7MS #660: Baby's First Hetzner and Ludus

In today's episode, I'm excited to be joined in the studio by Nathan Hunstad, Director of Security at Code42. Nathan and I had a great chat about Code42's new security offering called Code42 Forensic File Search, which helps IT and security teams figure out where files are located across their enterprise - even if the endpoints are offline. This functionality lends itself to a number of interesting use cases and helps answer questions such as: "Does known malware have, or has it ever had, a foothold in our environment?" "Has a particular crypto-mining agent been installed on our employees’ computers? Who has it now?" "What endpoints have or had copies of our company’s most sensitive files?" "What files did an employee download or delete in the months before resigning?" "What non-sanctioned collaboration applications are present in our environment?" After today's podcast, be sure to check out this great video of Nathan demonstrating the power of Code42 Forensic File Search live! Also talked about in today's episode: Implementing host-based firewalls - here's a great blog and video on it I want to thank Code42 for their support of the 7 Minute Security podcast. It's a pleasure to work together with them to help companies be more secure!

3 Loka 201852min

Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Welcome! Today I'm kicking off a new miniseries all about the fundamentals of Active Directory security. Rather than try to pile all the info into show notes, I'm going to start pumping everything into a living/breathing GitHub gist so we're all on the same page as this miniseries develops further. So, please feel free to check out that gist here.

27 Syys 201821min

This episode is a cavalcade of fun! Why? First, I've got a big announcement: I've accepted a new position. "What?!" exclaimed my mom. "I thought you were president of 7MS, what the what?" No worries, it's business as usual, and my responsibilities at 7MS aren't changing. But I'm also going to start writing blogs, nurturing a Slack channel and producing a podcast for somebody else each week. Tune in to find out who! Oh, and I also conclude this episode with a song from my band, Sweet Surrender. A few years ago we wrote a goofy song to start our shows called Sound Check, and in this episode, I wanted to debut the sequel to that song...called MANDATORY ENCORE. Enjoy.

19 Syys 201828min

Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what’s happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Well I'm geeking out big time because today I chatted with John Strand of Black Hills Information Security, SANS instructing, Security Weekly, Active Countermeasures, RITA and more. Some people think he looks like Wash from Serenity or Steve the Pirate from Dodgeball, and others get upset when they learn he's not John Strand the male model. I've followed John and his team's work since I got started in security, and they've been a huge inspiration for what I do at 7MS. If you're not watching the BHIS Webcasts stop what you're doing and subscribe now! They're all full of practical, hands-on security advice - often complemented by tools that are totally free! Anyway, enjoy today's interview where John and I talk about how to make pentesters' jobs harder, and why he'd rather be a security advisor to Katy Perry than Donald Trump.

13 Syys 201846min

Today's episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to www.dashlane.com/7ms and use the code 7MS for 10% off a year of Dashlane Premium! Today I'm super pumped to be joined by Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup. Both these guys lead red teams for a living and had a lot of great insight to share as it relates to: The definition of "red teaming" and where it overlaps, if at all, with pentesting Successfully running red team campaigns Defending against a red team campaign How to climb unclimbable walls Is antivirus any good at stopping attackers? The importance of 2FA and training your end-users How to fool the "This email originated outside your organization" email banners How to break into red teaming as a career How to successfully break into a casino (or not) Other links and things mentioned in today's show: RedTeam Security's awesome YouTube video on breaking into the US power grid If you're a red teamer and in the Twin Cities area (or willing to drive a bit), you definitely want to sign up for ArcticCon coming up on October 23-24 at the Optum World Headquarters. Head to the link and sign up - if there are seats left! Once you listen to today's episode, please let me know if you'd like Ryan and Dave to come back for another interview. We were thinking it would be a blast to talk about the details of planning a red team engagement!

6 Syys 20181h 33min

Today's episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt's Pwned Passwords into your Active Directory. To get started with this in your environment, grab Troy's updated passwords list here, and then you can check out my BPATTY site for step-by-step implementation instructions. The big "gotchas" I discuss in today's episode are: If users update their password to something on the Pwned Passwords list, they'll see the generic "Your password didn't meet policy requirements" message. In other words, the message they'll see is no different than when they pick a password that doesn't meet the default domain policy. So be careful! I'd recommend training the users ahead of pulling the trigger on Pwned Passwords. If you want to take, for example, just the top 100 words off of Troy's list and start your implementation off with a small list with: Get-Content ".\pwnedpasswords.txt" | select -First 100 As it relates to "hard coding" a machine to point to a specific domain controller, this site has the technique I used. Is there a better way?

30 Elo 201819min

It's been a while so I thought I'd update you on how things are going on the business front. Here are the big updates I want to share with you in today's episode: A new 7MS hire that's going to hunt sales opportunities! My approach to finding podcast sponsors (it seems to be working) Some kick-butt interviews that are on the horizon (including the one and only JOHN STRAND!) Lots of goodies to share today!

23 Elo 201820min

I'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far: Passwords 2FA/MFA Wifi (put a good password on it, don't use WEP, don't use WPS Sign up for HaveIBeenPwned Update all the things Block malware/mining with browser plugins Security awareness training What do you think? Anything I missed or should consider swapping with another topic? Contact me!

16 Elo 201818min