Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very carefully so that every student can pwn it while also not breaking the domain for everybody else. I also talk about how three different flavors of AI failed me in solving a simple task.

Hi friends, we’re doing something today we haven’t done in a hot minute: take a dip into the 7MinSec mail bag! Today we cover these questions:

• If I’m starting a solo business venture as a security consultancy, is it a good idea to join forces with other solo security business owners and form a consortium of sorts?
• Have you ever had anything go catastrophically wrong during a pentest? Yes, and this is an important link in the story: https://github.com/fortra/impacket/issues/1436
• What ever happened with the annoying apartment neighbor who stomped around like a rhino when you made any noise during COVID?
• What happened to the “difficult family situation” you vaguely talked about a few months ago that involved police and lawyers – did that ever get resolved?

Oh man, I’m so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.