here are some of my fav’ stories and links for this week! * Burn it all…The New Security Fundamentals **(Wednesday, January 20 @ 1 p.m. CST)**: a free Webinar on setting up the “*core technical things you need to do for your security program*.” I’ve…
#142: OFF-TOPIC - Media Servers and Making a Murderer
Jan 13, 2016 • 8 min
This off-topic episode covers: * Media servers - I’m a newb in this area and could use your help in setting up a config that actually works! * Making a Murderer - this is a fantastic documentary on Netflix. Stop what you’re doing (once you listen to this…
#141: Happy (Belated) New Year!
Jan 11, 2016 • 8 min
Happy (belated) new year! This episode is more of a “What am I listening to, a PBS telethon?!” kind of thing, and I’m sorry for that. But I want to cover: * Scheduling changes for 2016 - we’re gonna be 3 times a week! * A new documentation project I’m…
#140: OFF-TOPIC - Video Games I’m Currently Playing
Jan 8, 2016 • 9 min
This episode talks about some cool video games I’ve been playing lately: * Metal Gear Solid Phantom Pain (Xbox 360) * Rise of the Tomb Raider (Xbox 360) * Luminocity (iPhone) * Super Mario Maker (Wii U) I recommend ‘em all!
#139: Securing Your Life - Part 2
Jan 8, 2016 • 8 min
Back in episode #93 I talked about securing your life - in other words, asking yourself “What would happen if I was dead right now? Do I have adequate insurance? Are my finances in order? How about estate planning?” This episode continues that train of…
#138: OFF-TOPIC - The Hateful Eight
Jan 6, 2016 • 8 min
Looks like I’m one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #diappointed.
#137: OFFTOPIC-Welcome to Leith
Jan 5, 2016 • 8 min
This off-topic episode talks about one of the most gripping and disturbing documentaries I’ve ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremacist group moved in next door?
#136: Python for Newbs
Jan 4, 2016 • 9 min
One skill that’s been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing.. But I’m trying to remedy that in 2016 by learnin’ me some Python, and I picked up a great book…
#135: I Got a New Job - Part 4
Jan 3, 2016 • 8 min
This is a four-part series about my transition to a new job! The topics are as follows: * Part 1: When it may be time to look for a new job (or not) * Part 2: How to stand out during phone screenings and interviews * Part 3: How to gracefully transition…
#134: I Got a New Job - Part 3
Jan 1, 2016 • 9 min
This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from…
#133: I Got a New Job - Part 2
Jan 1, 2016 • 8 min
This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from…
#132: I Got a New Job - Part 1
Jan 1, 2016 • 7 min
This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from…
#131: How to Attempt a Two Week Pentest in Two Days
Dec 29, 2015 • 8 min
The title says it all. I had two days to pentest a network that probably would’ve taken two or more people two weeks or more. I laughed. I cried. I had fun.
#130: Sqlmap and Sqlninja FTW
Dec 28, 2015 • 7 min
This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.
#129: Embarrassing Stories
Dec 27, 2015 • 8 min
In this episode I talk about face-planting in my office at the first job I had out of college.
#128: Transparency is King
Dec 27, 2015 • 9 min
In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn’t fit the standard “mold.” I also talk about how being transparent and helpful - and NOT billing clients for every tiny…
#127: Intro to HIPAA Assessments
Dec 27, 2015 • 9 min
This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.
#126: Get Your Name Out There
Dec 24, 2015 • 8 min
This episode isn’t about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your “brand” (though I hate that word) and help you get more connected to the infosec community, job leads and more!
#125: Securing Your Life-Part 2
Dec 23, 2015 • 7 min
Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance,…
#124: Sprinkles
Dec 22, 2015 • 8 min
This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.
