Want to learn HOW TO do something? This is a great place to start!
John Strand// Using threat intelligence feeds for good….instead of wasting time and money. John’s intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But, maybe there is a way we can do this better! Could we […]
Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am getting asked more and more about it. People that I had mentioned Bitcoin to back in 2013 are coming out of the woodwork to ask about […]
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this post we will walk through the changes to C2K as well as re-deploy a demo C2 infrastructure with all the new features. It is worth […]
Jordan Drysdale// Blurb: A few of us have discussed the stress that small and medium business proprietors and operators feel these days. We want to help stress you out even more. Not really, but if you aren’t worrying about IT security, you are probably doing it wrong. This series will run through some of the […]
Josh Thomas // Editor’s Note: Recently on Twitter, we asked our followers “What’s the hardest thing to get your C-level to understand regarding security?” The answers came in like a roaring flood! Hopefully, this helps you towards a path that helps improve your relationship with your c-level and in return alleviate some of those frustrations. One […]
Brian Ferman// In a previous post, titled PowerShell without PowerShell, we showed you how you can bypass Application Whitelisting Software (AWS), PowerShell restrictions/monitoring, and Command Prompt restrictions. In some cases, you might not need all of that; you might just need a way to bypass PowerShell restrictions and/or monitoring. This post presents a simple solution […]
Jordan Drysdale// HERE IT IS! Finally! For the vsagent from SANS SEC504 (only the finest InfoSec course the world has ever seen!): this is a Q&D deployment guide for the HTTP view state agent demonstrated in the SANS SEC504 labs. The README.md file in the repo has everything you need to get vsagent running for […]
Jordan Drysdale// Some days are not like others. Someday, you might get tasked with scanning a million IP addresses. Here’s how I did it: Digital Ocean. Amazon is too picky about their rules for inbound and outbound traffic. I don’t want to piss off the third or fourth largest corporation on Earth. Politically speaking, there’s […]
David Fletcher// There are a number of items that I watch on eBay. Included in that group are long range proximity card readers. As it turns out, I was recently able to pick up an HID MaxiProx 5375 reader, new in box, for less than $100. I had to buy it!! These devices were […]
