Full Episode Guide
Below is a blurb on each podcast episode, a link to show notes where applicable, and an embedded MP3 for your listening pleasure!
1: Epic Introduction
In this episode, I talk about the inspiration behind the 7MS podcast and my vision for it going forward. (Admittedly, my ulterior motive is to use this intro episode to figure out how in the heck to get this podcast submitted and visible on iTunes :-).
2: The Importance of Logging and Alerting
In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached.
3: Patch Strategies: Part 1
Here are some strategies for getting patching done the right way.
4: Patch Strategies: Part 2
In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear.
5: Fun Firewall Rules - part 1
In this episode I talk about some basic firewall rules that many organizations don’t have in place.
6: Fun Firewall Rules - part 2
In this episode I continue talking about some basic firewall rules that many organizations don’t have in place.
7: External Vulnerabilities that Byte
In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up.
8: CISSP - Is That the Cert for Me?
All about the CISSP certification, what it covers, how to study for it, and how to pass it!
9: Information Security for the Whole Family
A chat about sharing passwords with your spouse and how you should probably make home network production changes after hours :-).
10: Information Security for the Whole Family - part 2
In this episode I talk more about some infosec-y things I’m doing on the home front to nurture a security culture (if you will) with my wife and kids.
11: Overtraining your iPhone Touch ID
In this episode I totally throw my subscribers for a loop and do a VIDEO podcast about overtraining your Touch ID on your iPhone.
12: Why My Domains Have Gan to Gandi
In this episode I talk about an account takeover article that freaked me out, and why it changed a few things about how I handle my important online accounts.
13: How to Get Pwned by HP
In this episode I talk about how I had to sent my HP laptop in for repair and, to my surprise, it (allegedly) came back with a bonus: malware!
14: H8 4 Win 8 (audio)
In this episode I talk about two (sort of) security related tips that I’ve learned by using Windows 8 wrong.
15: PwnPad Initial Impressions
In this episode I talk about my initial impressions of using the PwnPad for wireless pentesting.
16: PwnPad Initial Impressions - part 2!
In this episode I talk about my first-hand experience using the PwnPad for wireless pentesting.
17: How to Pass the Certified Ethical Hacker Exam
In this episode I share my experience with EC-Council’s Certified Ethical Hacker training and exam.
18: Wireless Security 101
In this episode I talk about some wireless security basics that we’re not seeing when out on assessments.
19: Kioptrix! (audio)
In this episode I talk about a deliciously vulnerable series of VMs called Kioptrix, and how you can use them to sharpen your pentesting skills.
20: Moving from GoDaddy to DNSimple (audio)
In this episode I talk about why I’m pulling my domains from GoDaddy, and making DNSimple their new home.
21: OSCP - Part 1
In this episode I talk about my venture into Offensive Security and the OSCP certification!
22: Black Squirrel
This episode is about using Black Squirrel for phishing campaigns.
23: OSCP - Part 2
Part 2 of the OSCP series, focusing on how you need to make sure you document everything as you go!
24: Why Wireless Scares Me
This episode is all about why you should (probably not) use wireless hotspots, and keeping yourself safe in general when surfing the Web.
25: Writing Better Pentest Reports
This episode talks about some pointers, tools and tips towards writing better pentest reports.
26: The Importance of Training and Awareness
This episode talks about one topic I’m particularly passionate about. I call it “How not to click on bad stuff.”
27: Backing Up with Crashplan
This is a NON-endorsed/sponsored episode about my personal favorite backup service called CrashPlan.
28: Infosec for Kids?
This is more of a random, wondering aloud type of episode as I think about raising my kids with infosec in mind.
29: Follow Up Then!
This isn’t necessarily related to security, but it’s about one of my favorite tools to keep my todos organized: FollowUp Then!
30: Managing Privileged Accounts
Most organizations I talk to have no idea where their privileged accounts are used across the network. I recently saw a demo of a solution called CyberArk, which seems to address that problem.
31: Network Detective
Network Detective is a tool we’ve been using as kind of an addendum to our full security assessment. It gives some nice, plain-English Excel spreadsheets and Word docs that report on AD health and structure, PC inventory and open ports, AV clients that aren’t working right, and a whole lot more.
32: OSCP - Part 3
An obvious (hopefully) tip that will save you a ton of time.
34: The Hacker Playbook
I found a great bit of reading that walks you through the “plays” of hacking – enumeration, exploitation, post-exploitation, etc. It’s a great (and affordable) book called The Hacker Playbook.
35: OSCP - Part 4
More about the challenging, rage-inducing OSCP training experience.
36: OSCP - Part 5
More OSCP discussion goodness.
37 - Keimpx
Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx.