#123: Doing a Redo Assessment
Dec 21, 2015 • 9 min
This episode talks about my experience in doing a “redo” security assessment, during which I struggled with the following questions: what’s the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the…
#122: OFFTOPIC-An Apology to Elephants
Dec 20, 2015 • 8 min
Preview76 wordsThis episode is about a documentary called An Apology to Elephants. It’s all about the treatment (or mistreatment) of elephants, and the main message of the movie is, “Please don’t go to the circus when it’s in town, because you’re…
#121: Migrating from Tumblr to Ghost-Part 2
Dec 19, 2015 • 8 min
Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to…
#120: THE PURGE!
Dec 18, 2015 • 2 min
Announcing the 7MS PURGE! I’ve got a back log of episodes banked and I want to get caught up for the new year. So I’m going to release one (or maybe more) episodes per day between now and 2016. Plus (spoiler alerts!) in 2016 we’re moving to a…
#119: Migrating from Tumblr to Ghost-Part 1
Dec 17, 2015 • 8 min
In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you’ll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting…
#118: Should Phishing be Fair?
Dec 15, 2015 • 7 min
This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be “fair?”
#117: OFFTOPIC-Alive Inside
Dec 10, 2015 • 7 min
Today I talk about one of the most moving films I’ve ever seen - a documentary called Alive Inside.
#116: Tips for a Succesful Vulnerability Scan
Dec 8, 2015 • 14 min
In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.
#115: OFFTOPIC-Love and Mercy
Dec 4, 2015 • 7 min
We’re going off-topic today and talking about the new(ish) movie about Brian Wilson’s life called Love and Mercy.
#114: PCI Pentesting 101-Part 3
Dec 1, 2015 • 7 min
Part 3 on my series about PCI pentesting. Yeah. That.
#113: Big Bag of Random Security Stuff
Nov 27, 2015 • 10 min
Yep, this episode is EXACTLY what the title implies.
#112: This is Sparta!
Nov 25, 2015 • 8 min
This episode is about one of my favorite enumeration tools called Sparta - it’s built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I’m happy to have found it now!
#111: Hacking WPA Enterprise-Part 2
Nov 20, 2015 • 6 min
The thrilling (?) conclusion of my experience hacking WPA Enterprise.
#110: Hacking WPA Enterprise-Part 1
Nov 17, 2015 • 8 min
This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2! https://warroom.securestate.com/index.php/evil-twin-attack-using-hostapd-wpe/
#109: OFFTOPIC-It Follows and Backcountry
Nov 13, 2015 • 7 min
Movie reviews of It Follows and Backcountry.
#108: I’m Going to PWAPT!-Part 2
Nov 10, 2015 • 10 min
Here’s part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!
#107: I’m Going to PWAPT!
Nov 3, 2015 • 7 min
Hey I’m going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that…and how I’ll probably be too info-overloaded to record…
#106: A Day in the Life of an Information Security Analyst
Oct 29, 2015 • 10 min
A listener wrote in asking some questions about “a day in the life of” a security analyst, so here’s my best stab at it!
#105: OFFTOPIC-Big Bag of Random Sauce
Oct 28, 2015 • 9 min
Today’s totally random episode covers: 1. How bad does this podcast’s logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I’m taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode…
#104: LANTurtle First Impressions
Oct 22, 2015 • 7 min
Hey I just got a LANTurtle and….these are my first impressions!
#103: OFFTOPIC-I Was in a Movie Once
Oct 20, 2015 • 7 min
This is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.
#102: Recon-ng!
Oct 15, 2015 • 8 min
I’m a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here’s the video I mentioned in the podcast - my first look at Recon-ng in action:…
#101: OFFTOPIC-I Am Chris Farley
Oct 13, 2015 • 7 min
The new(ish) Chris Farley documentary is fantastic - see it!
#100: Assessment Curses Can Be Blessings
Oct 8, 2015 • 7 min
Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.
#99: How to Deliver Bad News in a Good Way
Oct 2, 2015 • 8 min
Today’s episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.
#98: Intro to PCI Scoping
Sep 29, 2015 • 8 min
So far I’ve focused on the technical aspects of PCI, but I’m trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This episode shares some interesting tidbits I learned while doing…
#97: OFFTOPIC-Limbo
Sep 24, 2015 • 7 min
We’re going off topic today and talking about video games! LIMBO for the Xbox!
