7MS #318: Interview with Bjorn Kimminich of OWASP Juice Shop
Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week's show is another interview episode - this time with my pal Bjorn Kimminich of the OWASP Juice Shop. If you've never heard of the Juice Shop before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes it a fantastic learning tool for Web app pentesters, be they seasoned or total newbs. Bjorn and I sat down (over Skype) to discuss: How the Juice Shop came to be The current status of application security (is it getting any better?!) Common vulnerabilities still found in today's Web apps Juice Shop being featured in Google's Summer of Code How dev teams can better bake security into their products What's next for the Juice Shop (hint: stay tuned after the episode is over for a hint on one new "feature") Bjorn has gone to great lengths to provide documentation about how to get up and running with a copy of the Juice Shop to begin your hacking. Personally I find it dead simple to follow Bjorn's instructions for spinning up a Docker container: docker pull bkimminich/juice-shop docker run --rm -p 3000:3000 bkimminich/juice-shop Should you find the Juice Shop to be a valuable tool, please be sure to ping Bjorn on Twitter to let him know. Be sure to follow the Juice Shop on Twitter as well. Psst...this account sometimes tweets coupon codes which can help you unlock certain challenges!
11 Heinä 20181h
7MS #317: Interview with Justin McCarthy of StrongDM
Today's interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercial and open source tools (like Comply) to help customers with SOC compliance. Justin schooled me (in a nice way) about a lot of things, including: What SOC and the various SOC types are all about What SOC compliance costs What to look for in selecting a good auditor Tools that can help companies make SOC compliance efforts go more smoothly
5 Heinä 201848min
7MS #316: How to Succeed in Business Without Really Crying - Part 3
In this episode I wanted to give you some cool/fun updates as it relates to 7MS the business! Specifically: A new member of the 7MS team (kinda!) The weird and varied projects I'm working on Upcoming podcast sponsors (probably in July) 7MS has a "real" office coming soon to the southern metro of MN (hopefully!)
28 Kesä 201822min
7MS #314: Creating a Personal DR Plan
You probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it's grim to think about "What will my loved ones do to get into my accounts, backups, photos, social media accounts..." but it's probably not a bad idea to prepare for that (spoiler alert: we all die at some point). Today I talk about how I'm beginning to build such a plan so my wife can take over for my/our online accounts. This plan includes: A "here's how I run all our technology" Google doc with domains I have registered, their expiration date, what their function is, etc. A how-to guide on restoring data from our online backup solution Implementation of a password manager
13 Kesä 201815min
7MS #313: Push-Button Domain Admin Access
As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are: PowerShell Empire DeathStar Responder Ntlmrelayx I've written up all the steps in a gist that you can grab here. Enjoy!
7 Kesä 201818min
7MS #312: OFF-TOPIC - Boxing a Cat
It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!
30 Touko 201818min
7MS #311: How to Build a Cuckoo Sandbox
This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and looking at the GitHub issues list, I finally got everything working. I've taken my entire build process and included it as a gist here. Enjoy!
24 Touko 201815min