38: OFFTOPIC - Health and Infosec
Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape.
39: Infosec on the Disney Boat
I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies.
40: OSCP - Part 6
Yep, OSCP continues to kick my butt. I hope this episode helps it kick yours less.
41: OSCP – Part 7
Tired of talking about OSCP yet? Me neither!
42: Vulnerability Scans vs. Pentests
I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to explain the difference (in my mind, anyway).
43: Why Web Site Vulnerability Scanners Can Ruin Your Day
Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this.
44: OFFTOPIC – Annoying People at the YMCA
Warning, this is an off topic episode! Did you know it’s fun to stay at the YMCA? Did you also know it’s fun to annoy annoying people at the YMCA? Listen to this episode to find out why.
45: OFFTOPIC – Why I Stopped Pirating Software
Warning, this is an off topic episode! I used to pirate software. There. I admitted it. But it’s funny how a letter from the Comcast legal dept. will make someone want to stop pirating software forever, immediately.
46: So You Want to Be a Hacker?
So you want to be a hacker? Cool. In this episode I toss myself under the bus and share why I used to have a really dumb perspective on what that meant, and how my view of hackers has changed dramatically.
47: Logging and Alerting RELOADED
Hey, you should log the stuff going on in your network. This episode talks about that (again). And I reference some AD-related settings that may not be enabled in your environment.
48: So I Gave My Eight Year Old a Computer
Is it a good idea to give young kids a computer to play with? Maybe. Maybe not. Tune in to today’s episode and weigh in!
49: OSCP – The Final Chapter – part 1!
We’ve arrived at the exciting two-part finale to my bloody battle with the OSCP!
50: OSCP – The Final Chapter – part 2!
At last, the epic conclusion of the maddening, redeeming OSCP journey.
51: CEH vs. OSCP
A few people have written in asking whether to pursue the CEH or OSCP (or both). This episode discusses my experience with each cert and hopefully points you in the right direction on which one might be right for you.
52: OFFTOPIC – My Son is Really Loyal
It’s another off-topic episode today. This one’s about how my eight-year-old son is fiercely loyal, and wants to settle a 25-year-old score for me.
53: Are You Ready to Get Robbed?
Business DR plans are a hugely important – and often overlooked – piece of the infosec puzzle. But what about at home? If you got run over by a bus tomorrow, would you have good backups and DR in place?
54: Traveling with a Red Giant
If you’re concerned about your credit/debit card security, you might want to give Red Giant a try. It’s a service that provides a debit card you can unlock only when actively buying things, and lock whenever you're not.
55: OFFTOPIC – What’s in Brian’s Murse?
Ok I don’t really have a murse, but I wanted to do a short video(!) podcast to show you some sorta-security-related gadgets that I’ve been nerding out on the last few weeks.
56: OFFTOPIC – Catching Up and Blowing Noses
A few offtopic things: What you can expect as far as a podcast release schedule going forward Two suspicious charges that showed up on my credit card while out of town!
57: How to Review a Firewall
n this episode I talk about a few different ways to approach firewall reviews/audits. This document was very helpful in getting my template started. Also check out Nipper if you’re looking for a good automated tool.
58: What Should We Do First?
At the end of just about every assessment I deliver, the client asks “What should we do first?” They (understandably) want to know a “top 5″ list of things they should change right away to improve their security posture.
59: Traveling with a Red Giant – Part 2
A few episodes back I talked about Red Giant, a cool service that provides you with a pre-paid debit card that can be controlled/locked with your phone. I finally got my card working, and this episode is about some cool things I learned about it.
60: How Not to Suck at Customer Service
This episode was inspired by two awesome customer service experiences I had in the past week. It got me thinking: how can we as infosec professionals suck less with our customer service approach?
61: Why Local Admin Rights Suck
Users running as local admins on their machine are a big risk! This episode discusses some reasons why, and also here is the link to the Avecto study I mention regarding how many Microsoft vulnerabilities would be thwarted by removing admin rights.
62: You Should Run LAPS
Microsoft has released a tool called Local Administrator Password Solution to help administrators manage local admin credentials for domain-joined machines. Check out this article for more information, and please contact me if you end up running this, as I’d love to hear about your experience.
63: I’m Excited to Go Phishing
This week I’ll be launching a phishing campaign against an organization that has been well trained to defend against such malicious attacks and links! Will this organization break my company’s 100% success rate for phishing, or will I be able to craft an email to fool at least one person?
64: Wifi Sniffing is Fun - Part 1
I got a fun project involving wireless sniffing, followed up by scraping through packets looking for credit card data! Here’s part 1, which talks about about software/hardware you might need to do this the right way.