#96: How to Make Enemies During a Security Assessment
Sep 22, 2015 • 9 min
Yep, we’re talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).
#95: How to Make Friends During a Security Assessment
Sep 17, 2015 • 7 min
When you start a security assessment with a company, not everybody’s gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space situation where they’re interviewing for their jobs. This…
#94: Learn How to Burp - Part 1
Sep 15, 2015 • 8 min
I’ve been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today’s episode!
#93: Securing Your Life
Sep 10, 2015 • 8 min
So yeah, this is kind of off-topic, but have you thought about security in the sense of “What kinds of security things should I be doing before I’m dead?” Today’s episode explores that.
#92: You’re Not Ready for Big Boy Security Pants
Sep 9, 2015 • 7 min
Sometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What’s the right thing to do when, for lack of a better term, the client isn’t ready to put on their security…
#91: Umbrella
Sep 3, 2015 • 7 min
Today’s episode is about Umbrella, a product from OpenDNS that provides a layer of protection against malware, wifi-jacking and other threats.
#90: OFFTOPIC-Citizenfour
Sep 1, 2015 • 8 min
We’re going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.
#89: AppSpider
Aug 27, 2015 • 8 min
Today we’re talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn’t a commercial or paid advertisement. I just like sharing things that I like and use.
#88: Glasswire
Aug 25, 2015 • 6 min
This episode’s about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)
#87: Presenting the Right Findings to the Right Audience
Aug 20, 2015 • 7 min
Today I talk about challenge I run into when I’m delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody “gets it” but also go level enough that the recommendations have some teeth?
#86: OSWP-The Final Chapter!
Aug 18, 2015 • 7 min
This episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as much as I can without getting into trouble) about the exam and…
#85: What is The Penetration Testers Framework (PTF)?
Aug 14, 2015 • 7 min
Need an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the PTF! That’s what we’re talkin’ about on today’s podcast.
#84: DIY Pwn Pad
Aug 12, 2015 • 7 min
Hey have you heard of Pwn Pads? They’re an awesome network pentesting tool that leverages a Nexus tablet - which you can either buy right from Pwnie Express, or create your own if you have a certain model of Nexus lying around. I just happened to have the…
#83: Wifi Pineapple First Impressions
Aug 6, 2015 • 8 min
in this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you’ll probably want one too.
#82: OSWP-Part 3
Aug 4, 2015 • 7 min
The OSWP series is coming to a close. One final episode today and then the four-quel episode will be all about the test!
#81: OSWP-Part 2
Jul 30, 2015 • 8 min
A continuation of our thrilling, exciting, mind-blowing series on OSWP (Offensive Security Wireless Professional)!
#80: OSWP-Part 1
Jul 28, 2015 • 7 min
This episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.
#79.5: UPDATE(!) on My Love-Hate Relationship with Nessus
Jul 26, 2015 • 6 min
In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!
#79: My Love-Hate Relationship with Nessus
Jul 23, 2015 • 7 min
In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.
#78: It’s All About Segmentation
Jul 21, 2015 • 7 min
In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!
#77: OFFTOPIC-Rickrolling Your Coworkers for Fun and Profit
Jul 16, 2015 • 7 min
This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today’s episode!
#76: Lessons Learned from LastPass
Jul 14, 2015 • 7 min
I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I’ll still remain a customer.
#75: OFFTOPIC-My Son’s Piano Recital
Jul 9, 2015 • 9 min
I wanted to share (what I think is) an amusing anecdote about my son’s first piano recital, which was topped off by a kid playing the song “Lucky.” Many LOLs commenced for me.
#74: How to Become a More Organized Information Security Professional
Jul 7, 2015 • 8 min
In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!
