7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

7MS #723: CARTP - Cloud Red Team Tactics for Attacking and Defending Azure - Part 1

Hello friends! Today's a hybrid episode — some security content up top about a new certification I've kicked off, followed by an aggressively quick trip to Tangent Town. Feel free to bail after the security stuff if tangents aren't your thing!

The security part: starting CARTP

I've started the Certified Azure Red Team Professional course from Altered Security (enterprisesecurity.io). It's the Azure follow-up to CRTP, which I took a few years back. Quick notes:

  • Why now: Active Directory and internal pentests will always be my first love, but more and more of our customers are shifting to hybrid or full-Azure environments. Time to get some formal training in that lane.
  • Self-paced vs. live: They offer both. I'm past the point of giving up Saturdays to security training, so I went with the ~$500 self-paced 30-day option. You get a portal, a lab manual, and a remote Windows VM with low-priv creds into a target Azure tenancy to attack and enumerate.
  • The catch: The lab manual is thorough on "do this, see this output" steps, but light on "and here's the wow moment hiding in line 47 of the output." With the live class, an instructor would highlight that stuff in real time. In the self-paced version, you're on your own to find the meaning in 200 lines of output.
  • The fix: Started a Claude project that's effectively co-teaching the class with me. I paste command output and ask "what's the important bit here?" — Claude pulls out the line that matters and explains why (e.g., "this user has write access to a key vault, which means…"). Way more efficient than ALT-TABbing alone.
  • Tools I've touched so far: ROADtools, GraphRunner, and Monkey365 (kind of a PingCastle-for-Azure that spits out a health-check report).
  • Where I'm at: Module 4 of 40-something. Course culminates in a 24-hour exam, which I swore I'd never do again after CRTP — but James Bond and Justin Bieber both say "Never say never."

Tangent Town:

  • The Shake Shack incident. It's gross and not funny. But kind of funny.
  • Saw (and sort of met) Calum Scott at the Fillmore in Minneapolis. Standing-room-only venue, but my wife found a clutch spot wedged between a security barrier and a support beam, perfect for our family. During an acoustic set, Calum and his band came right past us. My wife (unable to help herself) gave his shoulder a squeezy squeeze. I held out for the fist bump on his return trip to the stage — and we're basically best friends now. I highly recommend his show: very positive guy, family-friendly, genuine.
  • Seven super-fast non-spoilery movie reviews from plane rides and hotel nights:
    • Coherence — for smart people. I am not those people. Probably great if you can follow it.
    • Deadstream (Netflix) — YouTuber live-streams a night in a haunted house. Surprisingly entertaining, a couple of real jump-scares.
    • Get Away — a family vacations on a forbidden island. Goes somewhere unexpected in the third act.
    • Hell House LLC — found-footage haunted house. A couple of genuine flinches; story was just OK.
    • Hokum — Adam Scott as a writer at a hotel with a personal history. Creepy-crawly, goes to some dark places. Loved it.
    • Predator: Badlands — went in expecting mind-numbing action, but I loved it! I'd give it an 8 or 9 out of 10. It had action, LOLs, and even some tender Predator moments. Going to watch it again soon.
    • Obsession — young man buys a wish-granting trinket so a young lady will like him. It works. Then it really works. The movie slowly goes into full-on bonkers sauce mode! Satisfying but uncomfortable to watch at parts.

That's it! 7MinSec.com for services, 7MinSec.club for the Substack, 7MinSec.wiki for pentest tips and scripts.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(730)

7MS #730: Baby's First Project Swarm

7MS #730: Baby's First Project Swarm

Hey friends! Still your grieving pal over here, but also your swarming friend and Protecting My Network Edge host — because this week I've been tinkering with something called Project Swarm and I've g...

10 Heinä 25min

7MS #729: Pwning Dracarys

7MS #729: Pwning Dracarys

Hey friends! Still your grieving pal over here, but also your happy hacking host — because today we're diving into baby's first Dracarys! (Yes, I'm probably pronouncing that wrong. Yes, I'm going to k...

4 Heinä 18min

7MS #728: Securing Your Family During and After a Disaster – Part 8

7MS #728: Securing Your Family During and After a Disaster – Part 8

Hey friends! This is a tough one to write. My dad passed away on Friday, and instead of the hacker-y tech episode I had planned, I pivoted to something more personal — another installment of our "Secu...

30 Kesä 38min

7MS #727: Securing Your Mental Health – Part 7

7MS #727: Securing Your Mental Health – Part 7

Hello friends! It's been over a year since we did a dedicated mental health episode, so today I'm doing a big catch-up and running through my 7-point plan for being a more mentally secure me. None of ...

19 Kesä 21min

7MS #726: Baby's First Hermes

7MS #726: Baby's First Hermes

Hello friends! I've been on a bit of an AI agent journey lately, and today I'm sharing my experience ditching OpenClaw and going all-in on Hermes — a self-hosted AI agent built by Nous Research. A Net...

12 Kesä 22min

7MS #725: Building a Bulletproof Backup Solution

7MS #725: Building a Bulletproof Backup Solution

Hey friends! Backups are not as cool as pentesting, but boy do they matter when things go sideways. This week I'm sharing how a Proxmox backup disk space meltdown led me to a completely overhauled — a...

5 Kesä 21min

7MS #724: Tales of Pentest Pwnage - Part 85

7MS #724: Tales of Pentest Pwnage - Part 85

Hey friends! Today we're going deep on external network pentesting — something I realize we've barely touched in however many episodes we've done. I'm currently in a long stretch of back-to-back exter...

29 Touko 30min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
uutiscast
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
rss-podme-livebox
rss-seksicast
otetaan-yhdet
tervo-halme
politiikan-puskaradio
aihe
rss-vaalirankkurit-podcast
rss-girls-finish-f1rst
rss-mina-ukkola
rss-aijat-hopottaa-podcast
rss-mita-tapahtuu
rss-kaikki-uusiksi
rss-merja-mahkan-rahat
rss-tekoalyfoorumi
rss-asiastudio
rss-pinnalla