7MS #259: OFF-TOPIC - Home Robbery Attribution
Warning! Warning! This is an off-topic episode! I try really hard to create valuable weekly content about IT/security. However, sometimes a virtual grenade goes off in my life and prevents me from having the necessary time/resources to get my act together. This has been one of those weeks. :-) So today I'm going off-topic and talking about an alleged burglary of some electronics at my home. And once we identified the culprit, wow...nobody was more surprised than me.
25 Touko 20179min
7MS #258: Speaking at Secure360 - Part 2
Intro I mentioned last week that I was speaking at the Secure360 conference here in the Twin Cities, and at that time I was preparing a talk called Pentesting 101: No Hoodie Required. I was so nervous that I've basically spent the last week breathing heavily into paper bags and wishing I was on sedatives. But I have good news to report in today's episode, friends! The talk was very well received and the attendees didn't get out torches and pitchforks! #winning! So today's episode (audio below) talks more about the public speaking experiences and highlights some lessons learned: Things I'd do again next time I'd not tempt the demo gods and still pre-record my hacking movies ahead of time. I saw some people do live demos of very technical things and it did not go well for a few of them :-( I would still spend way too many hours cutting together my movies in iMovie so that they followed a good tempo when presented live I would still have a copy of my presentation on two different laptops, 3 USB thumb drives, a cloud copy, and a copy sent to the Secure 360 folks just in case. Backups, backups, backups - am I right? What I'd do differently next time I'd hopefully have the preso done a few days (weeks, even!) ahead of time and practice it in front of colleagues to get some feedback. I'd still have a theme to the presentation, but rather than something specific like Terminator 2, maybe I'd go even more general and pick a movie/character that could appeal even more to the masses. I wouldn't worry so much about having a presentation that "nails it" for everybody. That's just not possible! We're all coming from different backgrounds and skillsets. It's not gonna be a home run for everybody.
18 Touko 201714min
7MS #257: Speaking at Secure360
The nervous butterflies are chewing up my organs this week. Why? Because I'm speaking at Secure360 next Tuesday and Wednesday. I'm trying to build a presentation that: Appeals to both techie nerds like me, as well as regular human people Strikes a healthy balance between fun and informative So, my outline is roughly as follows: Intros Lets talk about pentesting vs. vulnerability scans Build your own hackin' lab for $500! Good/bad training (CEH vs. OSCP) Lets hack some stuff following a methodology! Tune in today's episode for more...
11 Touko 201711min
7MS #256: AlienVault Certified System Engineer - Part 2
So a few weeks ago I did an episode about the AlienVault Certified Security Engineer certification, and last Friday I took a stab at the test. I failed. It kicked my butt. Today I'm here to both rant about the unfairness of the test and offer you some study tips so you don't suffer a similar fate. P.S. - you should definitely check out this blog as it's one of the few valuable study guides I could find out there on the Interwebs.
4 Touko 201711min
7MS #255: PwnPro 101
I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...
27 Huhti 201710min
7MS #254: Bash Bunny
I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.
20 Huhti 201710min
7MS #253: Desperately Seeking Service Accounts
Find the show notes here!
13 Huhti 20179min
7MS #252: LAPS - Local Administrator Password Solution
Show notes are here.
6 Huhti 20178min
