Pentesting

A 19-post collection

7MS #333: Pentesting Potatoes

This week I was in lovely Boise, Idaho doing some security assessment work. While I was there I got to hang out with Paul Wilch and some of the Project7 crew and picked up a lot of cool tools and tips I share in today's episode: The Badger Infosec group »

7MS #332: Low Hanging Hacker Fruit

In this episode I'm releasing a new document aimed to help organizations eliminate low hanging hacker fruit from the environment. The document contains (relatively) cheap and (relatively) easy things to implement. And my hope is it can be a living/breathing document that will bulk up over time. Got things »

7MS #326: Interview with Ryan Manship and Dave Dobrotka

Today's episode is brought to you by my friends at Dashlane, a fantastic password manager for you, your family and your business! Head to www.dashlane.com/7ms and use the code 7MS for 10% off a year of Dashlane Premium (offer does not include Premium Plus)! Today I'm super »

7MS #319: Sniper and Firewalls Full of FUD

Today's episode is brought to you by ITProTV. Visit itpro.tv/7ms and use code 7MS to get a FREE 7-day trial and 30% off a monthly membership for the lifetime of your active subscription. In today's episode, I talk about my fun experience using the Sn1per automated pentesting tool. »

7MS #313: Push-Button Domain Admin Access

Intro As I was preparing for my Secure 360 talk a month or so ago, I stumbled upon this awesome article which details a method for getting Domain Admin access in just a few minutes - without cracking passwords or doing anything else "loud." The tools you'll need »

7MS #234: Pentesting OWASP Juice Shop - Part 5

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro Today is part FIVE (insert menacing voice: "the final chapter!!!) of our series on attacking the OWASP Juice Shop which is "an intentionally insecure webapp for »

7MS #233: Pentesting OWASP Juice Shop - Part 4

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro Today is part FOUR of our continuing series on attacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript »

7MS #232: Pentesting OWASP Juice Shop - Part 3

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro Today is part three of our continuing series on attacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript »

7MS #231: Pentesting OWASP Juice Shop - Part 2

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro Today we're continuing our series on hacking apart the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses »

7MS #230: Pentesting OWASP Juice Shop - Part 1

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro Today we're kicking of a multipart series all about hacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript »

7MS #229: Intro to Docker for Pentesters

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode! Intro I know I'm old and unhip, but I just got turned on to Docker, and today I wanted to share two cool ways to use it to beef »