7MS #297: How to Succeed in Business Without Really Crying
7 Minute Security8 Feb 2018

7MS #297: How to Succeed in Business Without Really Crying

Intro

Here's some of the "juice" that has helped 7MS have a successful start:

Support system

Ok so I think if you're going to have a successful business, you need an awesome support system. Mine consists of some of these things:

  • Faith - I'm a Christian and pray about this business constantly. In fact I learned really quickly how easy it is to brag about your rock-solid faith when everything is going fine. And then when suddenly the rug is pulled out from under you, you find what your faith is really made of!

  • My wife - she's my biggest supporter and cheerleader.

  • Financial advisor - we have a great "money guy" who helped us plan for moments like these, where income might be slower as I drum up business.

  • Trusted advisors - I'm blessed to have a partner called InteProIQ that has been a sounding board for a zillion and one questions. Everything from helping me quote projects and set hourly rates to marketing plans and connecting me with other business owners and contacts.

General "get your business started" stuff

  • Form your LLC - I just Googled how to do it, and found a bunch of articles with good info. Basically I found my state's Web site hierarchy and within that was a place to register the LLC and grab an EIN for tax purposes.

  • Bank accounts - I visited my local banker and setup work checking/savings/etc.

Tech tools to help you get the job done

  • Quickbooks - I use this to keep track of expenses, send out quotes, reconcile invoices, etc.

  • Expensify - I use it to track receipts and mileage. They even give you an email address where you can forward receipts to and it'll work it's awesome OCR magic to automatically extract the vendor, charge and date. Awesome!

  • Toggl - a free Web interface (and app) to track time for projects (if the client doesn't already have something they want me to use)

....more on 7MS.us!

Avsnitt(706)

7MS #553: The Artificial Intelligence Throat Burn Episode

7MS #553: The Artificial Intelligence Throat Burn Episode

Hey friends, today's episode is hosted by an AI from Murf.ai because I suffered a throat injury over the holidays and spent Christmas morning in the emergency room! TLDL: I'm fine, but if you want the (sort of) gory details and an update on my condition after my ENT appointment, check out today's episode. Otherwise, we'll see you next week when our regularly scheduled security content continues in 2023. Merry belated Christmas, happy holidays and happiest of new year to you and yours!

30 Dec 20225min

7MS #552: Tales of Pentest Pwnage - Part 45

7MS #552: Tales of Pentest Pwnage - Part 45

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today's tale of pentest pwnage covers some of the following attacks/tools: Teleseer for packet capture visualizations on steroids! Copernic Desktop Search Running Responder as Responder.py -I eth0 -A will analyze traffic but not poison it I like to run mitm6 in one window with mitm6.py -i eth0 -d mydomain.com --no-ra --ignore-nofqdn and then in another window I do ntlmrelayx.py -6 -wh doesntexist -t ldaps://ip.of.the.dc -smb2support --delegate-access > relaysRphun.log - that way I always have a log of everything happening during the mitm6 attack Vast.ai looks to be a cost-effective way to crack hashes in the cloud (haven't tested it myself yet)

24 Dec 202257min

7MS #551: Interview with Matt Warner of Blumira

7MS #551: Interview with Matt Warner of Blumira

Today we welcome our pal Matthew Warner (CTO and co-founder of Blumira) back to the show for a third time (his first appearance was #507 and second was #529). I complained to Matt about how so many SIEM/SOC solutions don't catch early warning signs of evil things lurking in customer networks. Specifically, I whined about 7 specific, oft-missed attacks like port scanning, Kerberoasting, ASREPRoasting, password spraying and more. (Shameless self-promotion opportunity: I will be discussing these attacks on an upcoming livestream on December 29). Matt dives into each of these attacks and shares some fantastic insights into what they look like from a defensive perspective, and also offers practical strategies and tools for detecting them! Note: during the discussion, Matt points out a lot of important Active Directory groups to keep an eye on from a membership point of view. Those groups include: ASAAdmins Account Operators Administrators Administrators Backup Operators Cert Publishers Certificate Service DCOM DHCP Administrators Debugger Users DnsAdmins Domain Admins Enterprise Admins Enterprise Admins Event Log Readers ExchangeAdmins Group Policy Creator Owners Hyper-V Administrators IIS_IUSRS IT Compliance and Security Admins Incoming Forest Trust Builders MacAdmins Network Configuration Operators Schema Admins Server Operators ServerAdmins SourceFireAdmins WinRMRemoteWMIUsers WorkstationAdmins vCenterAdmins

16 Dec 20221h 10min

7MS #550: Tales of Pentest Fail - Part 5

7MS #550: Tales of Pentest Fail - Part 5

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Hey friends, today's episode is extra special because it's our first episode we've ever done live and with video(!). Will we do it again? Who knows. But anyway, we had a fun time talking about things that have gone not so well during pentesting lately, specifically: Things we keep getting caught doing (and some potential ways to not get caught! Responder SharpHound CrackMapExec - specifically running -x or -X to enumerate systems PowerHuntShares "FUD sprinklers" - people who cast fear, uncertainty and doubt on your pentest findings A story about the time I took down a domain controller (yikes)

9 Dec 202252min

7MS #549: Interview with Christopher Fielder and Daniel Thanos of Arctic Wolf

7MS #549: Interview with Christopher Fielder and Daniel Thanos of Arctic Wolf

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today my friends Christopher Fielder and Daniel Thanos from Arctic Wolf chat with me about what kinds of icky things bad guys/gals are doing to our networks, and how we can arm ourselves with actioanble threat intelligence and do something about it! P.S. This is Christopher's seventh time on the program. Be sure to check out his first, second, third, fourth, fifth and sixth interviews with 7MS.

2 Dec 20221h 1min

7MS #548: Tales of Pentest Pwnage - Part 44

7MS #548: Tales of Pentest Pwnage - Part 44

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Happy belated Thanksgiving! This is not a brag or a flex, but this episode covers a coveted achievement I haven't achieved in my whole life...until now: TDAD: Triple Domain Admin Dance!!!!1111!!!1!1!!!! We talk about the fun attack path that led to the TDAD (hint: always check Active Directory user description fields!), as well as a couple quick, non-spoilery reviews of a few movies: V for Vendetta and The Black Phone.

25 Nov 202250min

7MS #547: Tales of Pentest Pwnage - Part 43

7MS #547: Tales of Pentest Pwnage - Part 43

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today we're talking about tales of pentest pwnage - specifically how much fun printers can be to get Active Directory creds. TLDL: get into a printer interface, adjust the LDAP lookup IP to be your Kali box, run nc -lvp 389 on your Kali box, and then "test" the credentials via the printer interface in order to (potentially) capture an Active Directory cred! Today we also define an achievement that's fun to unlock called DDAD: Double Domain Admin Dance.

18 Nov 202242min

7MS #546: Securing Your Mental Health - Part 3

7MS #546: Securing Your Mental Health - Part 3

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today we're talking about securing your mental health! I share some behind-the-scenes info about my own mental health challenges, and share a great tip a counselor gave me for getting into a good headspace before heading into a difficult conversation/situation.

11 Nov 202239min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
motiv
p3-krim
flashback-forever
rss-viva-fotboll
fordomspodden
politiken
aftonbladet-daily
rss-sanning-konsekvens
rss-krimstad
rss-vad-fan-hande
spar
olyckan-inifran
rss-krimreportrarna
rss-frandfors-horna
dagens-eko
blenda-2
rss-flodet
rss-expressen-dok