7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
Hey friends! Quasi-vacation week over here, so today's episode is lighter and more personal: just a story about how I turned my phone into a "brick" (kind of) and what that's done for my mental health over the past week. The product is called Brick (getbrick.com). Not sponsored, no discount code — just something I've genuinely been enjoying. It's a $50 NFC dongle + app that lets you "brick" your time-waster apps until you physically tap the brick again. Here's what stood out: The physical separation is the magic. Other digital-wellbeing apps just need a code to unlock — Brick makes you walk to wherever the dongle lives (mine's on the fridge) and tap your phone to it. That extra step is enough to break the habit mid-flight. I caught myself doing three or four Pavlovian pocket checks an hour, on autopilot, with zero notifications waiting. "Junk food for the eyes" realization. First day I bricked socials until end of day → felt great. Then I unbricked, sat down, and spent 25 minutes catching up on everything I "missed" → felt noticeably worse afterward. Scheduling is a sleeper hit. You can set the phone to auto-brick on a schedule — no physical tap needed. Mine kicks in from 9pm to 8am. Result: calm wake-up with my wife and son, no email triage in the school drop-off line, and my "work brain" doesn't fire until 8am. One-to-many is a real win. A single Brick works across household members, each with their own app profile. My oldest son Cam (deep in paramedic-school crunch) tried it for a study session and reported the same thing — reaching for his phone between turning book pages, for no reason at all. He even left for evening class with his phone still bricked and decided not to burn an emergency unbrick. Emergency unbricks are scarce by design. You get five total and that's it! The stats are anti-shaming. Instead of the dreaded Sunday-morning "your screen time is up 10%" notification, you get to see number of hours you spent in brick mode. Love that! Want to see screenshots and hear more about Brick? Hop over to 7MinSec.club — this week's Tuesday TOOLSday was all about Brick. Got a digital-wellbeing tool you swear by? Let us know!
5/15/26 • 23:51
Hello friends! Picking up the AI-automation series from a couple weeks back — here's another batch of scripts and integrations that have been giving me precious minutes (and sanity) back. Yes, I had to upgrade to Claude Max. No, I'm not trying to automate myself out of a job — just freeing up bandwidth for the more interesting parts of work/life. QuickBooks invoice automation: Got tired of the eight-factor login plus click-fest just to send a few invoices. Now I run a PowerShell menu — type the client name, pick the project, enter the amount, hit Enter — done in ~30 seconds. The QuickBooks dev onboarding (security questionnaire, IP allowlist) was actually a bigger time sink than the script itself. Password Pusher API integration: A menu-driven PowerShell script that prompts for a label, pops an Explorer window to grab the files, optionally adds a password, then auto-drafts the client email with the secure link filled in. A few minutes saved each time, a couple times a day — adds up to some nice time saved! Basecamp + Claude: Linked Basecamp into a Claude project so I can ask plain-English questions like "what personal project tasks are due this month?" or just voice-note a new task while I'm in the car. Honestly the biggest win is anxiety reduction — once it's in Claude, it's out of my always-simmering pressure cooker of a brain. Blumira agent auto-installer for the GOAD lab: I revert the GOAD lab to vanilla a couple times a week, which means re-installing Blumira agents constantly to show clients the attack/defense telemetry side. Wrote a Kali-side script that uses NetExec over WinRM to check each box for the Blumira service and push the installer if it's missing. (Tried SMB exec first, but escaping got wonky on the PowerShell one-liner.) Bonus: Blumira's dashboard auto-removes agents that haven't phoned home in 24 hours, which is a perfect fit for a lab that's constantly getting nuked. Auphonic + API for podcast production: This one's a little meta. Old workflow: record → drag into Hindenburg/GarageBand → manually line up intro and outro → noise reduction → export. New workflow: one terminal script that previews the first and last few seconds so I can trim silence, ships the audio to Auphonic via API, and returns a cleaned-up, levels-corrected MP3 plus a full transcript and auto-generated chapter markers. (If your podcast app supports chapters (like Downcast) pop open this episode or #720 and you'll see them.) Next step: pipe the transcript straight into Claude for a show notes first draft. One quick personal note before I run: my oldest son just landed an EMT job with a great Minnesota medical network, and is wrapping up paramedic school in a few months. I cried some happy dad tears today.
5/8/26 • 25:03
Hey friends! Today's another Tales of Pentest Pwnage! Quick tangent first on a couple side projects: I've got a music thing at quack.house (like the duck noise, not the drug) and a podcast with my dancer son Atticus at DadOfADancer.com. Speaking of Atticus — he just landed a spot in Master Ballet Academy's summer program in Phoenix, and I am a very proud dance dad over here. OK, on to the pentest: A weird runas quirk: If your AD test account password ends in a percent sign, runas seems to misbehave (Claude thinks Windows is interpreting the % as a variable delimiter). Workaround: runascs.exe, which wraps your tool launch with creds inline. Worked like a champ — notes over on the 7MinSec.wiki. Standard first pass: PingCastle for the AD overview, then Snaffler for share crawling, with Chimas as a nicer web UI for searching the Snaffler JSON. The "Snaffler missed something" moment: Snaffler is great but it primarily uses pattern matching, so manual review of interesting directories still matters. I found a PowerShell script with a funky obfuscation routine, fed it to Claude for context, tracked down the function definition, and ended up decrypting a local admin password. Going loud: SMB-sprayed that cred across the subnets → handful of machines popped → ran a deeper, targeted Snaffler against just those boxes → enumerated sessions and spotted a domain admin interactively logged in. Plan A fizzled: Wanted to pull off a favorite trick — sneak in via WinRM and queue a scheduled task as the logged-in DA (no password needed). WinRM was disabled. Oh fart. Plan B — the "trap" file: Dropped a malicious .library-ms file directly into the DA's desktop folder. No clicks required — just the desktop being open is enough to trigger an HTTP coercion to my evil box. (Caveat: I think you need a DNS record or computer object that the victim box trusts as "intranet zone.") The escalation: Had ntlmrelayx standing by, ready to relay to LDAP on a DC. The coerced auth fired the moment the "trap" file landed on disk. An interactive LDAP shell fired in the DA's context, and I used it to add my low-priv account to the Domain Admins group. Defense angles: Rather than chase each technique individually (LDAP signing, web client GPOs, library-ms neutralization, etc.), I like to back up to the systemic fixes that break the chain earlier. Big ones here: deploy LAPS so a single decrypted local admin password isn't a master key everywhere, and a thorough sweep for sensitive data and custom obfuscation routines hanging out on shares. Got thoughts on any of this? Shoot 'em over — I always love hearing how you'd have tackled things differently.
5/1/26 • 43:44
Hey friends! This week's episode is "Baby's First OpenClaw" – basically me shouting into the void hoping a smart listener will DM me and explain why this thing is supposed to be life-changing. Because right now? I'm a little underwhelmed. Here's the journey so far: The Mac mini quest: After seeing OpenClaw all over my feeds (people curing diseases! solving crimes!), I caved and impulse-bought a Mac mini. They were sold out everywhere, so I ended up paying twice what I wanted. Ick. Surprise MDM: First boot on the shiny new Mac, I found it auto-pre-enrolled in some other company's MDM with full remote control. Massive props to the Amazon seller for getting the serial untagged in Apple's database within an hour, so I could wipe and reinstall fresh. Pro tips for using Claude on projects like this: (1) give it a few paragraphs of context up front about who you are and what you want, and (2) have it maintain a README.md as you go so you don't lose context when you come back to the project later. Security-forward OpenClaw setup: Separate admin and daily-driver accounts, enable FileVault, isolate the box, run OpenClaw as a limited user, lock down Telegram so only my user ID can talk to the bot (apparently strangers have found other folks' bots and started issuing shell commands – yikes). The underwhelm: So far OpenClaw can check my email (or I can open my email app)… add a calendar event (or I can open Outlook)… write a script (or I can fire up Claude Code). And a lot of the juicier integrations are flagged as suspicious. So overall, I'm kind of gun-shy around this very expensive chat bot. This is a call for help, friends! If you're an OpenClaw power user and it's made your life meaningfully better, please reach out and help me see the light.
4/24/26 • 28:54
Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better – still recovering, but appetite's back and she's got some pep again. Thanks so much to everyone who sent kind messages.) Today I'm gushing about how AI has been making my IT and security life way more efficient: Firewall migration: Had AI walk me through a WatchGuard T15W → T25W migration (no clean config export path). AI captured everything – screenshots, branch office VPN, VLANs, firewall rules, DHCP reservations – all organized and replayed step-by-step. The whole project took ~1 hr 15 min (plus 30 min hunting down a subnet typo that was 100% my fault). GOAD lab automation: Worked with AI to build a script that handles the full lifecycle of my Light Pentest GOAD student lab – tear it down, rebuild from latest, assign Tommy Boy-themed passwords and sync user accounts to the Apache Guacamole and lab connections. Speaking of which – Light Pentest GOAD class will be re-offered soon once the calendar firms up! External pentest wrapper scripts: Finally automated the boring auxiliary testing stuff – nmap, Shodan API, Nessus queuing, subdomain hijacking checks, metadata searches, cred spraying against M365, sysleaks lookups – all correlated and deduplicated into one push-button menu. SysReptor automation: If you're not using SysReptor for reporting, check it out. Piping JSON findings straight into reports via API as I test has been a game-changer. A webinar on this might be in 7MinSec's future. Got cool ways you're using AI for IT/security work? We'd love to hear them!
4/17/26 • 28:00
Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip to Punta Cana, and in the chaos of navigating a foreign hospital at 2 a.m. with zero sleep and a pile of Spanish medical documents, I threw every privacy best practice I've ever preached straight into the ocean. Here's what we cover: How a dream all-inclusive resort trip turned into an ambulance ride and a 3-day hospital stay faster than you can say "gastroenteritis" Why I uploaded my wife's full medical history, labs, and medication records to AI — unredacted (with no regrets) How AI helped me translate docs, track lab trends, brief stateside nurses, and build a full medication schedule with phone reminders (helpful considering the hospital staff's answer to everything was "sorry, no English") The absolute legend named Luis who got us through Punta Cana airport security in 15 minutes flat Why if you're ever the person back home receiving updates about a medical emergency overseas, Google is not your friend My honest security take: sometimes the right risk-based decision is to breach yourself
4/10/26 • 48:56
Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include: Use Netexec to pull Powershell history Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share This post featured interesting use of the Responder -N option
4/3/26 • 33:23
Hola friends! Today's another fun tale of pentest pwnage. This time we started with no credentials and then set off on the bumpy journey from no-cred zero to domain admin hero! One specific reference in today's podcast that may be helpful to you is setting up ntlmrelayx to listen on port 3128.
3/27/26 • 20:13
Hello friends! We're back with a fun tale of internal network pentest pwnage. This one highlights how AI can be used (with some guardrails!) to automate the boring stuff – and even help you pick part DLLs to find gold nuggets! P.S. – I do recommend you check out our last three episodes that are all about securing your community, and please check out this Rolling Stone article which will give you a full picture of what has been going on in Minnesota as it relates to the occupation of ICE agents.
3/20/26 • 22:11
Hello friends, in today's edition of How to Secure Your Community, I give a brief recap of part 1 and part 2, and then dive into some cool phone shortcuts you can setup so that with a single tap, you can alert friends/family that you're having an encounter with law enforcement and may need an assist. Here's the things/links discussed: This great Rolling Stone article which features interviews and first-hand stories of ICE encounters here in Minnesota Fashlight.org page on security and privacy, which features some cool shortcuts you can setup on iPhone to alert friends/family that you're having a negative encounter with law enforcement (or anyone else) How I allegedly stole somebody's quesadilla while I was at the movie theater seeing Scream 7 The one time my wife had an outburst in the middle of a church service
3/13/26 • 31:13
Hello friends. Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support Haven Watch. They give rides/food to people who are detained by ICE and then cut loose – often without their jackets or phones – into the cold of winter with no ride home. Today I pivot more into the technical weeds and offer some tips on: Securing your Signal app config Hardening your iPhone config via lockdown mode
3/6/26 • 37:10
Hello friends, it's good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge. Today I share how my family and community has been affected by it. And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper – such as tightening up security settings on apps you use, "hardening" your phone, increasing your personal security/privacy posture, and more.
2/27/26 • 51:44
Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club. It's a temporary break, so please don't unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities. Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want to in the future), nothing has changed there. It's business as usual. Looking forward to reconnecting with you and providing more updates as soon as possible.
1/17/26 • 04:11
Hey friends, in episode #649 I gave you my first impressions of Twingate. It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don't forget: Our pentest class is coming up at the end of the month – more info here. We do a Tuesday TOOLSday video every Tuesday over at 7MinSec Club.
1/10/26 • 20:20
After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I'd keep this momentum up and share another story of fail with you – this time about a Web app pentest that went south.
1/2/26 • 25:42
Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com. Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!
12/26/25 • 14:03
I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the 7MinSec Club episode we did on the topic this week. Also, our January Light Pentest LITE:GOAD class is open for registration here!
12/19/25 • 29:18
This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing campaign that had plenty of "bites" but got immediately shut down – for reasons I still don't understand.
12/12/25 • 21:38
Hola friends! My week has very much been about trying to turnaround pentest dropboxes as quickly as possible. In that adventure, I came across two time-saving discoveries: Using a Proxmox LXC as a persistent remote access method Writing a Proxmox post-deployment script that installs Splashtop on the Windows VM, and resets the admin passwords on both VMs, all from the Proxmox SSH console without touching the console on either VM If you feel some of this is better seen than said, on this week's 7MinSec.club Tuesday TOOLSday broadcast we show this in more detail.
