7 Minute Security

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Hey! I'm on the road again - this time with a tale encompassing: How to conduct a mini risk assessment in just two hours. Some ways to consider adding value : A discussion of administrative and physical controls Create a network inventory using nmap and Eyewitness Conduct an external vulnerability scan with Nessus or OpenVAS How a guy with a gun turned a four-hour road trip into an epic eight hour adventure. Enjoy :-)

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today's episode was recorded on the way to a new assessment, and since I had nothing but miles and time in front of me, I covered two major stories (probably not in order of importance): Why I had two get two haircuts in under and hour (spoiler: it's so I didn't look like an idiot for my client)! An internal pentesting pwnage story - including network and physical security this time around! Enjoy!

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. First, a bit of miscellany: If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands! If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya! Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover: Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective! Reporting - how do you deliver repor

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. This episode features cool things I'm learning about external pentesting. But first, some updates: My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink. The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking! Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful. On the external pentest front, here are some items we cover in today's show: MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-Usernam

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Yuss! It's true! Dave and Ryan are back! Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers. In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like: Who should have a red team exercise conducted? Who NEEDS one? How do you choose an objective that makes sense? What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude! What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients? How do you attack a high-security bunker?!

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today I take a walk (literally!), get chased by a dog (seriously!) and talk about impostor syndrome and feelings of self-loathing and doubt as I get ready to speak at Secure360 next week (insert wah-wah-waaaaaaahhhhhhh here). How do you deal with impostor syndrome? Personally, I'm finding some success in squashing it by forcing myself into situations where I feel like a fraud - over and over again! Over time, I feel slightly less like a sham and a bit more like I know what I'm talking about. Specifically, in this episode I talk about: The thrill of getting a presentation accepted at a conference, and the dread and fear that follows The awful nightmare I have the night before I speak in front of others Shaking off nerves when your talk is accompanied by a sign language interpreter Finding your "voice" and getting the confidence to share/present your knowledge in a way only you can I also s

Today we're talking about Logging Made Easy, a project that, as its name implies...makes Windows endpoint logging easy! I love it. It offers a simple, digestible walkthrough of several short "chapters" to get started. These chapters include: Chapter 1 - Set up Windows Event Forwarding Chapter 2 – Sysmon Install Chapter 3A – Database (Easy Method) Chapter 3B – Database (Manual Method) Chapter 4 - Post Install Actions Besides having a small issue with a batch script (resolved as of 5/3) and a another snafu (that's probably my fault), it's a simple and effective way to get logging spun up in your environment!

This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. For more information, visit netwrix.com. In today's program we continue a series on fundamental Active Directory security that we started back in episode 327. I took all the things I talked about in that episode, as well as the new additions discussed today: Finding your most vulnerable AD abuse paths with BloodHound. For a two-part pentest tale showing how BloodHound can be used/abused by attackers, check out episodes 353 and 354. Get a deep-dive look at your AD machines, users, shares, OS versions and more with Network Detective. How to de-escalate local admins (and prevent them from over-using/abusing the use of their privileged account) Although I haven't tested it yet, Logging Made Easy looks lik

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a hardening standard and/or baseline. Specifically, I cover: NIST STIG for Windows 10 Heimdal Security - Windows 10 Hardening Guide Center for Internet Security's security benchmarks Windows Security Compliance Toolkit (SCT) I think one path to success is to use the Windows SCT as a way to create a baseline, and then use it - plus some of the other guides and standards - to gradually turn the security screws on the OS. Don't just import a GPO template and turn on 123,456,789 settings at once. You'll likely bring the network to its knees! Got a better/faster/stronger way to accomplish baselining? Let me know!

