7MS #430: Interview with Dan DeCloss
7 Minute Security2 Sep 2020

7MS #430: Interview with Dan DeCloss

Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and you should definitely check out PlexTrac's upcoming Webinar about runbooks on September 9!). We also did a PlexTrac 101 Webinar with them recently!

You may remember Dan from such podcasts as this one when we first talked to him in 2019. Dan and I have a lot in common in that we both started security companies about the same time, so I had a lot of questions for Dan around how business has been going since we last talked on the podcast. Today our topics/questions include:

  • What are the (good) warning signs that a passion project you have could be a viable business?

  • Why "having all the jobs there has ever been" is a great way to figure out it's time to start your own business :-)

  • At what point does a side project have to become what you do for your day job?

  • How do you safely prepare to quit a comfortable corporate life to life as a small biz owner? Do you go 100% on faith? Do you save your $ for a year so you can "float" your business for a while? Some combination of the two?

  • How important is it to have the support of your friends/family when starting a new biz?

  • Once you start a biz what are the best/worst things about wearing all the hats (engineering, sales, marketing, accounting, HR, etc.)?

  • When is it time to hire additional resources or raise additional money to support your growing business?

  • What marketing efforts are fruitful for a new security biz to spend time/money on?

  • How do you decide what bells/whistles to add to PlexTrac? Follow your own roadmap? Let the customers drive your direction? Some combo of both?

  • What new bells and whistles are coming to PlexTrac in the Webinar on September 9?! (Spoiler alert: RUNBOOKS!)

Avsnitt(683)

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

Today’s fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it’s too late.

27 Maj 59min

7MS #675: Pentesting GOAD – Part 2

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe “The Machine” Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Maj 31min

7MS #674: Tales of Pentest Pwnage – Part 71

7MS #674: Tales of Pentest Pwnage – Part 71

Today’s tale of pentest pwnage is another great one!  We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all “branches” of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Maj 49min

7MS #673: ProxmoxRox

7MS #673: ProxmoxRox

Today we’re excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs.  Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14!  More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Maj 30min

7MS #672: Tales of Pentest Pwnage – Part 70

7MS #672: Tales of Pentest Pwnage – Part 70

Today’s a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs!  I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Apr 55min

7MS #671: Pentesting GOAD

7MS #671: Pentesting GOAD

Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Apr 25min

7MS #670: Adventures in Self-Hosting Security Services

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I’m kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC.  Sweet!  I also supplemented today’s episode with a short live video over at 7MinSec.club.

11 Apr 36min

7MS #669: What I’m Working on This Week – Part 3

7MS #669: What I’m Working on This Week – Part 3

Hi friends, in this edition of what I’m working on this week: 3 pulse-pounding pentests that had…problems Something I’m calling the unshadow/reshadow credentials attack Heads-up on a new video experiment I’m going to try next week

4 Apr 42min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
flashback-forever
rss-krimstad
rss-vad-fan-hande
olyckan-inifran
aftonbladet-daily
rss-viva-fotboll
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
blenda-2
dagens-eko
rss-frandfors-horna
rss-expressen-dok
svd-nyhetsartiklar
spar
spotlight