7MS #456: Certified Red Team Professional - Part 4

Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. In today's episode, I talk about my fun experience using the Sn1per automated pentesting tool. It's really cool! It can scan your network, find vulnerabilities and exploit them - all in one swoop! It also does a nice one-two punch of OSINT+recon if you feed it a domain name. And, I tell a painful story about how a single checkbox setting in a firewall cost me a lot of hours and tears. You can LOL at me, learn from my pain, and we'll all be better for it.

20 Juli 201818min

Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. This week's show is another interview episode - this time with my pal Bjorn Kimminich of the OWASP Juice Shop. If you've never heard of the Juice Shop before, it's the world's most secure (and I mean that sarcastically) online shopping experience. Actually, it's chock full of security issues, which makes it a fantastic learning tool for Web app pentesters, be they seasoned or total newbs. Bjorn and I sat down (over Skype) to discuss: How the Juice Shop came to be The current status of application security (is it getting any better?!) Common vulnerabilities still found in today's Web apps Juice Shop being featured in Google's Summer of Code How dev teams can better bake security into their products What's next for the Juice Shop (hint: stay tuned after the episode is over for a hint on one new "feature") Bjorn has gone to great lengths to provide documentation about how to get up and running with a copy of the Juice Shop to begin your hacking. Personally I find it dead simple to follow Bjorn's instructions for spinning up a Docker container: docker pull bkimminich/juice-shop docker run --rm -p 3000:3000 bkimminich/juice-shop Should you find the Juice Shop to be a valuable tool, please be sure to ping Bjorn on Twitter to let him know. Be sure to follow the Juice Shop on Twitter as well. Psst...this account sometimes tweets coupon codes which can help you unlock certain challenges!

11 Juli 20181h

Today's interview features Justin McCarthy, CTO and cofounder of StrongDM, which offers both commercial and open source tools (like Comply) to help customers with SOC compliance. Justin schooled me (in a nice way) about a lot of things, including: What SOC and the various SOC types are all about What SOC compliance costs What to look for in selecting a good auditor Tools that can help companies make SOC compliance efforts go more smoothly

5 Juli 201848min

In this episode I wanted to give you some cool/fun updates as it relates to 7MS the business! Specifically: A new member of the 7MS team (kinda!) The weird and varied projects I'm working on Upcoming podcast sponsors (probably in July) 7MS has a "real" office coming soon to the southern metro of MN (hopefully!)

28 Juni 201822min

As a continuation of last week's episode I'm now making a bit of progress in finding a good backup solution that protects USB backups both at rest and when pumped up to the cloud. I mentioned I've been using BackBlaze for backups (not a sponsor), and they allow you to backup USB drives as long as they're connected at least once every 30 days. That's cool. However, many of my USB drives are not encrypted, and I want to protect myself in the off chance that someone breaks in and steals all my stuff while those unencrypted drives are connected. My BackBlaze backup PC is just a little dinky box running Windows 10 Home, so I don't have access to BitLocker. I was gonna drop the ~$100 for the Windows 10 Pro upgrade, but I coincidentally was doing an endpoint security product evaluation at the same time, and so I grabbed a copy of ESET's DESLock (also not a sponsor) because it was on sale. Where I'm stuck now is that the USB drives are unlocked, and yet for some reason BB can't properly back them up. I've got a ticket into their support folks, and will update you once we get to part 3 of this miniseries.

21 Juni 201811min

You probably create DR plans for your business (or help other companies build them), but have you thought about creating one for yourself? Yeah, I know it's grim to think about "What will my loved ones do to get into my accounts, backups, photos, social media accounts..." but it's probably not a bad idea to prepare for that (spoiler alert: we all die at some point). Today I talk about how I'm beginning to build such a plan so my wife can take over for my/our online accounts. This plan includes: A "here's how I run all our technology" Google doc with domains I have registered, their expiration date, what their function is, etc. A how-to guide on restoring data from our online backup solution Implementation of a password manager

13 Juni 201815min

As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need are: PowerShell Empire DeathStar Responder Ntlmrelayx I've written up all the steps in a gist that you can grab here. Enjoy!

7 Juni 201818min

It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!

30 Maj 201818min