A Practical Guide to BloodHound Data Collection
This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.
Network Engineering Basics
The computer networking field is broad, encompassing many focus areas similar to cybersecurity. If you’re new to the field or just interested in networking, knowing where to start can be challenging. Searching for a network engineer position on any job listing site will yield thousands of results, and no two job descriptions will be the same.
Signed, Trusted, and Abused: Proxy Execution via WebView2
An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.
Getting Started In Pentesting – Advice From The BHIS Pentest Lead
Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.
Cloud Security: Tips and Resources for Securing the Cloud
This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.
Lessons From A Chatbot Incident
Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented.
How to Lead Effective Tabletops
Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations.
Understanding GRC: How to Navigate Risks and Compliance Standards
“GRC” isn’t all witchcraft and administrative nonsense — it’s the core that drives security initiatives, connects security spend to business outcomes, and powers a well-functioning security team.
The “P” in PAM is for Persistence: Linux Persistence Technique
Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.