7MS #602: How to Succeed in Business Without Really Crying - Part 14
Today we're talkin' business! Specifically: How to (gently) say "no" to (some) client projects How to (politely) challenge end-of-year deadlines An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma
15 Dec 202344min
7MS #601: Breaking Up With Active Directory
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers: Why would you want to consider removing AD from your environment? What are common items to plan for? What steps should you take to efficiently plan a migration? What common challenges or considerations will you face?
11 Dec 202327min
7MS #600: First Impressions of Using AI on Penetration Tests
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesday, December 6 for my Webinar on this topic with Netwrix called Hack the Hackers: Exploring ChatGPT and PentestGPT in Penetration Testing!
1 Dec 202322min
7MS #599: Baby's First Responsible Disclosure
Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of: BulletsPassView MITMsmtp mitmproxy
25 Nov 202338min
7MS #598: Hacking Billy Madison - Part 4
Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I: Find Eric's secret SSH back door Locate and decrypt a hidden file with Billy's homework Build wordlists with cewl Save Billy from the evil clutches of Eric Gordon!!!
17 Nov 202324min
7MS #597: Let's JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy) with Robert McCurdy
Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment and much more! From a pentesting POV, you can whip up an Android pentesting environment, BloodHound/SharpHound combo, Burp Suite...the list goes on!
11 Nov 202332min
7MS #596: How to Succeed in Business Without Really Crying - Part 13
After about a year break (last edition of this series was in October, 2022, we're back with an updated episode of How to Succeed in Business Without Really Crying. We cover: Why we're not planning on selling the business any time soon Fast Google Dorks Scan Using ProtonVPN via command line Our pre first impressions of a pentesting SaaS tool you've almost definitely heard of
4 Nov 202331min
7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira
Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR related? Can you get them all from one vendor - and should you? Do you run them on-prem, in the cloud, or both? Join us as Matt answers these questions and more!
31 Okt 20231h 3min
