7MS #430: Interview with Dan DeCloss
7 Minute Security2 Syys 2020

7MS #430: Interview with Dan DeCloss

Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and you should definitely check out PlexTrac's upcoming Webinar about runbooks on September 9!). We also did a PlexTrac 101 Webinar with them recently!

You may remember Dan from such podcasts as this one when we first talked to him in 2019. Dan and I have a lot in common in that we both started security companies about the same time, so I had a lot of questions for Dan around how business has been going since we last talked on the podcast. Today our topics/questions include:

  • What are the (good) warning signs that a passion project you have could be a viable business?

  • Why "having all the jobs there has ever been" is a great way to figure out it's time to start your own business :-)

  • At what point does a side project have to become what you do for your day job?

  • How do you safely prepare to quit a comfortable corporate life to life as a small biz owner? Do you go 100% on faith? Do you save your $ for a year so you can "float" your business for a while? Some combination of the two?

  • How important is it to have the support of your friends/family when starting a new biz?

  • Once you start a biz what are the best/worst things about wearing all the hats (engineering, sales, marketing, accounting, HR, etc.)?

  • When is it time to hire additional resources or raise additional money to support your growing business?

  • What marketing efforts are fruitful for a new security biz to spend time/money on?

  • How do you decide what bells/whistles to add to PlexTrac? Follow your own roadmap? Let the customers drive your direction? Some combo of both?

  • What new bells and whistles are coming to PlexTrac in the Webinar on September 9?! (Spoiler alert: RUNBOOKS!)

Jaksot(690)

7MS #579: Hacking Tommy Callahan - Part 2

7MS #579: Hacking Tommy Callahan - Part 2

Hey friends, today we're continuing our series on pwning the Tommy Boy VM on VulnHub VM! P.S. did you miss part one? Check it out on YouTube. Joe "The Machine" Skeen and I had a blast poking and prodding at the VM in hopes to fix the broken Callahan Auto brake-ordering Web app. Some tips/tricks we cover: It's always a good idea to look at a site's robots.txt file crunch is awesome for making wordlists fcrackzip is rad for cracking encrypted zip files dirbuster works well for busting into hidden files and subfolders exiftool works well to pull metadata out of images

7 Heinä 202337min

7MS #578: Interview with Mike Toole of Blumira

7MS #578: Interview with Mike Toole of Blumira

Today I'm excited to share a featured interview with our new friend Mike Toole of Blumira. We talk about all things EDR, including: How does it differ from something like Windows Defender? What things do I need to keep in mind if I'm in the market for an EDR purchase? Is Mac EDR any good? How do attackers bypass EDR? Will AI create industructible malware, take over the human race and then use our bodies for batteries?

30 Kesä 20231h

7MS #577: Tales of Pentest Pwnage - Part 48

7MS #577: Tales of Pentest Pwnage - Part 48

Holy schnikes - this episode is actually 7 minutes long! What a concept! Anyway, today I give you a couple tips that have helped me pwn some internal networks the last few weeks, including: Getting a second (and third?) opinion on Active Directory Certificate Services vulnerabilities! Analyzing the root domain object in BloodHound to find some misconfigs that might equal instant domain admin access!

16 Kesä 20237min

7MS #575: Annoying Attackers with ADHD - Part 2

7MS #575: Annoying Attackers with ADHD - Part 2

Hey friends! Today we're taking a second look at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! The tools covered today include: PHP-HTTP-TARPIT A tool to confuse and waste bot/scanner/hacker time. Grab it here and check out our setup instructions: sudo git clone https://github.com/msigley/PHP-HTTP-Tarpit.git /opt/tarpit cd /opt/tarpit sudo mv la_brea.php /var/www/html/index.php cd /var/www/html/ # Delete the default HTMLM files that are there sudo rm DEFAULT .HTML FILES # Start/restart apache2 sudo service apache2 stop sudo service apache2 start # It's easier to see PHP-HTTP-TARPIT in action from command line: curl -i http://IP.RUNNING.THE.TARPIT Spidertrap This tool tangles Web visitors in a never-ending maze of pages with links! sudo git clone https://github.com/adhdproject/spidertrap.git /opt/spidertrap cd /opt/spidertrap # Open spidertrap.py and change listening port from 8080 to 80 sudo nano spidertrap.py # Run the trap sudo python3 spidertrap.py Weblabyrinth This tool presents visitors with a blurb of text from Alice in Wonderland. That text has links that takes them to...you guessed it...more Alice in Wonderland excerpts! I especially like that if you visit ANY folder or link inside Weblabyrinth, content is served (return code 200 for anything and everything). I had problems getting this running on a fresh Kali box so it's probably better to run right off the ADHD distro using their instructions.

9 Kesä 202333min

7MS #574: Annoying Attackers with ADHD

7MS #574: Annoying Attackers with ADHD

Hey friends! Today we're looking at ADHD - Active Defense Harbinger Distribution - a cool VM full of tools designed to annoy/attribute/attack pesky attackers! ADHD gets you up and running with these tools quickly, but the distro hasn't been updated in a while, so I switched to a vanilla Kali system and setup a cowrie SSH honeypot as follows (see 7ms.us for full list of commands).

2 Kesä 202336min

7MS #573: Securing Your Mental Health - Part 4

7MS #573: Securing Your Mental Health - Part 4

Today we're talking about reducing anxiety by hacking your mental health with these tips: Using personal automation to text people important reminders Using Remind to create a personal communication "class" with your family members Using Smartsheet (not a sponsor) to create daily email "blasts" to yourself about all the various project todos you need to tackle

26 Touko 202336min

7MS #572: Protecting Your Domain Controllers with LDAP Firewall

7MS #572: Protecting Your Domain Controllers with LDAP Firewall

Today we look at LDAP Firewall - a cool (and free!) way to defend your domain controllers against SharpHound enumeration, LAPS password enumeration, and the noPac attack.

19 Touko 202326min

7MS #571: Simple Ways to Test Your SIEM - Part 2

7MS #571: Simple Ways to Test Your SIEM - Part 2

Hey friends! This week I spoke at the Secure360 conference in Minnesota on Simple Ways to Test Your SIEM. This is something I covered a while back on the podcast, but punched up the content a bit and built a refreshed a two-part GitHub gist that covers: Questions you can ask a prospective SIEM/SOC solution to figure out which one is the right fit for you All the tools/tips/scripts/etc. you need to run through 7 (and more!) simple ways to test your SIEM!

12 Touko 202331min

Suosittua kategoriassa Politiikka ja uutiset

rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
aikalisa
rss-podme-livebox
politiikan-puskaradio
rss-vaalirankkurit-podcast
otetaan-yhdet
et-sa-noin-voi-sanoo-esittaa
rikosmyytit
linda-maria
rss-hyvaa-huomenta-bryssel
the-ulkopolitist
rss-sinivalkoinen-islam
rss-kaikki-uusiksi
rss-raha-talous-ja-politiikka
rss-pallo-keskelle-2
rss-mina-ukkola
rss-polikulaari-humanisti-vastaa-ja-muut-ts-podcastit
rss-merja-mahkan-rahat
rss-50100-podcast