65: OFFTOPIC - Still Alice
Warning, this episode is off topic and has NOTHING to do with infosec! Nope! Instead, it’s a review of the movie Still Alice.
66: I’m Excited to Go Phishing – Part 2
This is a follow-up to episode #63, discussing the results of a fun phishing campaign I recently completed.
67: Wifi Sniffing is Fun - Part 2
This is a follow-up to episode #64, in which I did some fun wireless sniffing and tried to find sensitive data within it! In the episode I talk about the network “map” of my sniffing setup.
68: Is Training and Awareness Worth It or Worthless?
This episode is about something that got my undies in a bunch – I heard a security expert imply that training and awareness might be worthless!
69: I’m Not Responsible for Your Information Insecurity
Are you too hard on yourself? Do you think the success of your client’s infosec program lives and dies with you? Listen to this episode. You might feel better.
70: Get the Most out of Your DNS!
I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.
71: OFFTOPIC - Mad Max
We’re going totally off topic today and doing a movie review of Mad Max!
72: PCI Pentesting 101
I’m pumped to talk about an about an awesome, free little tool that made my Internet connection feel like new again.
73: PCI Pentesting 101 – Part 2
This episode is the exciting continuation of a recent pentest I did, in which I got some serious pwnage, including cracking the domain admin password!
74: How to Become a More Organized Information Security Professional
In this episode I share some strategies and apps that may help you stay more organized as you go about your infosec work!
75: OFFTOPIC - My Son's Piano Recital
I wanted to share (what I think is) an amusing anecdote about my son's first piano recital, which was topped off by a kid playing the song "Lucky." Many LOLs commenced for me.
76: Lessons Learned from LastPass
I know this is a bit late, but I wanted to talk a little about the LastPass breach and why I'll still remain a customer.
77: OFFTOPIC - Rickrolling Your Coworkers for Fun and Profit
This week i used my Wifi Pineapple to scare and amuse my coworkers and lure them into a Rickroll trap. All the gory details in today's episode!
78: It's All About Segmentation
In this episode I advocate for proper network segmentation, as doing it (well and right!) can seriously reduce your risks!
79: My Love/Hate Relationship with Nessus
In this episode I talk about one of my favorite vulnerability scanners, Nessus, and why I want to simultaneously hug it and punch it in the neck.
79.5: UPDATE(!) on My Love-Hate Relationship with Nessus
In episode #79 I shared some gripes about Nessus. Those gripes were quickly answered by Tenable staff/support so I wanted to pass relevant updates on to you!
80: OSWP - Part 1
This episode kicks off a multi-part series all about the OSWP (Offensive Security Wireless Professional) certification.
81: OSWP - Part 2
A continuation of our thrilling, exciting, mind-blowing series on OSWP (Offensive Security Wireless Professional)!
82: OSWP - Part 3
The OSWP series is coming to a close. One final episode today and then the four-quel episode will be all about the test!
83: Wifi Pineapple First Impressions
In this episode I talk about my first hands-on experience with a Wifi Pineapple, and why you'll probably want one too.
84: DIY Pwn Pad
Hey have you heard of Pwn Pads? They're an awesome network pentesting tool that leverages a Nexus tablet - which you can either buy right from Pwnie Express, or create your own if you have a certain model of Nexus lying around. I just happened to have the right Nexus model around, so this podcast episode chronicles my trial and error (mostly error) in making a DIY Pwn Pad!
P.S. to get the Android tools installed on Ubuntu 14.04, run these commands:
sudo add-apt-repository ppa:nilarimogard/webupd8sudo
apt-get updatesudo apt-get install
85: What is The Penetration Testers Framework (PTF)?
Need an easy way to create a modular/mobile kit of pentest tools to take with you from machine to machine? And ALSO be able to update all those modules in one command? Then check out the PTF! That's what we're talkin' about on today's podcast.
86: OSWP-The Final Chapter!
This episode concludes the gripping, thrilling, exciting, awesome-ing, death-defying, unsettling, rattling series on OSWP (Offensive Security Wireless Professional). Specifically, I talk (as much as I can without getting into trouble) about the exam and give you some pointers to pass it!
87: Presenting the Right Findings to the Right Audience
Today I talk about challenge I run into when I'm delivering to a mixed audience of C-level folks and IT people. How do you keep things high level enough so everybody "gets it" but also go level enough that the recommendations have some teeth?
This episode's about a cool security app called GlassWire, which is (kind of) a firewall on steroids. I love it! Oh, and this is not an endorsement or a commercial :-)
Today we're talking about a new (to me) Web site/app scanning tool called AppSpider by Rapid7. Again, this isn't a commercial or paid advertisement. I just like sharing things that I like and use.
