7MS #535: Rage Against the Remediation
7 Minute Security27 Aug 2022

7MS #535: Rage Against the Remediation

Today's episode covers three remediation-focused topics that kind of grind my gears and/or get me frustrated with myself. I'm curious for your thoughts on these, so reach out via Slack or Twitter and maybe we'll do a future live stream on this topic.

  1. How do you get clients to actually care when we explain the threats on their network that are a literal 10/10 on the CVSS scale?

  2. Password policies - they're not just as easy as "Have a password of X length with Y complexity."

  3. Fixing the various broadcast traffic and protocol issues that give us easy wins with Responder and mitm6 - it's more nuanced than just "Disable LLMNR/NETBIOS/MDNS and shut off IPv6." This article discusses these challenges in more detail.

Episoder(715)

7MS #707: Our New Pentest Course Has Launched!

7MS #707: Our New Pentest Course Has Launched!

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, ...

26 Des 202514min

7MS #706: Tales of Pentest Pwnage – Part 80

7MS #706: Tales of Pentest Pwnage – Part 80

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the...

19 Des 202529min

7MS #705: A Phishing Campaign Fail Tale

7MS #705: A Phishing Campaign Fail Tale

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing c...

12 Des 202521min

7MS #704: DIY Pentest Dropbox Tips – Part 12

7MS #704: DIY Pentest Dropbox Tips – Part 12

Hola friends!  My week has very much been about trying to turnaround pentest dropboxes as quickly as possible.  In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a ...

5 Des 202524min

7MS #703: Tales of Pentest Pwnage – Part 79

7MS #703: Tales of Pentest Pwnage – Part 79

Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pent...

28 Nov 202522min

7MS #702: Should You Hire AI to Run Your Next Pentest?

7MS #702: Should You Hire AI to Run Your Next Pentest?

Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?"  It's not a pro-AI celebration, nor...

21 Nov 202521min

7MS #701: What I'm Working on This Week – Part 5

7MS #701: What I'm Working on This Week – Part 5

Hello friends!  This week I'm talking about what I'm working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium. Playing wi...

14 Nov 202518min

7MS #700: Pretender

7MS #700: Pretender

Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standa...

7 Nov 20258min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
lydartikler-fra-aftenposten
popradet
stopp-verden
fotballpodden-2
dine-penger-pengeradet
det-store-bildet
rss-gukild-johaug
i-retten
nokon-ma-ga
hanna-de-heldige
e24-podden
rss-ness
aftenbla-bla
rss-dannet-uten-piano
frokostshowet-pa-p5
grasoner-den-nye-kalde-krigen