7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle

7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle

Today's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness.

To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are:

Enjoy!

Backdoors and Breaches

Backdoors and Breaches
I love the way teaches me to think about security controls
And their proper placement

Backdoors and Breaches
I can’t wait to blow my paycheck just to get myself a game deck and then move
Out of my mother’s basement

Soon I’ll be sittin’ down and playing it with my red and blue teams
Or John and gang at Black Hills Info Security
And when I go to bed tonight I know what’s gonna fill my dreams
Backdoors and Breaches

Juice Shop

VERSE 1
When you want to shop online then you had better be sure
The experience is safe and also secure
Don't want to let no SQLi or cross-site scripting ruin your day
No, you want to break into a joyous song and say:

CHORUS 1
Juice Shop! Juice Shop!
You can order tasty beverages in any quantity
Juice Shop! Juice Shop!
Just don't test the site with Burp Suite or you won't like what you see

VERSE 2
Now if you're feeling kinda sneaky and you're inclined to explore
You might find inside the Juice Shop...a hidden score board
It will point you towards a vuln'rability or maybe two
And when you're done you'll say, "This site should get a code review!"

CHORUS 2
Juice Shop! Juice Shop!
It has got more holes then a warehouse filled with gallons of Swiss cheese
Juice Shop! Juice Shop!

...finish the songs at 7ms.us

Episoder(696)

7MS #657: Writing Rad Security Documentation with Retype

7MS #657: Writing Rad Security Documentation with Retype

Hello friends!  Today we’re talking about a neat and quick-to-setup documentation service called Retype.  In a nutshell, you can get Retype installed on GitHub pages in about 5 minutes and be writing beautiful markdown pages (with built-in search) immediately.  I still absolutely love Docusaurus, but I think Retype definitely gives it a run for its money.

10 Jan 20min

7MS #656: How to Succeed in Business Without Really Crying - Part 21

7MS #656: How to Succeed in Business Without Really Crying - Part 21

Happy new year friends! Today we talk about business/personal resolutions, including: New year’s resolution on the 7MinSec biz side to have a better work/life balance New training offering in the works Considering Substack as a communications platform A mental health booster that I came across mostly by accident

3 Jan 45min

7MS #655: Happy Hacking Holidays

7MS #655: Happy Hacking Holidays

Today we’re doing a milkshake of several topics: wireless pentest pwnage, automating the boring pentest stuff with cursor.ai, and some closing business thoughts at 7MinSec celebrates its 7th year as a security consultancy.  Links discussed today: AWUS036ACH wifi card (not my favorite anymore) Panda PAU09 N600 (love this one!) The very important Github issue that helped me better understand BPFs and WPA3 attacks TrustedSec article on WPA3 downgrade attacks

30 Des 202458min

7MS #654: Tales of Pentest Pwnage – Part 67

7MS #654: Tales of Pentest Pwnage – Part 67

Today we’ve got some super cool stuff to cover today!  First up, BPATTY v1.4 is out and has a slug of cool things: A whole new section on old-school wifi tools like airmon-ng, aireplay-ng and airodump-ng Syntax on using two different tools to parse creds from Dehashed An updated tutorial on using Gophish for phishing campaigns The cocoa-flavored cherry on top is a tale of pentest pwnage that includes: Abusing SCCM Finding gold in SQL configuration/security audits

13 Des 202441min

7MS #653: How to Succeed in Business Without Really Crying – Part 20

7MS #653: How to Succeed in Business Without Really Crying – Part 20

Hey friends, today we’re talking about tips to effectively present your technical assessment to a variety of audiences – from lovely IT and security nerds to C-levels, the board and beyond!

6 Des 202449min

7MS #652: Securing Your Mental Health - Part 6

7MS #652: Securing Your Mental Health - Part 6

Today’s episode talks about some things that helped me get through a stressful and hospital-visit-filled Thanksgiving week, including: Journaling Meditation (An activity I’m ashamed of but has actually done wonders for my mental health)

2 Des 202441min

7MS #651: Tales of Pentest Pwnage – Part 66

7MS #651: Tales of Pentest Pwnage – Part 66

Hey friends, we’ve got a short but sweet tale of pentest pwnage for you today. Key lessons learned: Definitely consider BallisKit for your EDR-evasion needs If you get local admin to a box, enumerate, enumerate, enumerate!  There might be a delicious task or service set to run as a domain admin that can quickly escalate your privileges!

22 Nov 202431min

7MS #650: Tales of Pentest Pwnage - Part 65

7MS #650: Tales of Pentest Pwnage - Part 65

Oooooo, giggidy! Today is (once again) my favorite tale of pentest pwnage. I learned about a feature of PowerUpSQL that helped me find a “hidden” SQL account, and that account ended up being the key to the entire pentest!  I wonder how many hidden SQL accounts I’ve missed on past pentests….SIGH! Check out the awesome BloodHound gang thread about this here. Also, can’t get Rubeus monitor mode to capture TGTs to the registry?  Try output to file instead: rubeus monitor /interval:5 /nowrap /runfor:60 /consoleoutfile:c:\users\public\some-innocent-looking-file.log In the tangent department, I talk about a personal music project I’m resurrecting to help my community.

15 Nov 202453min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
aftenpodden-usa
stopp-verden
popradet
fotballpodden-2
nokon-ma-ga
dine-penger-pengeradet
det-store-bildet
rss-dannet-uten-piano
frokostshowet-pa-p5
aftenbla-bla
rss-ness
bt-dokumentar-2
rss-penger-polser-og-politikk
e24-podden
rss-borsmorgen-okonominyhetene
rss-gukild-johaug
ukrainapodden