7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4
7 Minute Security1 Marras 2019

7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!

In today's episode we talk about:

  • Running into angry system admins (that are either too fired up or not fired up enough)
  • Being wrong without being ashamed
  • When is it necessary to make too much noice to get caught during an engagement?
  • What are the top 5 tools you run on every engagement?
  • How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report?
  • How do you deal with clients who scope things in such as way that the test is almost impossible to conduct?
  • How do you deal with colleagues who take findings as their own when they talk with management?
  • How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark?
  • What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)?
  • How could a fresh grad get into a red team job?
  • What do recruiters look for candidates seeking red team positions?
  • If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them?
  • What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one?
  • What's your favorite red team horror story?

Jaksot(683)

7MS #90: OFFTOPIC-Citizenfour

7MS #90: OFFTOPIC-Citizenfour

We're going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.

1 Syys 20158min

7MS #89: AppSpider

7MS #89: AppSpider

Today we're talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn't a commercial or paid advertisement. I just like sharing things that I like and use.

27 Elo 20158min

7MS #88: Glasswire

7MS #88: Glasswire

This episode's about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)

25 Elo 20156min

7MS #87: Presenting the Right Findings to the Right Audience

7MS #87: Presenting the Right Findings to the Right Audience

Today I talk about challenge I run into when I'm delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody "gets it" but also go level enough that the recommendations have some teeth?

20 Elo 20157min

7MS #86: OSWP-The Final Chapter!

7MS #86: OSWP-The Final Chapter!

This episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as much as I can without getting into trouble) about the exam and give you some pointers to pass it!

18 Elo 20157min

7MS #85: What is The Penetration Testers Framework (PTF)?

7MS #85: What is The Penetration Testers Framework (PTF)?

Need an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the PTF! That's what we're talkin' about on today's podcast.

14 Elo 20157min

7MS #84: DIY Pwn Pad

7MS #84: DIY Pwn Pad

Hey have you heard of Pwn Pads? They're an awesome network pentesting tool that leverages a Nexus tablet - which you can either buy right from Pwnie Express, or create your own if you have a certain model of Nexus lying around. I just happened to have the right Nexus model around, so this podcast episode chronicles my trial and error (mostly error) in making a DIY Pwn Pad! P.S. to get the Android tools installed on Ubuntu 14.04, run these commands: -- sudo add-apt-repository ppa:nilarimogard/webupd8 sudo apt-get update sudo apt-get install android-tools-adb android-tools-fastboot --

12 Elo 20157min

7MS #83: Wifi Pineapple First Impressions

7MS #83: Wifi Pineapple First Impressions

in this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you'll probably want one too.

6 Elo 20158min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
linda-maria
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-kaikki-paskaksi-ystavat
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka