7MS #329: Active Directory Security 101
Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what's happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Welcome! Today I'm kicking off a new miniseries all about the fundamentals of Active Directory security. Rather than try to pile all the info into show notes, I'm going to start pumping everything into a living/breathing GitHub gist so we're all on the same page as this miniseries develops further. So, please feel free to check out that gist here.
27 Sep 201821min
7MS #328: How to Succeed in Business Without Really Crying - Part 5
This episode is a cavalcade of fun! Why? First, I've got a big announcement: I've accepted a new position. "What?!" exclaimed my mom. "I thought you were president of 7MS, what the what?" No worries, it's business as usual, and my responsibilities at 7MS aren't changing. But I'm also going to start writing blogs, nurturing a Slack channel and producing a podcast for somebody else each week. Tune in to find out who! Oh, and I also conclude this episode with a song from my band, Sweet Surrender. A few years ago we wrote a goofy song to start our shows called Sound Check, and in this episode, I wanted to debut the sequel to that song...called MANDATORY ENCORE. Enjoy.
19 Sep 201828min
7MS #327: Interview with John Strand
Today's episode is brought to you by my friends at Netwrix. Their amazing Netwrix Auditor tool gives you visibility into what's happening both on your local network and cloud-based IT systems and tells you about critical changes, and when and where people have been accessing data. Give it a spin right in your browser here, and then try it in your environment free for 20 days! www.netwrix.com Well I'm geeking out big time because today I chatted with John Strand of Black Hills Information Security, SANS instructing, Security Weekly, Active Countermeasures, RITA and more. Some people think he looks like Wash from Serenity or Steve the Pirate from Dodgeball, and others get upset when they learn he's not John Strand the male model. I've followed John and his team's work since I got started in security, and they've been a huge inspiration for what I do at 7MS. If you're not watching the BHIS Webcasts stop what you're doing and subscribe now! They're all full of practical, hands-on security advice - often complemented by tools that are totally free! Anyway, enjoy today's interview where John and I talk about how to make pentesters' jobs harder, and why he'd rather be a security advisor to Katy Perry than Donald Trump.
13 Sep 201846min
7MS #326: Interview with Ryan Manship and Dave Dobrotka
Today's episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to www.dashlane.com/7ms and use the code 7MS for 10% off a year of Dashlane Premium! Today I'm super pumped to be joined by Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup. Both these guys lead red teams for a living and had a lot of great insight to share as it relates to: The definition of "red teaming" and where it overlaps, if at all, with pentesting Successfully running red team campaigns Defending against a red team campaign How to climb unclimbable walls Is antivirus any good at stopping attackers? The importance of 2FA and training your end-users How to fool the "This email originated outside your organization" email banners How to break into red teaming as a career How to successfully break into a casino (or not) Other links and things mentioned in today's show: RedTeam Security's awesome YouTube video on breaking into the US power grid If you're a red teamer and in the Twin Cities area (or willing to drive a bit), you definitely want to sign up for ArcticCon coming up on October 23-24 at the Optum World Headquarters. Head to the link and sign up - if there are seats left! Once you listen to today's episode, please let me know if you'd like Ryan and Dave to come back for another interview. We were thinking it would be a blast to talk about the details of planning a red team engagement!
6 Sep 20181h 33min
7MS #325: Integrating Pwned Passwords with Active Directory - Part 2
Today's episode is a follow-up to #304 where we talked about how you can integrate over 500 million weak/breached/leaked passwords form Troy Hunt's Pwned Passwords into your Active Directory. To get started with this in your environment, grab Troy's updated passwords list here, and then you can check out my BPATTY site for step-by-step implementation instructions. The big "gotchas" I discuss in today's episode are: If users update their password to something on the Pwned Passwords list, they'll see the generic "Your password didn't meet policy requirements" message. In other words, the message they'll see is no different than when they pick a password that doesn't meet the default domain policy. So be careful! I'd recommend training the users ahead of pulling the trigger on Pwned Passwords. If you want to take, for example, just the top 100 words off of Troy's list and start your implementation off with a small list with: Get-Content ".\pwnedpasswords.txt" | select -First 100 As it relates to "hard coding" a machine to point to a specific domain controller, this site has the technique I used. Is there a better way?
30 Aug 201819min
7MS #324: How to Succeed in Business Without Really Crying - Part 4
It's been a while so I thought I'd update you on how things are going on the business front. Here are the big updates I want to share with you in today's episode: A new 7MS hire that's going to hunt sales opportunities! My approach to finding podcast sponsors (it seems to be working) Some kick-butt interviews that are on the horizon (including the one and only JOHN STRAND!) Lots of goodies to share today!
23 Aug 201820min
7MS #323: 7 Ways to Not Get Hacked
I'm putting together a general security awareness session aimed at helping individuals and businesses not get hacked. To play off the lucky number 7, I'm trying to broil this list down to 7 key things to focus on. Here's my list thus far: Passwords 2FA/MFA Wifi (put a good password on it, don't use WEP, don't use WPS Sign up for HaveIBeenPwned Update all the things Block malware/mining with browser plugins Security awareness training What do you think? Anything I missed or should consider swapping with another topic? Contact me!
16 Aug 201818min
7MS #322: My First Live Radio Interview
I had an exhilarating and terrifying experience this week doing my first ever live radio interview! As a quick bit of background, this interview was part of the 7MS radio marketing campaign that I've talked about my "How to Succeed in Business Without Really Crying" series (here's part 1, 2 and 3). The interview was conducted by Lee Michaels, and though my heart was pounding for the first few minutes, it quickly became fun as Lee and I talked about picking good passwords, securing wifi, talking to your kids about safe online behaviors, and more.
9 Aug 201853min