#73: PCI Pentesting 101 – Part 2 (audio)
Jun 30, 2015 • 7 min
This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password! 7MS #73: PCI Pentesting 101 – Part 2 (audio)
#72: PCI Pentesting 101 (audio)
Jun 25, 2015 • 7 min
I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #72: PCI Pentesting 101 (audio)
#71: OFFTOPIC-Mad Max (audio)
Jun 23, 2015 • 8 min
We’re going totally off topic today and doing a movie review of Mad Max! 7MS #71: OFFTOPIC-Mad Max (audio)
#70: Get the Most out of Your DNS! (audio)
Jun 18, 2015 • 7 min
I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #70: Get the Most out of Your DNS! (audio)
#69: I’m Not Responsible for Your Information Insecurity (audio)
Jun 16, 2015 • 8 min
Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Your Information Insecurity (audio)
#68: Is Training and Awareness Worth It or Worthless (audio)
Jun 11, 2015 • 8 min
This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless! 7MS #68: Is Training and Awareness Worth It or Worthless (audio)
#67: Wifi Sniffing is Fun-Part 2 (audio)
Jun 9, 2015 • 7 min
This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup. It looks like this: Ethernet from client->upstream port of hub My…
#66: I’m Excited to Go Phishing – Part 2 (audio)
Jun 4, 2015 • 8 min
This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed. 7MS #66: I’m Excited to Go Phishing – Part 2 (audio)
#65: OFFTOPIC-Still Alice (audio)
Jun 3, 2015 • 7 min
Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice. Yep. That happened. 7MS #65: OFFTOPIC-Still Alice (audio)
#64: Wifi Sniffing is Fun-Part 1 (audio)
May 28, 2015 • 7 min
I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way. 7MS #64: Wifi Sniffing is Fun-Part 1…
#63: I’m Excited to Go Phishing (audio)
May 21, 2015 • 7 min
This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an…
#62: You Should Run LAPS (audio)
May 19, 2015 • 7 min
I’m excited about this! Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you…
#61: Why Local Admin Rights Suck (audio)
May 14, 2015 • 8 min
Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights. 7MS…
#60: How Not to Suck at Customer Service (audio)
May 12, 2015 • 8 min
This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach? 7MS #60: How Not to Suck at Customer Service (audio)
#59: Traveling with a Red Giant – Part 2 (audio)
May 7, 2015 • 7 min
A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode’s about some cool things I learned about it. 7MS #59:…
#58: What Should We Do First? (audio)
May 5, 2015 • 8 min
At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture. Today’s episode explores that a…
#57: How to Review a Firewall (audio)
Apr 30, 2015 • 8 min
In this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a firewall review/audit tool. 7MS #57: How to Review a…
#56: OFFTOPIC – Catching Up and Blowing Noses (audio)
Apr 28, 2015 • 8 min
A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town! 7MS #56: OFFTOPIC – Catching Up and Blowing Noses (audio)
#55: OFFTOPIC – What’s in Brian’s Murse? (video)
Apr 22, 2015 • 6 min
Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks. 7MS #55: OFFTOPIC – What’s in Brian’s Murse? (video)
#54: Traveling with a Red Giant (audio)
Apr 16, 2015 • 7 min
If you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock *only* when buying something. It’s cool. Oh, and Red Giant is NOT sponsoring this episode. If I…
#53: Are You Ready to Get Robbed? (audio)
Apr 14, 2015 • 7 min
Business DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good plans in place to help your partner/spouse take over the tech side of your…
#52: OFFTOPIC – My Son is Really Loyal (audio)
Apr 9, 2015 • 8 min
It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me. 7MS #52: OFFTOPIC – My Son is Really Loyal (audio)
#51: CEH vs. OSCP (audio)
Apr 7, 2015 • 7 min
A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you. Here’s the article on CEH I mention…
#50: OSCP – The Final Chapter – part 2! (audio)
Apr 2, 2015 • 7 min
At last, the epic conclusion of the maddening, redeeming OSCP journey. 7MS #50: OSCP – The Final Chapter – part 2! (audio)
#49: OSCP – The Final Chapter – part 1! (audio)
Mar 31, 2015 • 7 min
We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP! 7MS #49: OSCP – the final chapter – part 1! (audio)
#48: So I Gave My Eight Year Old a Computer (audio)
