7 Minute Security

Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share This post featured interesting use of the Responder -N option

Hola friends! Today's another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific reference in today's podcast that may be helpful to you is setting up ntlmrelayx to listen on port 3128.

Hello friends! We're back with a fun tale of internal network pentest pwnage. This one highlights how AI can be used (with some guardrails!) to automate the boring stuff – and even help you pick part DLLs to find gold nuggets! P.S. – I do recommend you check out our last three episodes that are all about securing your community, and please check out this Rolling Stone article which will give you a full picture of what has been going on in Minnesota as it relates to the occupation of ICE agents.

Hello friends, in today's edition of How to Secure Your Community, I give a brief recap of part 1 and part 2, and then dive into some cool phone shortcuts you can setup so that with a single tap, you can alert friends/family that you're having an encounter with law enforcement and may need an assist. Here's the things/links discussed: This great Rolling Stone article which features interviews and first-hand stories of ICE encounters here in Minnesota Fashlight.org page on security and privacy, which features some cool shortcuts you can setup on iPhone to alert friends/family that you're having a negative encounter with law enforcement (or anyone else) How I allegedly stole somebody's quesadilla while I was at the movie theater seeing Scream 7 The one time my wife had an outburst in the middle of a church service

Hello friends. Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support Haven Watch. They give rides/food to people who are detained by ICE and then cut loose – often without their jackets or phones – into the cold of winter with no ride home. Today I pivot more into the technical weeds and offer some tips on: Securing your Signal app config Hardening your iPhone config via lockdown mode

Hello friends, it's good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge. Today I share how my family and community has been affected by it. And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper – such as tightening up security settings on apps you use, "hardening" your phone, increasing your personal security/privacy posture, and more.

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club. It's a temporary break, so please don't unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want to in the future), nothing has changed there. It's business as usual. Looking forward to reconnecting with you and providing more updates as soon as possible.

Hey friends, in episode #649 I gave you my first impressions of Twingate. It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don't forget: Our pentest class is coming up at the end of the month – more info here. We do a Tuesday TOOLSday video every Tuesday over at 7MinSec Club.

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I'd keep this momentum up and share another story of fail with you – this time about a Web app pentest that went south.