Powered by RND
PodcastsTechnology7 Minute Security

7 Minute Security

Brian Johnson
7 Minute Security
Latest episode

Available Episodes

5 of 670
  • 7MS #672: Tales of Pentest Pwnage – Part 70
    Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.
    --------  
    55:07
  • 7MS #671: Pentesting GOAD
    Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat
    --------  
    25:18
  • 7MS #670: Adventures in Self-Hosting Security Services
    Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at 7MinSec.club.
    --------  
    36:48
  • 7MS #669: What I’m Working on This Week – Part 3
    Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week
    --------  
    42:37
  • 7MS #668: Tales of Pentest Pwnage – Part 69
    Hola friends! Today’s tale of pentest pwnage talks about abusing Exchange and the Azure ADSync account! Links to the discussed things: adconnectdump – for all your ADSync account dumping needs! Adam Chester PowerShell script to dump MSOL service account dacledit.py (part of Impacket) to give myself full write privileges on the MSOL sync account: dacledit.py -action ‘write’ -rights ‘FullControl’ -principal lowpriv -target MSOL-SYNC-ACCOUNT -dc-ip 1.2.3.4 domain.com/EXCHANGEBOX$ -k -no-pass Looking to tighten up your Exchange permissions – check out this crazy detailed post
    --------  
    30:22

More Technology podcasts

About 7 Minute Security

7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Podcast website

Listen to 7 Minute Security, Acquired and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features

7 Minute Security: Podcasts in Family

Social
v7.16.2 | © 2007-2025 radio.de GmbH
Generated: 4/29/2025 - 2:37:48 PM