90: OFFTOPIC - Citizenfour
We're going offtopic today and talking about the Citizen Four documentary, which centers around the Edward Snowden story.
Today's episode is about Umbrella, a product from OpenDNS that provides a layer of protection against malware, wifi-jacking and other threats.
92: You're Not Ready for Big Boy Security Pants
Sometimes I get in situations where clients want their WHOLE security program reviewed, but in reality, they are still in the baby steps phase. What's the right thing to do when, for lack of a better term, the client isn't ready to put on their security big boy points?
93: Securing Your Life
So yeah, this is kind of off-topic, but have you thought about security in the sense of "What kinds of security things should I be doing before I'm dead?" Today's episode explores that.
94: Learn How to Burp - Part 1
I've been looking for better ways to learn Burp Suite and I struck gold! Check out my recommendations in today's episode!
95: How to Make Friends During a Security Assessment
When you start a security assessment with a company, not everybody's gonna be glad to see you. The IT dept and other employees may have tense shoulders, thinking that this is an Office Space situation where they're interviewing for their jobs. This episode talks about some ways you might be able to get your assessment off to a right start.
96: How to Make Enemies During a Security Assessment
Yep, we're talking about how to make ENEMIES during a security assessment today (and maybe turn them into friends).
97: OFFTOPIC - Limbo
We're going off topic today and talking about video games! LIMBO for the Xbox!
98: Intro to PCI Scoping
So far I've focused on the technical aspects of PCI, but I'm trying to get familiar with the overall scoping questions that my tenacious QSA friends ask when they start a gap analysis. This episode shares some interesting tidbits I learned while doing some QSA "shadowing" on an assessment of a restaurant.
99: How to Deliver Bad News in a Good Way
Today's episode gives you some tips on how to deliver bad news in an assessment in a positive way. I think that last sentence was a grammatical nightmare.
100: Assessment Curses Can Be Blessings
Ever had an assessment that you thought would be the death of you? I had one recently, but after sticking it out, it turned out to be a blessing in disguise.
101: OFFTOPIC - I Am Chris Farley
The new(ish) Chris Farley documentary is fantastic - see it!
I'm a big fan of Recon-ng and you should be too! Check it out - and learn more about Tim Tomes, its creator - at www.lanmaster53.com. And here's the video I mentioned in the podcast - my first look at Recon-ng in action:
103: OFFTOPIC - I Was in a Movie Once
This is an off-topic episode about the time I was in the holiday comedy super-smash laugh-fest, Jingle All the Way.
104: LANTurtle First Impressions
Hey I just got a LANTurtle and....these are my first impressions!
105: OFFTOPIC - Big Bag of Random Sauce
Today's totally random episode covers: 1. How bad does this podcast's logo suck? 2. Does this podcast need a theme song? 3. Some interesting training I'm taking next week. 4. The Walking Dead - who should die? 5. Metal Gear Solid and my personal godmode strategy.
106: A Day in the Life of an Information Security Analyst
A listener wrote in asking some questions about "a day in the life of" a security analyst, so here's my best stab at it!
107: I'm Going to PWAPT!
Hey I'm going to PWAPT this week (http://www.eventbrite.com/e/practical-web-application-penetration-testing-with-tim-tomes-lanmaster53-tickets-16718889649), so in this episode I talk about that...and how I'll probably be too info-overloaded to record anything on Thursday :-). Oh, and I had a fun Web app pentest this week that I wanted to share some fun bits on.
108: I'm Going to PWAPT! - Part 2
Here's part 2 (of probably several to come) about my experience with PWAPT (Practical Webapp Pentesting) training last week!
109: OFFTOPIC - It Follows and Backcountry
Movie reviews of It Follows and Backcountry.
110: Hacking WPA Enterprise - Part 1
This episode is about my experience hacking WPA enterprise. Huge mega tiger uppercut thanks to this site for giving me the fixes I needed to get this working on Kali2!
111: Hacking WPA Enterprise - Part 2
The thrilling (?) conclusion of my experience hacking WPA Enterprise.
112: This is Sparta!
This episode is about one of my favorite enumeration tools called Sparta - it's built right into Kali 2. And maybe it was in Kali 1 and I totally missed it. But whatevs. I'm happy to have found it now!
113: Big Bag of Random Security Stuff
Yep, this episode is EXACTLY what the title implies.
114: PCI Pentesting 101 - Part 3
Part 3 on my series about PCI pentesting. Yeah. That.
115: OFFTOPIC - Love and Mercy
We're going off-topic today and talking about the new(ish) movie about Brian Wilson's life called Love and Mercy.
116: Tips for a Succesful Vulnerability Scan
In this episode I complain about getting stuck in NY for two days, and also how to efficiently scan for vulnerabilities when your time is crunched.
