7MS #288: I'm BURPing a Lot
7 Minute Security1 Des 2017

7MS #288: I'm BURPing a Lot

Sorry the podcast is late this week - but it's all for good reasons! I'm busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you:

Mac High Sierra root bug

Did you hear about this? Basically anybody could log in as user root on your system without a password because...there isn't a password! Read the Twitter thread where I originally read the news here, read about the root account madness here, and then read how the fix broke file sharing here.

BPATTY ROCKS!

I tried to wiki-fy my BPATTY project to make it a bit easier to read, so head to bpatty.rocks and let me know what you think!

I'm BURPing a lot

I can't tell you how fun it has been to get back in the pentesting saddle and hack some Web sites these past few weeks. Here are a few tips/tricks others taught me that have helped me get back in the swing of things:

  • In Burp, state files are being depreciated in favor of project files. Read more here

  • For BApp extensions, here are a few that help you get the job done:

    • retire.js looks for old/outdated/vulnerable Javascript libraries
    • Software vulnerability scanner helps you find vulnerable software, such as old versions of IIS
    • CO2 has a bunch of tricks up its sleeve - my favorite of which is helping you craft sqlmap commands with the right flags

More on today's show!

Episoder(684)

7MS #76: Lessons Learned from LastPass

7MS #76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

14 Jul 20157min

7MS #75: OFFTOPIC-My Son's Piano Recital

7MS #75: OFFTOPIC-My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

9 Jul 20159min

7MS #74: How to Become a More Organized Information Security Professional

7MS #74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

8 Jul 20158min

7MS #73: PCI Pentesting 101 – Part 2 (audio)

7MS #73: PCI Pentesting 101 – Part 2 (audio)

This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password! 7MS #73: PCI Pentesting 101 – Part 2 (audio)

30 Jun 20157min

7MS #72: PCI Pentesting 101 (audio)

7MS #72: PCI Pentesting 101 (audio)

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #72: PCI Pentesting 101 (audio)

25 Jun 20157min

7MS #71: OFFTOPIC-Mad Max (audio)

7MS #71: OFFTOPIC-Mad Max (audio)

We’re going totally off topic today and doing a movie review of Mad Max! 7MS #71: OFFTOPIC-Mad Max (audio)

23 Jun 20158min

7MS #70: Get the Most out of Your DNS! (audio)

7MS #70: Get the Most out of Your DNS! (audio)

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again. 7MS #70: Get the Most out of Your DNS! (audio)

18 Jun 20157min

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better. 7MS #69: I’m Not Responsible for Your Information Insecurity (audio)

16 Jun 20158min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
forklart
aftenpodden-usa
stopp-verden
popradet
dine-penger-pengeradet
det-store-bildet
fotballpodden-2
nokon-ma-ga
unitedno
aftenbla-bla
rss-ness
rss-penger-polser-og-politikk
e24-podden
rss-fredrik-og-zahid-loser-ingenting
oppdatert
bt-dokumentar-2
rss-borsmorgen-okonominyhetene
amerikansk-politikk