7 Minute Security1 Syys 2021

7MS #483: Desperately Seeking a Super SIEM for SMBs - Part 2

Today we continue our series we started recently (part 1 is here about finding a super SIEM for SMBs. Specifically I have some updates on (and frustrations with) Arctic Wolf, Elastic, Milton Security and Perch Security.

Here's the TLDL version:

Arctic Wolf
They remain a strong contender in my bake-offs. They also could tick several boxes for an org as they offer continuous internal/external vulnerability scanning as well as a managed SOC. (And yes, I'm probably a tiny bit biased because I know a bunch of AWN's engineers and like the product)

Elastic
I've loved my interactions with the sales folks and engineers at Elastic. My initial trial had some technical speed bumps (which Elastic helped me remedy). I eventually did get some Elastic agents enrolled on endpoints in my lab. However, now that I'm up and running (and admittedly I should go through the Webinars and online training), I'm feeling overwhelmed. There's a jillion menus and submenus to explore. I feel like I've been given a high-performance sports car but completely lack the knowledge on how to make the most of it. I'll keep Elastic in my back pocket, but I don't think I can feel comfortable handing this dashboard over to a SMB IT/security staff and have them run with it.

Milton Security
A few weeks ago I had my first ever sales call with this group, and liked a lot of what I heard. They're up front about being a threat-hunt-as-a-service organization and they're not looking to partner with just any customer. The way they bundle sources of data (for the sake of pricing) makes sense to me, and although I haven't seen a formal quote from them yet, I think they will be reasonably priced when compared to some of the "big box" solutions.

Perch Security
After part 1 of this series, several of you pinged me and said to check out Perch Security. I'm very excited to connect with them but had a tough time getting someone to respond to my inquires (two weeks to be exact). Good news is I've got a call scheduled with them this week and am anxious to share what I learn about Perch on our next episode in this series.

Kokeile Premiumia

Nauti 14 päivää ilmaiseksi

Tilaa Premium

Jaksot(702)

7MS #678: How to Succeed in Business Without Really Crying – Part 22

Today I share some tips on presenting a wide variety of content to a wide variety of audiences, including: Knowing your audience before you touch PowerPoint Understanding your presentation physical hookups and presentation surfaces A different way to screen-share via Teams that makes resolution/smoothness way better!

6 Kesä 33min

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

30 Touko 13min

7MS #676: Tales of Pentest Pwnage – Part 72

Today's fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it's too late.

27 Touko 59min

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe "The Machine" Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Touko 31min

7MS #674: Tales of Pentest Pwnage – Part 71

Today's tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all "branches" of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Touko 49min

7MS #673: ProxmoxRox

Today we're excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Touko 30min

7MS #672: Tales of Pentest Pwnage – Part 70

Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Huhti 55min

7MS #671: Pentesting GOAD

Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Huhti 25min

Kaikki yhdessä sovelluksessa

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi yhdessä paikassa.

Sinulle valikoitua sisältöä

Podme-sovelluksessa kokoat suosikkisi helposti omaan kirjastoosi. Saat meiltä myös kuuntelusuosituksia!

Jatka kuuntelua koska tahansa

Voit jatkaa siitä mihin jäit, myös offline-tilassa.

Premium

9,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa

Aloita 14 päivän kokeilu

Premium

13,99 €/kk

Kaikki premium-podcastit
Ei mainoksia
Ei sitoutumista, peruuta koska tahansa
Yksi lisäkäyttäjä

Kokeile 14 päivää maksutta

Suosittua kategoriassa Politiikka ja uutiset

rss-tasta-on-kyse-ivan-puopolo-verkkouutiset

Tarinat ja äänet, joita rakastat kuunnella

Kuuntele kaikki suosikkipodcastisi ja -äänikirjasi

Lue lisää