117: OFFTOPIC - Alive Inside
Today I talk about one of the most moving films I've ever seen - a documentary called Alive Inside.
118: Should Phishing be Fair?
This episode discusses an important and rhetorical (to me) infosec question: Should phishing campaigns be "fair?"
119: Migrating from Tumblr to Ghost - Part 1
In this episode I talk about my adventures in moving my brianjohnson.tv Tumblr content over to a Digital Ocean hosted droplet running Ghost. I think you'll want to check this episode out, because in part 2 I talk about the challenges I faced in hosting multiple Ghost instances on one DI droplet. I will also be talking about how to enable CloudFlare SSL (for free!) as well as enabling Fail2Ban to keep annoying people/IPs from brute forcing your SSH root account!
120: The Purge!
Announcing the 7MS PURGE! I've got a back log of episodes banked and I want to get caught up for the new year. So I'm going to release one (or maybe more) episodes per day between now and 2016. Plus (spoiler alerts!) in 2016 we're moving to a Monday/Wednesday/Friday release schedule. Yep, 7MS three times a week - thanks for the idea, mom!
121: Migrating from Tumblr to Ghost - Part 2
Part 2 concludes my journey in moving 7ms.us from Tumblr to a Digital Ocean droplet running Ghost. Here are the key resources mentioned during the podcast: How to run multiple Ghost blogs on one DI VPS. The key takeaway here was that I had to upgrade to the $10 droplet (I did a "flexible" resize to add more proc/memory) and then the second instance of Ghost installed fine. Turning on CloudFlare SSL was easy. I chose flexible SSL since I wasn't using a "real" cert. I also wrote a rule to force HTTPs for all connections.
122: OFFTOPIC-An Apology to Elephants
This episode is about a documentary called An Apology to Elephants. It's all about the treatment (or mistreatment) of elephants, and the main message of the movie is, "Please don't go to the circus when it's in town, because you're supporting elephant abuse." Even if that message was a little heavy handed, I certainly will pass on tickets next time a circus act comes through town.
123: Doing a "Redo" Assessment
This episode talks about my experience in doing a "redo" security assessment, during which I struggled with the following questions: what's the best way to efficiently correct the erroneous information and make the customer happy without asking ALL the original questions over again? Especially when I have little to no time to prepare for the "redo" interview?
This episode is 90% a rant about how annoying carry-on luggage and air travel can be, and a 10% sprinkling of security sauce mixed in. Hence: sprinkles.
125: Securing Your Life - Part 2
Way back in episode #93, I talked about things you can do to secure your life (mortgage review, adequate insurance, estate planning, investments, etc.). This episode continues that train of thought and covers: getting the right amount of life insurance, getting the right home/auto coverage, as well as estate planning.
126: Get Your Name Out There
This episode isn't about infosec exactly, but it talks about how using public resources like LinkedIn, Twitter and blogs to boost your "brand" (though I hate that word) and help you get more connected to the infosec community, job leads and more!
127: Intro to HIPAA Assessments
This episode covers a few HIPAA tidbits I picked up while preparing for - and executing - a HIPAA security assessment.
128: Transparency is King
In this episode, I talk about a restaurant infosec assessment I did, and how the recommendations coming out of that assessment didn't fit the standard "mold." I also talk about how being transparent and helpful - and NOT billing clients for every tiny little thing - is king.
129: Embarrassing Stories
In this episode I talk about face-planting in my office at the first job I had out of college.
130: Sqlmap and Sqlninja FTW
This episode talks about some fun I had using sqlmap, and how using it in conjunction with Sqlninja makes me happy to be alive.
131: How to Attempt a Two Week Pentest in Two Days
The title says it all. I had two days to pentest a network that probably would've taken two or more people two weeks or more. I laughed. I cried. I had fun.
132: I Got a New Job - Part 1
This is a four-part series about my transition to a new job! The topics are as follows: Part 1: When it may be time to look for a new job (or not) Part 2: How to stand out during phone screenings and interviews Part 3: How to gracefully transition from old job to new job Part 4: Here's what I'm doing in my new gig!
133: I Got a New Job - Part 2
This is a four-part series about my transition to a new job!
134: I Got a New Job - Part 3
This is a four-part series about my transition to a new job!
135: I Got a New Job - Part 4
This is a four-part series about my transition to a new job!
136: Python for Newbs
One skill that's been kind of a hinderance in my IT/security career is I have exactly zero experience in programming/coding. Zero. Zip. Nil. Nada. Nothing.. But I'm trying to remedy that in 2016 by learnin' me some Python, and I picked up a great book called Python Crash Course, which has been exactly what this newb needed. At the time of publishing, you can get 30% off with the coupon code CRASHCOURSE!