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them: Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports where the analyst has copied and pasted an entire Nessus report into the main report. Yikes. That makes these things weigh in at hundreds(!) of pages. Too techie - these reports look like their written from one techie to another. Nothing wrong with that, really, however in many cases the key person that needs to "get it" is a manager or C-level position who needs to understand the risks in plain English. No narrative - the reports are just a long laundry list of vulnerabilities without any context of how the pentest was conducted or which vulns should be fixed first. Weak remediation - mos

Today I'm launching an ongoing series called 7MOIST. It stands for: 7 Minutes of IT and Security Tips The wildest, craziest, nuttiest part of this series is that each episode will be 7 minutes long! I know, I know! You're saying, "Wait a sec, bub, isn't that why this podcast is called 7 Minute Security in the first place?" And yes, you'd be right. Basically, this is my way of going old school and getting back my podcast "roots" by delivering an episode before we had an intro jingle, interviews, sponsors, banter about hot cocoas or an outro song. Nothing but delicious content today friends, Enjoy! Today's theme is: Windows command line shortcuts and tips: Creative ways to play with cmd Basically, you can do Windows Key + R then type cmd and Enter for quick access to command line. But lets do some more fun stuff. Wanna open a command window from the desktop and launch a command in one swoop? Try this: cmd /k For example: cmd /k ping 192.168.0.1 The cmd /k part opens a command window, and then ping 192.16

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In today's episode I talk about some cool tools you can use to start a hard drive forensics investigation more quickly. Resources talked about on today's podcast include: Forensics 101 - a talk I did for the 7MS user group in January The Digital Forensics Survival Podcast is a FANTASTIC resource to learn more about forensics CyLR works great to do quick live disk artifact-gathering on a suspect system, and then... CDQR can step in and analyze the info you gathered with CyLR and spit out helpful reports to begin your investigation YouTube video of the CyLR/CDQR creators demonstrating the tools and doing a live demo of artifact collection/analysis Did you miss this week's mousejacking Webinar? Also, DIY $500 Pentest Lab - Part 2 is up on YouTube. And we've got a fun Webinar on MITRE ATT&CK coming up in May. Sign up here

This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. In this episode, we talk about the Mousejacking attack, which allows someone with a crazy radio (or other similar device) to inject keystrokes into vulnerable keyboards and mice. Yikes! Not trying to be a doom and gloom guy here, but using this Mousejacking attack, pentesters/attackers could take over your entire Active Directory in just seconds - from the parking lot! I'll talk about how exactly that could be done - as well as ways to defend against mousejacking - in today's episode. If this episodes primes your appetite for more Mousejackin' fun, join me and my pals Paul and Dan for a deep-dive Mousejacking Webinar on Tuesday, April 2 at 12 p.m. CST! Some resources talked about in today's episode: Mousejack.com - great demo video of the at

Today's episode is the thrilling, exciting, heart-pounding conclusion of Tales of Internal Pentest Pwnage - Part 1. In this episode, we cover the final "wins" that got me to Domain Admin status (and beyond!): Got DA but can't get to your final "crown jewels" destinations? How about going after the organization's backups (evil grin!) Got DA but stuck to find hot leads to where the crown jewels are? Get snoopy and go through people's files, folders and...bookmark caches! (evil grin #2!) If your nmap/eyewitness scan turns up Web sites with simply an IIS default landing page or "It works!" Apache page on it, there's probably more there than meets the eye. We also talk about lessons learned from this pentest - both things done well and things the org can do to make the next pentester's job a lot harder.

Buckle up! This is one of my favorite episodes. Today I'm kicking off a two-part series that walks you through a narrative of a recent internal pentest I worked on. I was able to get to Domain Admin status and see the "crown jewels" data, so I thought this would be a fun and informative narrative to share. Below are some highlights of topics/tools/techniques discussed: Building a pentest dropbox The timing is perfect - my pal Paul (from Project7) and Dan (from PlexTrac) have a two-part Webinar series on building your own $500 DIY Pentest Lab, but the skills learned in the Webinars translate perfectly into making a pentest dropbox. Head to our webinars page for more info. Securing a pentest dropbox What I did with my Intel NUC pentest dropbox is build a few VMs as follows: Win 10 pro management box with Bitlocker drive encryption and Splashtop (not a sponsor) which I like because it offers 2FA and an additional per-machine password/PIN. I think I spent $100/year for it. Kali attack box with an encrypted dr

