7MS #611: Pentestatonix

You probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it's grim to think about "What will my loved ones do to get into my accounts, backups, photos, social media accounts..." but it's probably not a bad idea to prepare for that (spoiler alert: we all die at some point). Today I talk about how I'm beginning to build such a plan so my wife can take over for my/our online accounts. This plan includes: A "here's how I run all our technology" Google doc with domains I have registered, their expiration date, what their function is, etc. A how-to guide on restoring data from our online backup solution Implementation of a password manager

13 Kesä 201815min

As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are: PowerShell Empire DeathStar Responder Ntlmrelayx I've written up all the steps in a gist that you can grab here. Enjoy!

7 Kesä 201818min

It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!

30 Touko 201818min

This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and looking at the GitHub issues list, I finally got everything working. I've taken my entire build process and included it as a gist here. Enjoy!

24 Touko 201815min

Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help securing your church. The commercials themselves are embedded in this episode so please have a listen and let me know what you think! I'll also let you know (via the podcast) when these commercials hit the air. It's likely the station won't air in your area, but you can catch it on the interwebs if you so desire (thanks again for your support, mom).

18 Touko 201812min

Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think: Extracts the hashes safely Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it) Does the work pretty automagically I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!

9 Touko 201813min

I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you've got things to add/suggest to this document, let me know! P.S. if you don't see the gist because you're reading this in a podcast-catching app, head to https://7ms.us and look up today's episode and you'll see the gist in all its gisty glory!

2 Touko 201811min

Hey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it's more of a probability than a possibility at this point! I met with a radio exec a few weeks ago and we talked about: Lots of people still listen to the radio (who knew?) Creating a "security minute" spot that would lead to a commercial about 7MS How to write a good commercial "hook" It's difficult to write a 60-second commercial! Targeted advertising at churches, which is an under-served market when it comes to infosec Writing a new (shortened) 7MS jingle More on this today on 7MS!

25 Huhti 201812min