7MS #648: First Impressions of Level.io

Today's tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even st...

17 Touko 202429min

Today's prelude to a tale of pentest pwnage talks about something called "spnless RBCD" (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to...

10 Touko 202424min

Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a ...

5 Touko 202416min

Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about: We're going to get a third-party assessment on...

26 Huhti 202423min

Today we're talking about tips to deal with stress and anxiety: It sounds basic, but take breaks – and take them in a different place (don't just stay in the office and do more screen/doom-scrolling)...

21 Huhti 202422min

We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create "trap" files tha...

14 Huhti 20247min

Today's episode is all about writing reports in Sysreptor. It's awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the re...

5 Huhti 202438min

Hey friends, today we've got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the p...

29 Maalis 202436min