I recently had the awesome opportunity to take the awesome Real World Red Team course put on by Peter Kim, author of The Hacker Playbook series. TLDR and TLDR (too long don't listen): go take this training. Please. Now. The end. If you want to hear more, check out today's podcast episode where I talk about all the wonderful tidbits I learned from Peter during the training, including: Doppelganger attacks - does your target have a frequently used site like mail.company.com? Try buying up mailcompany.com with a copy of their email portal (using Social Engineer Toolkit), and the creds might come pouring in! Get potential usable creds from old breaches (Adobe, Ashley Madison, LinkedIn, Spotify) Password spraying is often really effective to get you your first set of creds - check out Spray or DomainPasswordSpray When creating phishing payloads, Veil will help you craft something to bypass AV When you're in a network and have grabbed your first set of creds, run BloodHound or SharpHound to map the Active

Today's episode is brought to you by NoteCast. Try it free for 60 days (no credit card required) and enter code 7MS when completing your signup. In today's episode, I talk about how the level of Windows server/client logging out of the box is...not really awesome. I then look at how we can create a GPO that turns logging "up to 11" using some free tools and cheat sheets. If you want to simulate this in your own lab by building out an Active Directory environment, check out part 1 of a Webinar series we've been working on called DIY $500 Pentest Lab, which helps you select hardware/software components you need to build a lab. Then coming up soon is part 2 where we'll build out a Windows 2012 server, promote it to a DC, join a couple clients to it, and prepare to start hacking! Once your AD and clients are setup, you can start slurping up their logs for free using a Papertrailapp account (not a sponsor). I went ahead and paid for a $7/mo plan so I could get 1GB of storage and a little longer log retention. Then

Today's featured interview is with Lewie Wilkinson, senior integration engineer at Pondurance. Pondurance helps customers improve their security posture by providing a managed threat hunting and response solution, including a 24/7 SOC. Lewie joined me via Skype to talk a lot about a topic I'm fascinated with: incident response! I had a slew of questions and topics I wanted to discuss, including: Fundamentals of threat hunting What is threat hunting? What are the fundamentals to start mastering? How can someone start developing the core skills to get good at it? How can sysadmins/network admin, who have a busy enough time already just keeping the digital lights on, handle the mounting pressure to also shoulder security responsibilities as part of their job duties? What training/cert options are good to build skills in threat hunting? Lets say you know one of your users has clicked something icky and you suspect compromised machine/creds. You pull the machine off the network and rebuild it. How do you

Today's featured interview is with Ameesh Divatia, cofounder and CEO at Baffle. Baffle offers an interesting approach to data protection that they call data-centric protection, and the idea is you need to protect information at the record level, not just the sort of traditional approach of "encrypt at rest" and call it good. Ameesh sat down with me to talk about a lot of high level data and security privacy concerns, specifically: Data privacy - it seems like every 15 minutes there's yet another massive data breach. Why is this continuing to happen? What are the basic security/privacy fundamentals that companies should be doing but, for whatever reason, are not? GDPR What does GDPR mean to the average person? Why it was a data privacy wake-up call for so many? Have there been any sizable fines issued thus far? How can data that companies collect on us be processed in a way that doesn't compromise security? Learn more about Baffle at their Web site and Twitter.

Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! This episode focuses on security for families/kids - specifically cell phone security for tweenagers. We hit a milestone in the 7MS household this year because my tweenage son got an iPhone, much to my...uhh...not excitement. So we decided to wrap the following technical and administrative controls around the phone to hopefully make it a pleasant experience for everybody: Technical I really dig the Apple family sharing controls, which let you do things like: Have the phone "sleep" at certain hours Limit the total amount of screen