7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4
7 Minute Security1 Nov 2019

7MS #386: Interview with Ryan Manship and Dave Dobrotka - Part 4

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!

I'm sorry it took me forever and a day to get this episode up, but I'm thrilled to share part 4 (the final chapter - for now anyways) of my interview with the red team guys, Ryan and Dave!

In today's episode we talk about:

  • Running into angry system admins (that are either too fired up or not fired up enough)
  • Being wrong without being ashamed
  • When is it necessary to make too much noice to get caught during an engagement?
  • What are the top 5 tools you run on every engagement?
  • How do you deal with monthly test reports indefinitely being a copy/paste of the previous month's report?
  • How do you deal with clients who scope things in such as way that the test is almost impossible to conduct?
  • How do you deal with colleagues who take findings as their own when they talk with management?
  • How do you work with clients who don't know why they want a test - except to check some sort of compliance checkmark?
  • What is a typical average time to complete a pentest on a vendor (as part of a third-party vendor assessment)?
  • How could a fresh grad get into a red team job?
  • What do recruiters look for candidates seeking red team positions?
  • If a red team is able to dump a whole database of hashes or bundle of local machine hashes, should they crack them?
  • What do you do when you're contracted for a pentest, but on day one your realize the org is not at all ready for one?
  • What's your favorite red team horror story?

Avsnitt(683)

7MS #19: Kioptrix! (audio)

7MS #19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills. Download: 7MS #19: Kioptrix! (audio) Show notes: The Kioptrix series of VMs is here: http://www.kioptrix.com/blog/test-page/ and here: http://vulnhub.com/?q=kioptrix&sort=date-des&type=vm. Got approved for my OSCP training and I start it in a few…

5 Juli 20147min

7MS #18: Wireless Security 101 (audio)

7MS #18: Wireless Security 101 (audio)

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments. Download: 7MS #18: Wireless Security 101 (audio) Show notes: WEP encryption is very, very bad. It’s easy to crack. Don’t use it. Wifite will demonstrate how easy it is to crack WEP. Stronger encryption such as WPA/WPA2…

22 Juni 20147min

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

7MS #17: How to Pass the Certified Ethical Hacker Exam (audio)

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam. Download: 7MS #17: How to Pass the Certified Ethical Hacker Exam (audio) Show notes: Here’s info on the CEH training and test outline. I took my CEH training through UFairfax with instructor Leo Dregier. See this post I wrote that…

14 Juni 20147min

7MS #16: PwnPad Initial Impressions – part 2! (audio)

7MS #16: PwnPad Initial Impressions – part 2! (audio)

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting. Download: 7MS #16: PwnPad Initial Impressions – Part 2 Show notes: In a nutshell: PwnPad is a great tool to simplify/automate some wireless recon and/or hacking! PwnieExpress has a great write-up on mapping APs w/GPS coordinates using Google Earth here:…

31 Maj 20147min

7MS #15: PwnPad Initial Impressions (audio)

7MS #15: PwnPad Initial Impressions (audio)

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting. Download: 7MS #15: PwnPad Initial Impressions Show notes: Carrying around a Nexus 7 instead of a bulky laptop to do wireless pentesting sure is nice! PwnPad scripts/automates much of the “busy work” to capture WPA handshakes.

24 Maj 20146min

7MS #14: H8 4 Win8 (audio)

7MS #14: H8 4 Win8 (audio)

In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong. Download: 7MS #14: H8 4 Win8 (audio) Show notes: Windows Defender doesn’t seem to auto-update on Win 8 unless you have updates set to auto download/install. I found a nifty script you can add as…

10 Maj 20146min

7MS #13: How to Get Pwned by HP (audio)

7MS #13: How to Get Pwned by HP (audio)

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware! Download: 7MS #13: How to Get Pwned by HP (audio) Show notes: My takeaways/recommendations from this experience: See a pic of my FortiClient picking up on…

3 Maj 20147min

7MS #12: Why My Domains Have Gan to Gandi (audio)

7MS #12: Why My Domains Have Gan to Gandi (audio)

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts. Download: 7MS #12: Why My Domains Have Gan to Gandi (audio) Show notes: This episode is all about this article (https://medium.com/cyber-security/24eb09e026dd) in which a Twitter user…

28 Apr 20147min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
rss-vad-fan-hande
aftonbladet-daily
rss-sanning-konsekvens
olyckan-inifran
rss-viva-fotboll
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight