Want to learn HOW TO do something? This is a great place to start!
PODCAST: Highly Caffeinated InfoSec
Join Beau Bullock and Mike Felch as they talk about ways to learn more, network and wake up your inner hacker. See the full episode here and look at the slides here.
Podcast: Play in new window | Download
Webcast Recording: Man in the Middle Attacks
In this webcast we walked through the current super cool crop of MITM tools. We looked at Bettercap, MITMf and discussed LLMNR and WPAD poisoning attacks. Also, this was a new section of SANS 504. I like to have the updates go through an open trial first. Check it out! Enjoy and if you have questions […]
Malicious Outlook Rules in Action
Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make this happen. Although it left a few things for the reader to figure out and there was one gotcha. In this post I provide […]
Abusing Exchange Mailbox Permissions with MailSniper
Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users access to read emails from their Inbox. If a user (or Exchange administrator) isn’t careful and sets permissions incorrectly they might grant access to their […]
Advanced Msfvenom Payload Generation
Joff Thyer // It has been known for some time that an executable payload generated with msfvenom can leverage an alternative template EXE file, and be encoded to better evade endpoint defenses. Having said that, what is the standard process for producing an EXE format without using an alternative template file? If, like many […]
How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)
Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got excited: “You can get up and running with a Kali GPU instance in less than 30 seconds. All you need to do is choose a […]
WEBCAST: Attack-n-Crack Wi-Fi
Jordan Drysdale & Kent Ickler // Jordan and Kent demonstrate why there is only ONE correct way to configure your wireless networks. They also talk about the use of a web service called Wigle to profile and identify your target wireless networks, wireless hash crack theory, pre-computation of a hash file for a target SSID […]
How to Bypass Application Whitelisting & AV
Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool to consider adding to their arsenal. Application whitelisting is advantageous in that it doesn’t require constant updating of behavioral or signature based detection algorithms; you […]
Check Your Image
Lawrence Hoffman // Today I’ll walk through the process I use to verify ISO images before I install them. If you downloaded Linux Mint 17.3 Cinnamon on February 20th there’s some chance that you obtained an ISO with malware installed. The Linux Mint team posted notification on their blog on February 21st at around 2:00 […]
