7MS #427: Interview with Ameesh Divatia from Baffle
7 Minute Security12 Elo 2020

7MS #427: Interview with Ameesh Divatia from Baffle

Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discuss a slew of additional hot security topics, including:

Misconfigured cloud databases

  • Why is this such a common issue, and how can we address it?
  • Wait wait wait...I just spun up a machine in Azure, AWS, Digital Ocean, etc. Isn't it secure because....it's the cloud?
  • What tools can we use to better secure our cloud databases?
  • How can we secure sensitive information as we migrate it from LAN side to the cloud?

CCPA (California Consumer Privacy Act)

  • What is the CCPA? How does it relate to GDPR?
  • If I'm a Californian, what can I demand to know from companies as far as how they're using my data? What can't I demand to know?
  • Will CCPA inspire folks to scrub their data from the hands of big companies and go more "off the grid?"
  • Does CCPA only apply to California residents and companies?

Secure data sharing

  • What are the current challenges with secure data sharing in terms of monitoring the flow of data within their systems and their partners’ systems, while addressing privacy concerns?

  • What are some of the common mistakes companies make when sharing sensitive data internally or with partners/clients?

  • What is Secure Multiparty Compute (SMPC) and how can it help with secure data sharing?

Jaksot(682)

7MS #683: What I'm Working on This Week - Part 4

7MS #683: What I'm Working on This Week - Part 4

This week I’m working on a mixed bag of fun security and marketing things: A pentest I’m stuck on My latest lab CTF obsession: Ninja Hacker Academy A cool “about 7MinSec” marketing video that was recorded in a pro studio!

12 Heinä 30min

7MS #682: Securing Your Family During and After a Disaster – Part 7

7MS #682: Securing Your Family During and After a Disaster – Part 7

Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.

4 Heinä 30min

7MS #681: Pentesting GOAD – Part 3

7MS #681: Pentesting GOAD – Part 3

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local!  The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus!  Enjoy.

27 Kesä 18min

7MS #680: Tips for a Better Purple Team Experience

7MS #680: Tips for a Better Purple Team Experience

Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context

20 Kesä 26min

7MS #679: Tales of Pentest Pwnage – Part 73

7MS #679: Tales of Pentest Pwnage – Part 73

In today’s tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week’s Tuesday TOOLSday.  I also talk about Exegol’s licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).

13 Kesä 30min

7MS #678: How to Succeed in Business Without Really Crying – Part 22

7MS #678: How to Succeed in Business Without Really Crying – Part 22

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!

6 Kesä 33min

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

30 Touko 13min

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

27 Touko 59min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
otetaan-yhdet
politiikan-puskaradio
et-sa-noin-voi-sanoo-esittaa
rss-vaalirankkurit-podcast
rikosmyytit
aihe
rss-mina-ukkola
the-ulkopolitist
rss-kyselytunti
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-suoraan-asiaan
rss-kaikki-paskaksi-ystavat
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka
rss-uutisia-euroopan-parlamentista