137: OFFTOPIC - Welcome to Leith
This off-topic episode talks about one of the most gripping and disturbing documentaries I've ever seen. Welcome to Leith, in a nutshell, asks the question: What would you do if a white supremacist group moved in next door?
138: OFFTOPIC - The Hateful Eight
Looks like I'm one of the few people in the world who did NOT love this movie. I found it painful slow and claustrophobic. #disappointed.
139: Securing Your Life - Part 2
Back in episode #93 I talked about securing your life - in other words, asking yourself "What would happen if I was dead right now? Do I have adequate insurance? Are my finances in order? How about estate planning?" This episode continues that train of thought, and I share some new changes I've made in my "life security" department.
140: OFFTOPIC - Video Games I'm Currently Playing
This episode talks about some cool video games I've been playing lately: * Metal Gear Solid Phantom Pain (Xbox 360) * Rise of the Tomb Raider (Xbox 360) * Luminocity (iPhone) * Super Mario Maker (Wii U) I recommend 'em all!
141: Happy (Belated) New Year!
Happy (belated) new year! This episode is more of a "What am I listening to, a PBS telethon?!" kind of thing, and I'm sorry for that. But I want to cover: * Scheduling changes for 2016 - we're gonna be 3 times a week! * A new documentation project I'm working on called BPATTY (Brian's Pentesting and Technical Tips for You) * A way you can support the podcast financially.
142: OFF-TOPIC - Media Servers and Making a Murderer
This off-topic episode covers: * Media servers - I'm a newb in this area and could use your help in setting up a config that actually works! * Making a Murderer - this is a fantastic show!
143: Friday Infosec News and Links Roundup
144: Shoulder-Surfing with Seasoned Pentesters
I recently had the opportunity to shoulder-surf with some seasoned Webapp pentesters, and wanted to share what I learned about their tools, techniques and methodologies.
145: OFF-TOPIC - Sicario and The Walk
In today's off-topic episode I review two movies: Sicario and The Walk.
146: Friday Infosec News and Links Roundup
147: DIY Hosted Mutillidae
In this episode I talk about how to build a cheap hosted Mutillidae server to safely hack away on while keeping other Internet prowlers out.
148: OFF-TOPIC - Apple Watch Review
Yep, there are tons of people/blogs/magazines/children/pets who have provided reviews of the Apple Watch. This is mine.
149: Securing Your Life - Part 3
This episode continues the series on securing your life - making sure all the security stuff related to your life is in order. Today we're particularly focusing on preparing to travel. What if (God forbid) the plane goes down? Who has access to your money, passwords, etc.?
150: OFFTOPIC-Bone Tomahawk / Goodnight Mommy / Comedy Loves Misery
151: Friday Infosec News and Links Roundup
152: Review of the Almond 2015 Wireless Router
This is a mini-review of the Almond 2015 router by Securifi. This is NOT a paid advertisement or endorsement.
153: Ex Machina (and special musical guest)
Today's episode is a movie review of Ex Machina (how the FRICK do you pronounce that?) and closes out with special musical guest, Sweet Surrender!
154: Friday Infosec News and Links Roundup
155: Million Dollar Pentest Idea, Notepad Tricks and LL Bean Jackets for Dogs
Things discussed today:
- We could make 1 million dollars if we made a tool that could correlate data from all the popular pentesting tools.
- The differences in vuln descriptions between AppSpider and Nexpose really grind my gears!
- My parents' dog wears a 50 dolalr LL Bean jacket - wha?
156: OFF-TOPIC - 3 Ways to be a More Connected Parent
I never thought working from home would make it harder to transition to "home time" when the clock strikes 5 p.m. Today's episode discusses 3 ways I'm trying to be a more connected parent.
157: Infosec News and Links Roundup
158: Pentesting in a Vacuum
How do you keep 20 Kali boxes setup with Metasploit Pro and updated without any access to the Internet? Carefully, I guess :-). In today's episode I talk about some of those challenges, as well as progress made thus far.
159: OFF-TOPIC - What Size Company is Right for Me? (and a review of the Steve Jobs movie)
People have been writing in asking if they should work in a huge company or a small consulting/IT shop. I think they both have their pros and cons, but in this episode I attempt to oversimplify the decision with this question: How many hats do you want to wear?
160: Infosec News and Links Roundup
161: DIY Wifi Network Graphing & Dojo Scavenger Vulnerable Webapp
Back in episode 157 I mentioned talked about a great article that walks you through using Kali to create a map of the wifi networks around you. I had a need to go through this exercise over the weekend, so here's my condensed walkthrough.
