7MS #476: Tales of Pentest Pwnage - Part 28
**STOP!** If you didn't listen to [last week's episode](https://7ms.us/7ms-475-tales-of-internal-network-pentest-pwnage-part-27/) you might want to, since this was a two-part tale of pwnage. Either way I'll get you up to speed and talk about why this was (of course) one of my favorite pentests ever.
16 Juli 202125min
7MS #475: Tales of Internal Network Pentest Pwnage - Part 27
Yeahhhhhh! Today's another fun tale of pentest pwnage, including: The importance of starting your pentest with an AD account that actually has access to...ya know...stuff The importance of starting your pentest plugged into a network that actually has...you know...systems connected to it! This BHIS article is awesome for finding treasures in SMB shares PowerUpSQL audits are a powerful way to get pwnage on a pentest - check out this presentation for some practical how-to advice IPMI/BMCs often have weak creds and/or auth bypasses so don't forget to check for them. Rapid7 has a slick blog on the topic. Don't forget to check for vulnerable VMWare versions because some of them have major vulnerabilities
8 Juli 202156min
7MS #473: Interview with Nikhil Mittal
Hey everybody! Today Joe and I sat down with Nikhil Mittal of Pentester Academy and Altered Security to talk about a whole slew of fun security topics: How Nikhil first got involved in Pentester Academy Nikhil's hacker origin story How does Nikhil feel about his tools being used by baddies? What security tools/defenses would be good for SMBs to focus on? Active Directory security - is all hope lost? Will AI, ML, Terminator robots, etc. replace all of us who do pentesting for a living?
24 Juni 202151min
7MS #472: Interview with Christopher Fielder
Today our good pal Christopher Fielder from Arctic Wolf is back for an interview three-peat! He joins Joe "The Machine" Skeen (a.k.a. Gh0sthax) and I to talk about all things ransomware, including: How the Colonial Pipeline incident may have started from a weak VPN cred with no MFA. Silver lining (?) - they got some of the $ back. Was the federal government's response good enough? What should the government be doing to better handle and manage ransomware? Common ways ransomware gets in our environments, and some ways to NOT get ransomware'd: Use 2FA (make sure that all accounts are using it!) Consider having (if possible) your AD user scheme be something like chi-user4920394 instead of Joe.President Have users that haven't logged in for X days get automatically locked out Train your users - consider Arctic Wolf's managed security awareness offering Detect early signs of compromise like Kerberoasting Lock down your DNS egress to only specific servers so that it doesn't run "wide open" Leverage good threat intel
16 Juni 202152min
7MS #471: Cyber News - Ransomware Should Run Somewhere Edition
Hey everybody, happy June! Our pal Joe is back to cover some great security stories with us, including: Peloton's leaky API Some Colonial Pipeline discussion (story 1, story 2) Amazon Sidewalk doesn't really share your Internet connection with neighbors/strangers. The Hacker News article doesn't do an awesome job of clearing that up either.
9 Juni 20211h 2min
7MS #470: First Impressions of Meraki Networking Gear
Today we're doing something new - a first impressions episode of Meraki networking gear. Note: this is not a sponsored episode, but rather a follow up to episode #460 where I talked about throwing all my UniFi gear into the ocean and replacing it with Meraki gear. At the end of that episode I asked if anybody was interested in a "first impressions" of the gear, and it turns out (at least 6) people are interested, so here we are! TLDL: Pros Super easy plug-and-play setup The mobile app can control just about everything - ports, SSIDs, Internet on/off timers and more! Verbose logging Top-notch support from experienced technicians Cons Cost! Big $$$ "Cloud only" - can't install this gear in a LAN-only configuration Client VPN is a bit clunky to setup
2 Juni 202136min
7MS #469: Interview with Philippe Humeau of CrowdSec
Hey friends! Today we're talking with Philippe Humeau, CEO of CrowdSec, which is "an open-source massively multiplayer firewall able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global IP reputation database to protect the user network." I came into this interview not knowing much at all about CrowdSec, so I peppered Philippe with questions such as: What is CrowdSec? What problem does it solve? Who are your competitors? You're open source...so how do you make $? What's your five-year plan? You're dealing with a lot of data and metrics...how are you handling data privacy laws and concerns such as GDPR? What if I fall in love with CrowdSec and want to contribute to making it better? It was a really fun, transparent and energetic interview - hope you enjoy it!
26 Maj 202148min
