Road trip time! I’ve been traveling this week doing some fun security projects, and thought all this highway time would be a perfect opportunity to take a dip into the 7MS mail bag! Today’s questions include:

• How do you price internal network penetration tests?
• Have you ever had to deal with a difficult client situation, and how did you resolve it?
• Are you done going after certs? Spoiler: no – I’m interested in doing the XINTRA labs (not sure if it includes a cert)
• Do you provide managed services or just stick with more “one and done” assessment work?
• You said the “smart business people” tell you to form reseller partnerships, otherwise you’re leaving money on the table – so why don’t you?
• I’m thinking of starting my own cybersecurity consultancy – what type of insurance do I need to protect me in case of a digital “oops?”

Today’s tale of pentest pwnage is all about my new favorite attack called SPN-less RBCD. We did a teaser episode last week that actually ended up being a full episode all about the attack, and even step by step commands to pull it off. But I didn’t want today’s episode to just be “Hey friends, check out the YouTube version of this attack!” so I also cover:

• Our first first impressions of Burp Enterprise
• Why I have a real hard time believing you have to follow all these steps to install Kali on Proxmox

Today’s prelude to a tale of pentest pwnage talks about something called “spnless RBCD” (resource-based constrained delegation). The show notes don't format well here in the podcast notes, so head to 7minsec.com to see the notes in all their glory.