162: OFF-TOPIC - Deadpool
This episode is a mini review of DEADPOOL! I had a huge reservation about Deadpool before seeing it, but the film squashed it...and has restored my faith in the superhero franchises! I give it an A!
163: Infosec News and Links Roundup
164: Pentesting in a Vacuum - Part 2
This is a continuation of episode #158, in which I described my challenges in creating a 20-server Kali environment with no Internet access.
165: DIY Podcast
Well, my first choice for topic today (DIY retro gaming console) fell through (ARGH!) so today I chat about another topic people ask about: what tools/services go into making a podcast. Here's my setup in a nutshell.
166: Infosec News and Links Roundup
167: My Misadventures with SOAP Web Services
TLDR: Before I'd do another SOAP Web services test, I'd ask (demand) the following from the dev team:
- WSDLs for all services in scope
- SoapUI project file populated with valid request for each Web service (so I can distinguish responses and app behavior).
168: Upgrading and Securing Your Digital Ocean Ghost Blog
This weekend, while I was comforting my barfing son, I did some securing and tune-up work on this blog, which is a Ubuntu Digital Ocean droplet running on the Ghost blogging platform. Here's the spit and polish that was applied.
169: Infosec News and Links Roundup
170: Pentesting in a Vacuum - Part 3
This weekend I was tasked with pentesting a subset of a few specific hosts, and also running some scenarios such as "An attacker has a presence on one of the machines, what can he do to further grab creds/info and use that to escalate permissions/privs in the environment?"
171: OFF-TOPIC - Easter Music
This is probably the most off-topic of all off-topic episodes - in that the topic isn't really a topic at all. Instead, I offer up two of my favorite worship songs to get us in an Easter mindset for the weekend. Have a listen.
172: Infosec News and Links Roundup
173: DIY SSH Honeypot with Kippo
Interested in having some fun with Kippo (an SSH honeypot) on your Digital Ocean server? Here's a super fast getting started guide.
174: DIY SSH Honeypot with Kippo - Part 2
In this episode I took my Kippo installation to the next step by incorporating mysql.
175: Infosec News and Links Roundup
176: DIY SSH Honeypot with Cowrie
Recently I covered the Kippo SSH honeypot and a few folks brought to my attention that this project was a little long in the tooth, and had been superseded by Cowrie. So this episode focuses on Cowrie!
177: A Not Totally Sucky Way to Backup and Share Photos
In this episode I talk about a not completely sucky way to backup and share photos seamlessly (almost) from multiple phones.
178: Infosec News and Links Roundup
179: Bring New Life to an Old Mac with OSX Server
In this episode I talk about how I took my aging Mac Mini and gave it some reasons to live! By installing a 20 dollar app you can make your old Mac cache software updates, host Time Machine network backups, become a DHCP/DNS server, push iPad policies and more!
180: Vulnhub Walkthrough - Skydog CTF
The following is a semi-spoilerish walkthrough of the Skydog CTF VM from Vulnhub by James Bower.
181: Infosec News and Links Roundup
182: Vulnhub Walkthrough - SickOs
The following is a semi-spoilerish walkthrough of the SickOs VM from Vulnhub by D4rk.
183: OFFTOPIC-The Invitation
A movie review of The Invitation.
184: Infosec News and Links Roundup
185: Vulnhub Walkthrough - Lord of the Root
The following is a semi-spoilerish walkthrough of the Lord of the Root VM from Vulnhub by KookSec.
186: OFFTOPIC - Reviews of Brooklyn and The Revenant
Today's off-topic episode contains two mini movie reviews Brooklyn and The Revenant.
187: Infosec News and Links Roundup
188: Vulnhub Walkthrough - DroopyCTF
The following is a semi-spoilerish walkthrough of the DroopyCTF VM from Vulnhub by Knightmare.
189: OFFTOPIC - Reviews of The Family Fang and Tumbledown
Today's off-topic episode features two mini movie reviews: The Family Fang and Tumbledown.
190: Infosec News and Links Roundup
191: Vulnhub Walkthrough - Kevgir
193: News and Links Roundup
194: Vulnhub Walkthrough - Simple
195: Why AppSpider is Grinding My Gears
This episode is why AppSpider is grinding my gears right now. I have found a site that, when scanned, will cause AppSpider to go ka-blooooey!
196: News and Links Roundup
197: Vulnhub Walkthrough - SickOS 1.2
198: Two Pretty Cool Pentest Stories
One about finding a XXE vuln in a popular commercial product.
One about an employee who did a Webapp pentest on a product as it was being pitched to him
199: News and Links Roundup
200: Vulnhub Walkthrough - Milnet
201: OFF-TOPIC - Audio Clip Extravaganza
In this first ever 7MS audio clip extravaganza, I offer the following two mini-journeys for your ears:
I get my young son red hot mad at me as I sing I See the Moon and even some Beyonce tunes to cheer him up.
