7MS #448: Certified Red Team Professional - Part 3
7 Minute Security30 Joulu 2020

7MS #448: Certified Red Team Professional - Part 3

Today, Gh0sthax and I talk about week 3/4 of the CRTP - Certified Red Team Professional training, and how it's kicking our butts a bit. Key points include:

  • We agree this is not a certification for folks who are new to pentesting

  • Don't expect to be following along "live" with the instructor during the training sessions

  • You'll need to do a flippin' ton of studying and practicing on your own in between the live sessions

  • As you follow along with the lab exercises, some things won't work - and that might be by design, but the lab manual might not give you a heads-up. In those cases, be sure to check with your classmates in the Discord channel

  • Problems popping shells? Hint: it might not be a problem with your tools...but with your network/firewalll config!

  • The more PowerShell skills you can walk into this training with, the better.

  • We've got to play with some tools that were new(ish) to us:

  • If you're an absolute rockstar in the pentest labs, don't think that you'll breeze right through the exam!

  • Some pros of this training: fast-moving, super knowledgable instructor. Outstanding content. Super value for the dollar investment - arguably the best pentest training bang for the buck. The labs themselves are quite good and realistic. You get the recordings of the live sessions after they're complete. The course covers some defense against these attacks as well - great to have the blue team perspective!

  • A few cons: the content might be too fast-moving. It can get easy to become "lost" and forget the objective of what each lab exercise is having you do. Lab manual doesn't necessarily match the PDF slides.

Jaksot(683)

7MS #122: OFFTOPIC-An Apology to Elephants

7MS #122: OFFTOPIC-An Apology to Elephants

Preview76 wordsThis episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town. You can subscribe to the 7 Minute Security podcast here.

20 Joulu 20158min

7MS #121: Migrating from Tumblr to Ghost-Part 2

7MS #121: Migrating from Tumblr to Ghost-Part 2

Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections. And, just for grins, I turned on DNSSEC. Because...why not? :-) I picked a strong root password for my DI droplet, but I still don't like the idea of IPs banging on that connection all day and night. I followed this article on installing Fail2Ban to prevent my SSH login from being abused. There are a few IPs that I want to perma-ban, so I'm going to look throughthis article and this one which looks a tad easier. You can subscribe to the 7 Minute Security podcast here.

19 Joulu 20158min

7MS #120: THE PURGE!

7MS #120: THE PURGE!

Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 2016. Plus (spoiler alerts!) in 2016 we're moving to a Monday/Wednesday/Friday release schedule. Yep, 7MS three times a week - thanks for the idea, mom! Subscribe to 7MS on iTunes here.

18 Joulu 20152min

7MS #119: Migrating from Tumblr to Ghost-Part 1

7MS #119: Migrating from Tumblr to Ghost-Part 1

In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!

17 Joulu 20158min

7MS #118: Should Phishing be Fair?

7MS #118: Should Phishing be Fair?

This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"

15 Joulu 20157min

7MS #117: OFFTOPIC-Alive Inside

7MS #117: OFFTOPIC-Alive Inside

Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.

10 Joulu 20157min

7MS #116: Tips for a Succesful Vulnerability Scan

7MS #116: Tips for a Succesful Vulnerability Scan

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

8 Joulu 201514min

7MS #115: OFFTOPIC-Love and Mercy

7MS #115: OFFTOPIC-Love and Mercy

We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.

4 Joulu 20157min

Suosittua kategoriassa Politiikka ja uutiset

rss-podme-livebox
ootsa-kuullut-tasta-2
aikalisa
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
politiikan-puskaradio
rss-vaalirankkurit-podcast
aihe
rikosmyytit
the-ulkopolitist
rss-mina-ukkola
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset
rss-hyvaa-huomenta-bryssel
rss-kyselytunti
linda-maria
rss-aijat-hopottaa-podcast
rss-kovin-paikka
rss-kaikki-paskaksi-ystavat
rss-tyolinjalla-pekka-sauri
rss-raha-talous-ja-politiikka