Hello friends. Today's episode piggybacks off of last week's discussion of Operation Metro Surge and how it has affected the state of Minnesota. I also highly encourage you to read this Rolling Stone article which features interviews and first-hand stories of ICE encounters. And for those of you asking for a good org to support here in Minnesota, please support Haven Watch. They give rides/food to people who are detained by ICE and then cut loose – often without their jackets or phones – into the cold of winter with no ride home.

Today I pivot more into the technical weeds and offer some tips on:

• Securing your Signal app config
• Hardening your iPhone config via lockdown mode

Hello friends, it's good to be back with you. I took a podcast hiatus in January to focus on helping communities affected by Operation Metro Surge. Today I share how my family and community has been affected by it. And then in future episodes of this series, I'll get more into some technical nuts and bolts on how to be a more secure community helper – such as tightening up security settings on apps you use, "hardening" your phone, increasing your personal security/privacy posture, and more.

Hi friends, I'm going to be taking a break from producing podcast episodes, as well as content over at 7MinSec.club. It's a temporary break, so please don't unsubscribe, unfollow, etc. I need some extra time/energy to invest in helping our friends/family/neighbors/communities in the Twin Cities.

Important note: our professional services are not impacted by this. If you have security projects going on with us now (or want to in the future), nothing has changed there. It's business as usual.

Looking forward to reconnecting with you and providing more updates as soon as possible.

Hey friends, in episode #649 I gave you my first impressions of Twingate. It's been a minute, so I thought I'd revisit Twingate (specifically this awesome Twingate LXC) and talk about how we're using it to (almost) entirely replace remote access to our datacenter servers and pentest dropboxes. Also, don't forget:

• Our pentest class is coming up at the end of the month – more info here.
• We do a Tuesday TOOLSday video every Tuesday over at 7MinSec Club.

After sharing a recent story about how a phishing campaign went south, I heard feedback from a lot of you. You either commiserated with my story, told me I wussed out, and/or had a difficult story of your own to share. So I thought I'd keep this momentum up and share another story of fail with you – this time about a Web app pentest that went south.

Today we're thrilled to announce the launch of LPLITE:GOAD (Light Pentest Live Interactive Training Experience: Game of Active Directory). The first class is coming up Tuesday, January 27 – Thursday, January 29 (9:00 a.m. – 1:00 p.m. CST each day). More information, pricing information and more can be found at training.7minsec.com. Today I talk about who should sign up for the course, what you should bring, and some of the awesome things you'll be doing should you choose to join me on this hacking adventure!

I'm so excited to share today's tale of pentest pwnage, because it brings back to life a coercion technique I thought wouldn't work against Windows 11! Spoiler alert: check out rpc2efs, as well as the 7MinSec Club episode we did on the topic this week.

Also, our January Light Pentest LITE:GOAD class is open for registration here!

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing campaign that had plenty of "bites" but got immediately shut down – for reasons I still don't understand.