I entered a contest to remix a Barenaked Ladies song (Easy), but they wouldn't even accept my entry! Maybe you will :'(
202: News and Links Roundup
204: OFF-TOPIC - IT Horror Stories!
Today's off-topic show is one of my favorite IT horror stories, featuring a red-hot angry lawyer who was having password issues. I had the joy of dealing with his hair-trigger temper on a Saturday over a crappy cell phone connection.
205: News and Links Roundup
206: Vulnhub Walkthrough - Stapler
The following is a semi-spoilerish walkthrough of the Stapler VM from Vulnhub by g0tmi1k.
207: Vulnhub Walkthrough - Sidney
The following is a semi-spoilerish walkthrough of the Sidney VM from Vulnhub by Knightmare2600.
208: OFF-TOPIC - The Jackwagon Who Stole My Drums!
This off-topic episode is about a "friend" (I'm using air quotes) of mine who stole a set of drums from me. Then he sold them for dirt cheap, promised to pay me back (but didn't) and force me to take him to court. "Fun stuff!" Brian said sarcastically! Tune into today's episode to see where this heated legal battle is at.
209: News and Links Roundup
210: Vulnhub Walkthrough - Mr. Robot
The following is a semi-spoilerish walkthrough of the Mr. Robot VM from Vulnhub by Jason (couldn't find a link for him! Hrmm....mysterious!).
211: OFF-TOPIC - IT Horror Stories - Part 2
In today's episode I share some big news (SPOILER ALERT: I'm building a vulnhub.com vulnerable VM!) and also tell you about a client that was happy to pay me to watch progress bars for hours, but not happy to give me a 15 minute break for dinner.
212: News and Links Roundup
213: Building a Vulnerable VM (The Prequel)
In this episode, I share a short list of virtual landmines you'll want to avoid when building your vulnerable VM for vulnhub.com.
214: News and Links Roundup
215: Installing Ubiquiti EdgeRouter X and AP - Part 1
In today's episode I kick off a multi-part series on ditching my previously beloved Almond router in lieu of a Ubiquiti Edge Router X and access point.
216: News and Links Roundup
217: Installing Ubiquiti EdgeRouter X and AP - Part 2
Continuation of the series started in episode #215.
218: OFF-TOPIC - My Top 5 Favorite and Least Favorite Things About The Division
In today's off-topic episode I talk about my 5 favorite (and least favorite) things about Tom Clancy's The Division for Xbox One. Topics include: dumb boss battles, phantoms and floaters, and unnecessary celebrations.
219: News and Links Roundup
220: Installing Ubiquiti EdgeRouter X and AP - Part 3
Conclusion of the Ubiquiti series - see #215 and #217 for parts 1 and 2.
221: News and Links Roundup
222: OFF-TOPIC - THE FINAL CHAPTER!
This episode is the good/bad news of why I won't be doing off-topic episodes anymore.
223: Vulnhub Walkthrough - Tommy Boy
The following is a semi-spoilerish walkthrough of the vulnerable Tommy Boy VM, hosted on Vulnhub.
224: DIY 500 Dollar Pentesting Lab - Part 1
This episode is part 1 of a series all about setting up a virtual pentesting lab for about 500 bucks. We're kicking off the series with a segment on selecting hardware, getting ESXi installed to a USB drive and then getting all the components hooked up and powered on.
225: DIY 500 Dollar Pentesting Lab - Part 2
This episode is part 2 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Today we walk about the network/storage configuration.
226: DIY 500 Dollar Pentesting Lab - Part 3
This episode is part 3 of a series all about setting up a virtual pentesting lab for about 500 bucks. Part 1 talked about getting the necessary hardware purchased and assembled. Part 2 covered network/storage configuration.
227: Lets Encrypt - Installing SSL Certs for Nessus and Ubiquiti Unifi
Back in episode #220 I went through how to get a cloud-hosted UniFi controller setup so you could do cool things like implement a voucher system for your guests. A next natural step is securing the controller with a proper SSL cert, and thanks to this great article from Steve Jenkins, it's not as hard as it might look. I use it as the backbone of my video demo.
228: Fun with Bettercap
All about installing, configuring and using Bettercap.
229: Intro to Docker for Pentesters
I know I'm old and unhip, but I just got turned on to Docker, and in this episode I wanted to share two cool ways to use it to beef up your pentest skills.
230: Pentesting OWASP Juice Shop - Part 1
231: Pentesting OWASP Juice Shop - Part 2
232: Pentesting OWASP Juice Shop - Part 3