Hey friends! After last week's heavy episode about my wife's health scare in Punta Cana, today's is a lighter one. (Quick update: she's doing better – still recovering, but appetite's back and she's got some pep again. Thanks so much to everyone who sent kind messages.)

Today I'm gushing about how AI has been making my IT and security life way more efficient:

• Firewall migration: Had AI walk me through a WatchGuard T15W → T25W migration (no clean config export path). AI captured everything – screenshots, branch office VPN, VLANs, firewall rules, DHCP reservations – all organized and replayed step-by-step. The whole project took ~1 hr 15 min (plus 30 min hunting down a subnet typo that was 100% my fault).
• GOAD lab automation: Worked with AI to build a script that handles the full lifecycle of my Light Pentest GOAD student lab – tear it down, rebuild from latest, assign Tommy Boy-themed passwords and sync user accounts to the Apache Guacamole and lab connections. Speaking of which – Light Pentest GOAD class will be re-offered soon once the calendar firms up!
• External pentest wrapper scripts: Finally automated the boring auxiliary testing stuff – nmap, Shodan API, Nessus queuing, subdomain hijacking checks, metadata searches, cred spraying against M365, sysleaks lookups – all correlated and deduplicated into one push-button menu.
• SysReptor automation: If you're not using SysReptor for reporting, check it out. Piping JSON findings straight into reports via API as I test has been a game-changer. A webinar on this might be in 7MinSec's future.

Got cool ways you're using AI for IT/security work? We'd love to hear them!

Hello friends! Today's episode is a bit of a detour from our usual content — it's part vacation horror story, part security/privacy confession. My wife got seriously ill during our spring break trip to Punta Cana, and in the chaos of navigating a foreign hospital at 2 a.m. with zero sleep and a pile of Spanish medical documents, I threw every privacy best practice I've ever preached straight into the ocean. Here's what we cover:

• How a dream all-inclusive resort trip turned into an ambulance ride and a 3-day hospital stay faster than you can say "gastroenteritis"
• Why I uploaded my wife's full medical history, labs, and medication records to AI — unredacted (with no regrets)
• How AI helped me translate docs, track lab trends, brief stateside nurses, and build a full medication schedule with phone reminders (helpful considering the hospital staff's answer to everything was "sorry, no English")
• The absolute legend named Luis who got us through Punta Cana airport security in 15 minutes flat
• Why if you're ever the person back home receiving updates about a medical emergency overseas, Google is not your friend
• My honest security take: sometimes the right risk-based decision is to breach yourself

Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I'd never seen before. Tips include:

• Use Netexec to pull Powershell history
• Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share
• This post featured interesting use of the Responder -N option