7MS #342: Interview with Matt McCullough
7 Minute Security27 Joulu 2018

7MS #342: Interview with Matt McCullough

Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard work, aggressive networking and taking advantage of educational and career opportunities, Matt now rocks a SOC job. Matt and I sat down to talk about a lot of good stuff:

  • How to start an IT career as "the family IT guy"

  • Leveraging a higher education (at places like Lake Superior College to meet people of influence and start networking like a beast

  • Entry level sysadmin and helpdesk jobs are fun - great opportunities to make the most of the position, build your skills and stretch yourself outside your comfort zone

  • MSPs (Managed Service Providers) are another great way to see different clients/verticals/systems and the various requirements that go into supporting them. From there, look for opportunities to start securing those organizations, as many MSPs don't dabble heavily into the security realm.

  • If you're going to school for cybersecurity training, look for ways to leverage your status to get discounts on security training, such as with SANS

  • Competitions like CCDC are awesome. You're given a handful of servers that are full of vulnerabilities, and you essentially are tasked with defending a network against a professional group of pentesters/redteamers. You even have to deal with real-life "injections" (other random emergencies and mock customers to deal with) while you're in the thick of the battle!

  • Join local cyber clubs (or start your own)! Looking for a fun CTF to get started in a group setting? Try hacking the OWASP Juice Shop

  • Attend security conferences(or start your own)!

...more notes at 7MS.us!

Jaksot(689)

7MS #666: Tales of Pentest Pwnage – Part 68

7MS #666: Tales of Pentest Pwnage – Part 68

Today we have a smattering of miscellaneous pentest tips to help you pwn all the stuff! Selective Snaffling with Snaffler The importance of having plenty of dropbox disk space – for redundant remote connectivity and PXE abuse! TGTs can be fun for SMB riffling, targeted Snaffling, netexec-ing and Evil-WinRMing!

14 Maalis 45min

7MS #665: What I'm Working on This Week - Part 2

7MS #665: What I'm Working on This Week - Part 2

Hello there friends, I’m doing another “what I’m working on this week” episode which includes: BPATTY v1.6 release – big/cool/new content to share here PWPUSH – this looks to be an awesome way (both paid and free) to securely share files and passwords

7 Maalis 28min

7MS #664: What I’m Working on This Week

7MS #664: What I’m Working on This Week

In today’s episode I talk about what I’m working on this week, including: Playing with Sliver C2 and pairing it with ShellcodePack Talking about Netexecer, my upcoming tool that helps automate some of the early/boring stuff in an internal pentest A gotcha to watch out for if utilizing netexec’s MSSQL upload/download functionality

28 Helmi 25min

7MS #663: Pentesting GOAD SCCM

7MS #663: Pentesting GOAD SCCM

Today we live-hack an SCCM server via GOAD SCCM using some attack guidance from Misconfiguration Manager!  Attacks include: Unauthenticated PXE attack PXE (with password) attack Relaying the machine account of the MECM box over to the SQL server to get local admin

21 Helmi 29min

7MS #662: Pentesting Potatoes - Part 2

7MS #662: Pentesting Potatoes - Part 2

Hi friends, today we're talking about pentesting potatoes (not really, but this episode is sort of a homage to episode 333 where I went to Boise to do a controls assessment and ended up doing an impromptu physical pentest and social engineer exercise).  I talk about what a blast I'm having hunting APTs in XINTRA LABS, and two cool tools I'm building with the help of Cursor: A wrapper for Netexec that quickly finds roastable users, machines without SMB signing, clients running Webclient and more. A sifter of Snaffler-captured files to zero in even closer on interesting things such as usernames and passwords in clear text.

14 Helmi 37min

7MS #661: Baby’s First Hetzner and Ludus – Part 2

7MS #661: Baby’s First Hetzner and Ludus – Part 2

Today we continue our journey from last week where we spun up a Hetzner cloud server and Ludus.cloud SCCM pentesting range!  Topics include: Building a Proxmox Backup Server (this YouTube video was super helpful) Bridging a second WAN IP to the Hetzner/Ludus server Wrestling with the Hetzner (10-rule limit!) software firewall When attacking SCCM – you can get a version of pxethief that runs in Linux!

8 Helmi 37min

7MS #660: Baby's First Hetzner and Ludus

7MS #660: Baby's First Hetzner and Ludus

I had an absolute ball this week spinning up my first Hetzner server, though it was not without some drama (firewall config frustrations and failing hard drives).  Once I got past that, though, I got my first taste of the amazing world of Ludus.cloud, where I spun up a vulnerable Microsoft SCCM lab and have started to pwn it.  Can’t say enough good things about Ludus.cloud, but I certainly tried in this episode!

1 Helmi 34min

7MS #659: Eating the Security Dog Food - Part 8

7MS #659: Eating the Security Dog Food - Part 8

Today I’m excited about some tools/automation I’ve been working on to help shore up the 7MinSec security program, including: Using Retype as a document repository Leveraging the Nessus API to automate the downloading/correlating of scan data Monitoring markdown files for “last update” changes using a basic Python script

24 Tammi 28min

Suosittua kategoriassa Politiikka ja uutiset

ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
aikalisa
rss-podme-livebox
politiikan-puskaradio
rss-vaalirankkurit-podcast
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rikosmyytit
rss-hyvaa-huomenta-bryssel
linda-maria
rss-sinivalkoinen-islam
the-ulkopolitist
rss-mina-ukkola
rss-raha-talous-ja-politiikka
rss-kaikki-uusiksi
aihe
radio-antro
rss-merja-mahkan-rahat
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset