7MS #297: How to Succeed in Business Without Really Crying
7 Minute Security8 Feb 2018

7MS #297: How to Succeed in Business Without Really Crying

Intro

Here's some of the "juice" that has helped 7MS have a successful start:

Support system

Ok so I think if you're going to have a successful business, you need an awesome support system. Mine consists of some of these things:

  • Faith - I'm a Christian and pray about this business constantly. In fact I learned really quickly how easy it is to brag about your rock-solid faith when everything is going fine. And then when suddenly the rug is pulled out from under you, you find what your faith is really made of!

  • My wife - she's my biggest supporter and cheerleader.

  • Financial advisor - we have a great "money guy" who helped us plan for moments like these, where income might be slower as I drum up business.

  • Trusted advisors - I'm blessed to have a partner called InteProIQ that has been a sounding board for a zillion and one questions. Everything from helping me quote projects and set hourly rates to marketing plans and connecting me with other business owners and contacts.

General "get your business started" stuff

  • Form your LLC - I just Googled how to do it, and found a bunch of articles with good info. Basically I found my state's Web site hierarchy and within that was a place to register the LLC and grab an EIN for tax purposes.

  • Bank accounts - I visited my local banker and setup work checking/savings/etc.

Tech tools to help you get the job done

  • Quickbooks - I use this to keep track of expenses, send out quotes, reconcile invoices, etc.

  • Expensify - I use it to track receipts and mileage. They even give you an email address where you can forward receipts to and it'll work it's awesome OCR magic to automatically extract the vendor, charge and date. Awesome!

  • Toggl - a free Web interface (and app) to track time for projects (if the client doesn't already have something they want me to use)

....more on 7MS.us!

Avsnitt(706)

7MS #610: DIY Pentest Dropbox Tips – Part 9

7MS #610: DIY Pentest Dropbox Tips – Part 9

Hey friends, today we cover a funstrating (that's fun + frustrating) issue we had with our DIY pentest dropboxes. TLDL:   The preseed file got jacked because I had a bad Kali metapackage in it. While I was tinkering around with preseed files, I decided it would be more efficient to have the Kali ISO call that preseed file directly over HTTP (rather than make a new ISO every time I made a preseed change).  To accomplish that: Mount the Kali ISO Explore to isolinux > txt.cfg Modify the txt.cfg to include a custom boot option that calls your preseed over HTTP.  For example: label install menu label ^Install Yermaum kernel /install.amd/vmlinuz append net.ifnames=0 preseed/url=https://somewebsite/kali.preseed locale=en_US keymap=us hostname=kali777 domain=7min.sec simple-cdd/profiles=kali desktop=xfce vga=788 initrd=/install.amd/initrd.gz --- quiet

9 Feb 202420min

7MS #609: First Impressions of Sysreptor

7MS #609: First Impressions of Sysreptor

Hey friends, today is a first impressions episode about Sysreptor, which according to their GitHub page, is a fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.  It is easy to stand up with Docker, has built-in MFA and a great hybrid WYSIWYG/code editor.  The only scary part?  There is no export to Word (insert suspenseful music here!) - your reports just go right to PDF, friends!  The killer feature for us, though, is the ability to create reports from the command line and send files, notes and findings to Sysreptor automagically!

2 Feb 202430min

7MS #608: New Tool Release - EvilFortiAuthenticator

7MS #608: New Tool Release - EvilFortiAuthenticator

Hey friends, today our pal Hackernovice joins us for a tool (actually two tools!) release party: EvilFortiAuthenticator - it's like a regular FortiAuthenticator, but evil.  This tool allows you to capture the FortiAuthenticator API and subsequently steal the entire device's config, subsequently allowing you to restore the config to a second server and potentially steal cleartext Active Directory creds and SMTP accounts!  We talk about BulletsPassView - a tool that originially allowed us to simply unmask the "hidden" API key in the FortiAuthenticator client (this did NOT work in the latest version of FAC). Once you get the API key, check out Fortinet's documentation to do fun things like dump the whole config to a file on disk! After you steal the config and restore it to a fresh FortiAuthenticator, use maintenance mode to reset the admin password. Once you can adjust the restored config to your liking, try using MITMsmtp to capture email server creds in the clear! TCMLobbyBBQ - this tool has nothing to do with security, but helps PC players of the Texas Chain Saw Massacre get into lobbies more efficiently.

26 Jan 202443min

7MS #607: How to Succeed in Business Without Really Crying - Part 15

7MS #607: How to Succeed in Business Without Really Crying - Part 15

Today we talk about some business-y things like: A pre first impressions opinion on Sysreptor Why I'm not worried about AI replacing manual pentesting (yet) My struggle with going "full CEO" vs. staying in the weeds and working on hands-on security projects

19 Jan 202439min

7MS #606: Hacking OWASP Juice Shop (2024 edition)

7MS #606: Hacking OWASP Juice Shop (2024 edition)

Today our pals Bjorn Kimminich from OWASP and Paul from Project7 and TheUnstoppables.ai join us as we kick off a series all about hacking the OWASP Juice Shop, which is "probably the most modern and sophisticated insecure web application!" We got a few wins on the Juice Shop score board today: Found the score board Bullied the chatbot Fired a DOM XSS Located a confidential document Gave the Juice Shop a devastating zero stars review Fired a DOM XSS which played the OWASP Juice Shop Jingle

12 Jan 202429min

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

7MS #605: Navigating the Demands of Tech Leadership with Amanda Berlin of Blumira

Today our friend Amanda Berlin, Lead Incident Detection Engineer at Blumira, joins us to talk about being more mentally healthy in 2024! P.S. - did you miss Amanda's past visits to the program? Then check out episode 518, 536 and 588. Be sure to check out the next edition of Amanda's Defensive Security Handbook when it comes out in later January, 2024!

5 Jan 202458min

7MS #604: A Two Tool Teaser

7MS #604: A Two Tool Teaser

Today we tease two upcoming tool releases (shooting for Q1, 2024): TCMLobbyBBQ - a Python script for PC players of The Texas Chain Saw Massacre game to help players get out of lobbies and into live games ASAP! The script uses PyAutoGUI to take screenshots of what part of the game you're in, then make appropriate key presses and mouse clicks to get into lobby queues, then alert you when the game actually starts! EvilFortiAuthenticator - this tool will allow you to steal administrator API tokens from FortiAuthenticator which can lead to full compromise of the physical device. Happy new year!

2 Jan 202426min

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

7MS #603: Monitoring Your Tailscale Network with Uptime Kuma

Today I look at potentially replacing Splashtop and UptimeRobot (check out our episode about it here) with Tailscale and Uptime Kuma. The missing link (which I'd love some help with) is answering this security question: how can I setup Tailscale so that my 7MinSec testing box can connect to all these NUCs spread around the globe, but those NUCs cannot connect to each other (in case one is compromised)? Got some ideas? Let me know please!

24 Dec 202328min

Populärt inom Politik & nyheter

svenska-fall
aftonbladet-krim
motiv
p3-krim
flashback-forever
fordomspodden
rss-viva-fotboll
aftonbladet-daily
politiken
rss-sanning-konsekvens
rss-krimstad
rss-vad-fan-hande
spar
rss-frandfors-horna
olyckan-inifran
dagens-eko
blenda-2
rss-krimreportrarna
rss-expressen-dok
rss-flodet