Mar 21, 2015 • 8 min
Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in! 7MS #48: So I Gave My Eight Year Old a Computer (audio)
#47: Logging and Alerting RELOADED (audio)
Mar 17, 2015 • 7 min
Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment…stuff you might want to turn on. Check out that information via this PDF…
#46: So You Want to be a Hacker? (audio)
Mar 14, 2015 • 7 min
So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers – and hacking – has changed (and hopefully matured). 7MS #46: So You Want…
#45: OFFTOPIC – Why I Stopped Pirating Software (audio)
Mar 10, 2015 • 7 min
Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will change your mind and let you see piracy in a whole new light! 7MS #45: OFFTOPIC – Why I Stopped Pirating…
#44: OFFTOPIC – Annoying People at the YMCA (audio)
Mar 7, 2015 • 7 min
Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why. 7MS #44: OFFTOPIC – Annoying People at the YMCA (audio)
#43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)
Feb 28, 2015 • 7 min
Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this. 7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)
#42: Vulnerability Scans vs. Pentests (audio)
Feb 13, 2015 • 7 min
I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differences and distinctions (in my mind, anyways). 7MS #42:…
#41: OSCP – Part 7 (audio)
Feb 6, 2015 • 6 min
Tried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)
#40: OSCP – Part 6 (audio)
Jan 30, 2015 • 7 min
PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)
#39: Infosec on the Disney Boat (audio)
Jan 23, 2015 • 8 min
I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)
#38: OFFTOPIC – Health and Infosec (audio)
Jan 16, 2015 • 7 min
Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape.…
#37: Keimpx (audio)
Jan 9, 2015 • 7 min
Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)
#36: OSCP – Part 5 (audio)
Jan 2, 2015 • 7 min
More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)
#35: OSCP – Part 4 (audio)
Dec 27, 2014 • 6 min
This is the 4th thrilling installment in our exciting series about the awesome, challenging, rage-inducing, but ultimately rewarding training and certification called OSCP. Download: 7MS #35: OSCP – Part 4 (audio)
#34: The Hacker Playbook (audio)
Nov 14, 2014 • 7 min
I found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook. Cheggitowt! Download: 7MS #34: The Hacker Playbook (audio)
#33: ProXPN (audio)
Nov 7, 2014 • 7 min
This episode’s all about a cool product called ProXPN that I use to encrypt/anonymize my traffic for various reasons. Not a sponsored episode or anything like that, but I am a fan of this service :-). Download: 7MS #33: ProXPN (audio)
#32: OSCP – part 3 (audio)
Nov 1, 2014 • 7 min
Been a while since I shared an update on OSCP progress. It’s going good but…slow. However, I do have one (maybe obvious) tip to share that I hope will save you a ton of time. Download: 7MS #32: OSCP – part 3 (audio)
#31: Network Detective (audio)
Oct 25, 2014 • 7 min
Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that…
#30: Managing Privileged Accounts (audio)
Oct 18, 2014 • 7 min
Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem. Download: 7MS #30: Managing Privileged Accounts (audio)
#29: Follow Up Then (audio)
Oct 11, 2014 • 7 min
This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then! Download: 7MS #29: Follow Up Then (audio)
#28: Infosec for Kids? (audio)
Sep 27, 2014 • 7 min
This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind. Specifically, what’s life going to be like for them growing up in an Internet-soaked world where there are constantly text/video/photos of…
#27: Backing Up with CrashPlan (audio)
Sep 20, 2014 • 7 min
Hey, when it comes to backups…uh…you should have them! This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan. Download: 7MS #27: Backing Up with Crashplan (audio)
#26: The Importance of Training and Awareness (audio)
Sep 13, 2014 • 7 min
Training and awareness – specifically as it relates to infosec – is something companies can’t spend enough $ on. But from my experience, not enough of them are making this a front-burner priority. This episode talks about one topic I’m particularly…
#25: Writing Better Pentest Reports (audio)
Aug 23, 2014 • 8 min
