Want to learn HOW TO do something? This is a great place to start!
David Fletcher // Recently, while assessing a web application I noticed content on one of the pages that appeared to be derived from sensitive information stored within the site’s user profiles. To evaluate this functionality and illustrate the potential for sensitive information leakage I needed to: Enumerate the values on my profile page to create […]
Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access to an employee’s web mail, perhaps through a password spraying attack. Outlook Web App Login Your original password spray was done with a limited username […]
David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. To be vulnerable to CSRF, an attacker must be able to determine and submit all of the values necessary to execute the target transaction in […]
Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The webcast will discuss the last 15 years of wireless threats…..in less than five minutes. The other 55 minutes will cover modern defenses, Wi-Fi hardening and […]
Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a few specific servers the tester has no access to. In this situation, there is still a last-ditch option the tester can use, that being DNS […]
Jordan Drysdale // The following content is loosely based on a presentation I gave at BSides Denver. After speaking at BSides Denver, one of the audience members spent some time discussing the content with BHIS. He called the software he helped this particular data broker build “The Actual Privacy Death Star.” His claim was that […]
Benjamin Donnelly // Let’s face it: clowns are absolutely terrifying. There’s just something about the crazy hair, the white face paint, the large red nose. The unnatural appearance of a clown has the ability to chill even the best of us straight to the bone. But why is this? What is so terrifying about something […]