Today I talk about a subject I love while also driving me crazy at the same time: building a pentest training course! Specifically, I dissect a fun/frustrating GPO attack that I need to build very carefully so that every student can pwn it while also not breaking the domain for everybody else. I also talk about how three different flavors of AI failed me in solving a simple task.

Hi friends, we’re doing something today we haven’t done in a hot minute: take a dip into the 7MinSec mail bag! Today we cover these questions:

• If I’m starting a solo business venture as a security consultancy, is it a good idea to join forces with other solo security business owners and form a consortium of sorts?
• Have you ever had anything go catastrophically wrong during a pentest? Yes, and this is an important link in the story: https://github.com/fortra/impacket/issues/1436
• What ever happened with the annoying apartment neighbor who stomped around like a rhino when you made any noise during COVID?
• What happened to the “difficult family situation” you vaguely talked about a few months ago that involved police and lawyers – did that ever get resolved?

Oh man, I’m so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.

Today’s kind of a “story time with your friend Brian” episode: a tale of how my neighbor almost got scammed out of $13k. The story has a lot of red flags we can all keep in mind to keep ourselves (as well as kids/friends/parents/etc.) safer from these types of shenanigans.

Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!

This week I’m working on a mixed bag of fun security and marketing things:

• A pentest I’m stuck on
• My latest lab CTF obsession: Ninja Hacker Academy
• A cool “about 7MinSec” marketing video that was recorded in a pro studio!

Today’s episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore:

• Living will
• Buried vs. cremated?
• Funeral plans
• Funeral PHOTOS?

I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.

Today Joe “The Machine” Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.