7 Minute Security21 Mar 2020

7MS #406: Securing Your Family During and After a Disaster - Part 4

This episode of the 7MS podcast is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the later, and ITProTV has you covered. From CompTIA and Cisco to ECCouncil and VMWare. Get a 7-day free trial and save 30% off all plans by going to itpro.tv/7MS

First and foremost, I hope you all are doing well and taking care of yourselves.

Today's episode focuses on disasters, which is unfortunately a very appropriate topic. As a quick refresher, our family had a fire a few months ago. It sucked. I talked about the day of the fire in this episode then did a "how do we get back on the grid?" episode here and then answered some of your FAQs here.

Regardless of if your DR plan includes fires, virus outbreaks, tornados or zombie attacks, it's important to have a solid plan for your family and business. So in today's episode I cover these main two topics:

A DIY $500 NAS + Unlimited Cloud Backup Plan

In trying to be more organized with my backup strategy, I set out to create a new backup plan with the following criteria:

Priced at ~$500
One on-prem array
Encrypted at rest
Backs up to cloud with encryption key I control
Unlimited scalable storage

I found my solution using this awesome video but I need to warn you about something right off the bat: the config in this video and in today's episode is not supported by CrashPlan because CP doesn't have a native backup agent that will run on the Synology NAS (at the time of this writing, anyway). With that said, here's the grocey list of things that make up my backup rig:

(See more info on the show notes for todya's episode at 7ms.us)

Oppdag Premium

Prøv 14 dager gratis

Kjøp Premium

Episoder(684)

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

30 Mai 13min

7MS #676: Tales of Pentest Pwnage – Part 72

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

27 Mai 59min

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Mai 31min

7MS #674: Tales of Pentest Pwnage – Part 71

Today’s tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Mai 49min

7MS #673: ProxmoxRox

Today we’re excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Mai 30min

7MS #672: Tales of Pentest Pwnage – Part 70

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Apr 55min

7MS #671: Pentesting GOAD

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Apr 25min

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today’s episode with a short live video over at 7MinSec.club.

11 Apr 36min

Reklamefrie Premium-podkaster

Hør populære podkaster som Storefri med Mikkel og Herman, Ida med hjertet i hånden, Krimpodden og mye mye mer

Skap din egen podkastboble

I appen skaper du ditt eget bibliotek med favoritter, og vi gir deg også anbefalinger til podkaster du ikke kan gå glipp av.

Prøv 14 dager gratis

Dersom du er ny Podme-bruker får du 14 dager gratis prøveperiode når du oppretter abonnement

Premium

kr 99/mnd

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Tilgang til alle våre Premium-podkaster
Ingen bindingstid. Avslutt når du ønsker

Prøv 14 dager gratis

Premium

kr 129/mnd

Tilgang til alle Premium-podkaster
Alle podkaster fra VG, Aftenposten, BT og SA
Reklamefritt Premium-innhold
Ingen bindingstid. Avslutt når du ønsker
En Ekstra bruker

Prøv 14 dager gratis

Populært innen Politikk og nyheter

Historiene og stemmene du vil høre

Ubegrenset tilgang til alle dine favorittpodkaster

Les mer