• 7MS #648: First Impressions of Level.io
    Nov 1 2024

    Hey friends, today I’m sharing my first (and non-sponsored) impressions of Level.io, a cool tool for managing Windows, Mac and Linux endpoints. It fits a nice little niche in our pentest dropbox deployments, it has an attractive price point and their support is fantastic.

    Show more Show less
    40 mins
  • 7MS #647: How to Succeed in Business Without Really Crying – Part 19
    Oct 25 2024

    Today we’re talkin’ business – specifically how to make your report delivery meetings calm, cool and collect (both for you and the client!).

    Show more Show less
    22 mins
  • 7MS #646: Baby’s First Incident Response with Velociraptor
    Oct 18 2024

    Hey friends, today I’m putting my blue hat on and dipping my toes in incident response by way of playing with Velociraptor, a very cool (and free!) tool to find evil in your environment. Perhaps even better than the price tag, Velociraptor runs as a single binary you can deploy to spin up a server and then request endpoints to “phone home” to you by way of GPO scheduled task. The things I talk about in this episode and show in the YouTube stream are all based off of this awesome presentation from Eric Capuano, who also was kind enough to publish a handout to accompany the presentation. And on a personal note, I wanted to share that Velociraptor has got me interested in jumping face first into some tough APT labs provided by XINTRA. More to come on XINTRA’s offering, but so far I’m very impressed!

    Show more Show less
    16 mins
  • 7MS #645: How to Succeed in Business Without Really Crying - Part 18
    Oct 14 2024

    Today I do a short travelogue about my trip to Washington, geek out about some cool training I did with Velociraptor, ponder drowning myself in blue team knowledge with XINTRA LABS, and share some thoughts about the conference talk I gave called 7 Ways to Panic a Pentester.

    Show more Show less
    31 mins
  • 7MS #644: Tales of Pentest Pwnage – Part 64
    Oct 4 2024

    Hey! I’m speaking in Wanatchee, Washington next week at the NCESD conference about 7 ways to panic a pentester! Today’s tale of pentest pwnage is a great reminder to enumerate, enumerate, enumerate! It also emphases that cracking NETLM/NETNTLMv1 isn’t super easy to remember the steps for (at least for me) but this crack.sh article makes it a bit easier!

    Show more Show less
    41 mins
  • 7MS #643: DIY Pentest Dropbox Tips – Part 11
    Sep 27 2024

    Today we continue where we left off in episode 641, but this time talking about how to automatically deploy and install a Ubuntu-based dropbox! I also share some love for exegol as an all-in-one Active Directory pentesting platform.

    Show more Show less
    27 mins
  • 7MS #642: Interview with Ron Cole of Immersive Labs
    Sep 23 2024

    Ron Cole of Immersive Labs joins us to talk pentest war stories, essential skills he learned while serving on a SOC, and the various pentest training and range platforms you can use to sharpen your security skills! Here are the links Ron shared during our discussion:

    • VetSec
    • Fortinet Veterans Program
    • Immersive Labs Cyber Million
    • FedVTE
    Show more Show less
    42 mins
  • 7MS #641: DIY Pentest Dropbox Tips – Part 10
    Sep 13 2024

    Today we’re revisiting the fun world of automating pentest dropboxes using Proxmox, Ansible, Cursor and Level. Plus, a tease about how all this talk about automation is getting us excited for a long-term project: creating a free/community edition of Light Pentest LITE training!

    Show more Show less
    28 mins