This episode talks about some pointers, tools and tips towards writing better pentest reports. Download: 7MS #25: Writing Better Pentest Reports (audio)
#24: Why Wireless Scares Me (audio)
Aug 16, 2014 • 7 min
This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web. Download: 7MS #24: Why Wireless Scares Me (audio)
#23: OSCP – part 2 (audio)
Aug 9, 2014 • 7 min
In this episode I talk more about my adventures with OSCP and Offensive Security! . Download: 7MS #23: OSCP – part 2 (audio) Show notes: I recommend documenting ALL the exercises in the PDF. My understanding is that extra effort could be rewarded if you…
#22: Phishing with Black Squirrel (audio)
Jul 27, 2014 • 7 min
In this episode I talk about using Black Squirrel to launch phishing campaigns! Download: 7MS #22: Phishing with Black Squirrel (audio) Show notes: Security Weekly is an excellent podcast/resource. Devour it regularly. Black Squirrel is the main tool…
#21: OSCP – part 1 (audio)
Jul 20, 2014 • 7 min
In this episode I talk about my venture into Offensive Security! . Download: 7MS #21: OSCP – part 1 (audio) Show notes: It’s official – I have a death wish and have started the OSCP training. This episode is the first of what I hope will be a multi-part,…
#20: Moving from GoDaddy to DNSimple (audio)
Jul 15, 2014 • 7 min
In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home. Download: 7MS #20: Moving from GoDaddy to DNSimple (audio) Show notes: The service I’m talking about in this podcast is DNSimple. Troy Hunt‘s…
#19: Kioptrix! (audio)
Jul 5, 2014 • 7 min
In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here:…
#18: Wireless Security 101 (audio)
Jun 22, 2014 • 7 min
In this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will…
#17: How to Pass the Certified Ethical Hacker Exam (audio)
Jun 14, 2014 • 7 min
In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH…
#16: PwnPad Initial Impressions – part 2! (audio)
May 31, 2014 • 7 min
In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or…
#15: PwnPad Initial Impressions (audio)
May 24, 2014 • 6 min
In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad…
#14: H8 4 Win8 (audio)
May 10, 2014 • 6 min
In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn’t seem to auto-update on Win 8 unless you have updates set to auto…
#13: How to Get Pwned by HP (audio)
May 3, 2014 • 7 min
In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show notes: My takeaways/recommendations from this experience:…
#12: Why My Domains Have Gan to Gandi (audio)
Apr 28, 2014 • 7 min
In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Gan to Gandi (audio) Show notes: This episode is all…
#11: Overtraining your iPhone Touch ID (video)
Apr 12, 2014 • 3 min
In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone. Download: 7MS #11: Overtraining your iPhone Touch ID (video) Show notes: I first read about this from Steve Gibson of GRC at…
#10: Information Security for the Whole Family – part 2 (audio)
Apr 5, 2014 • 7 min
In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids. Download: Episode 10: Information Security for the Whole Family – part 2 (audio) Show notes: If you have…
#9: Information Security for the Whole Family (audio)
Mar 29, 2014 • 7 min
In this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in your household, I’d recommend making sweeping network…
#8: CISSP – Is That the Cert for Me? (audio)
Mar 22, 2014 • 7 min
In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes with a whole slew of companion materials like a…
#7: External Vulnerabilities that Byte (audio)
Mar 15, 2014 • 7 min
Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk…
#6: Fun Firewall Rules – part 2 (audio)
Mar 8, 2014 • 7 min
In this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external…
#5: Fun Firewall Rules – part 1 (audio)
Mar 1, 2014 • 7 min
In this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a…
#4: Patch Strategies: Part Deux (audio)
Feb 22, 2014 • 6 min
In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to…
#3: Patch Strategies: Part 1 (audio)
Feb 13, 2014 • 7 min
In this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house…
#2: The Importance of Logging and Alerting! (audio)
Feb 1, 2014 • 7 min
In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show…
#1: Epic Introduction! (audio)
Feb 1, 2014 • 7 min
In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-).…