12/5/25 • 24:46
Happy Thanksgiving week friends! Today we're celebrating a turkey and pie overload by sharing another fun tale of pentest pwnage! It involves using pygpoabuse to hijack a GPO and turn it into our pentesting puppet! Muahahahahaah!!!! Also: This week over at 7MinSec.club we looked at how to defend against some common SQL attacks We're very close to offering our brand new LPLITE:GOAD 3-day pentest course (likely in mid-January). It will get announced on 7MinSec.club first, so please make sure you're subscribed there (it's free!) Did you miss our talk called Should You Hire AI Run Your Next Pentest? Check it out on YouTube!
11/28/25 • 22:16
Hello friends, in today's episode I give an audio summary of a talk I gave this week at the MN GOVIT Symposium called "Should You Hire AI to Run Your Next Pentest?" It's not a pro-AI celebration, nor is it an anti-AI bashing. Rather, the talk focuses on my experiences using both free and paid AI services to guide me through an Active Directory penetration test.
11/21/25 • 21:22
Hello friends! This week I'm talking about what I'm working on this week, including: Preparing a talk called Should You Hire AI to Run Your Next Pentest for the Minnesota GOVIT Symposium. Playing with Lithnet AD password protection (I will show this live on next week's Tuesday TOOLSday). The Light Pentest logo contest has a winner!
11/14/25 • 18:29
Today is episode 700 of the 7MinSec podcast! Oh my gosh. My mom didn't think we could do it, but we did. Instead of a big blowout with huge news, giveaways and special guests, today is a pretty standard issue episode with a (nearly) 7-minute run time! The topic of today's episode is Pretender (which you can download here and read a lot more about here). The tool authors explain the motivation behind the tool: "We designed pretender with the single purpose to obtain machine-in-the-middle positions combining the techniques of mitm6 and only the name resolution spoofing portion of Responder." On a recent pentest, I used Pretender's "dry run" mode to find a hostname (that didn't exist) that a ton of machines were querying for, and poisoned requests just for that host. This type of targeted poisoning snagged me some helpful hashes that I was able to crack/relay, all while minimizing the risk of broader network disruption!
11/7/25 • 08:02
Today we discuss some pre-travel tips you can use before hopping on a plane to start a work/personal adventure. Tips include: Updating the family DR/BCP plan Lightening your purse/wallet Validating/testing backups and restores Ensuring your auto coverage is up to snuff
10/31/25 • 30:04
Today I give a quick review of the cloud version of ProjectDiscovery (not a sponsor!).
10/24/25 • 24:33
Today your pal and mine Joe "The Machine" Skeen pwn one of the two Ninja Hacker Academy domains! This pwnage included: Swiping service tickets in the name of high-priv users Dumping secrets from wmorkstations Disabling AV Extracting hashes of gMSA accounts We didn't get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind. Going forward, I'm thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish. My first thought would be to do one long livestream where we complete NHA start to finish. Would you be interested? Let me know at 7MinSec.club, as I'm thinking this could be an interesting piece of bonus content.
10/18/25 • 13:22
In today's episode: I got a new podcast doodad I really like JitBit as a security ticketing system (not a sponsor) The Threat Hunting with Velociraptor 2-day training was great. Highly recommend. I got inspired to take this class after watching the 1-hour primer here.
10/10/25 • 27:45
Today's tale of pentest pwnage involves: Using mssqlkaren to dump sensitive goodies out of SCCM Using a specific fork of bloodhound to find machines I could force password resets on (warning: don't do this in prod…read this!) Don't forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at 7MinSec.club!
10/3/25 • 15:57
Hey friends, today I talk about how fun it was two combine two cool pentest tactics, put them in a blender, and move from local admin to mid-tier system admin access (with full control over hundreds of systems)! The Tuesday TOOLSday video we did over at 7minsec.club will help bring this to life as well.
9/26/25 • 33:11
This week your pal and mine Joe "The Machine" Skeen kept picking away at pwning Ninja Hacker Academy. To review where we've been in parts 1 and 2: We found a SQL injection on a box called SQL, got a privileged Sliver beacon on it, and dumped mimikatz info From that dump, we used the SQL box hash to do a BloodHound run, which revealed that we had excessive permissions over the Computers OU We useddacledit.py to give ourselves too much permission on the Computers OU Today we: Did an RBCD attack against the WEB box Requested a service ticket to give us local admin superpowers on WEB Performed a secretsdump against WEB Struggled to do a mimikatz dump at the end of the episode (after we ended the stream I realized I could've just done the mimikatz dump because I had local admin access! Oh well, we'll pick things up again during part 4 next month!)
9/19/25 • 28:44
