Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

Gowitness, a Tester’s Time Saver

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

Read the entire post here

Dale Hobbs, External/Internal, How-To, Informational, InfoSec 201 IPv6, Machine-in-the-Middle, MITM6, ntlmrelayx, Replication-Get-Changes-All

MITM6 Strikes Again: The Dark Side of IPv6  

Dale Hobbs // As the world becomes increasingly connected through the internet, cyber attacks have become more sophisticated and prevalent. One type of attack that you may not have heard […]

Read the entire post here

Informational, moth Exploit Development, Python, Scapy, TCPDump, Vulnerability, Wireshark

Exploit Development – A Sincere Form of Flattery

moth // Recently, BHIS penetration tester Dale Hobbs was on an Internal Network Penetration Test and came across an RPC-based arbitrary command execution vulnerability in his vulnerability scan results.  I […]

Read the entire post here

Blue Team, DFIR, General InfoSec Tips & Tricks, Hal Denton, How-To, Informational Digital Forensics and Incident Response, Master Boot Record

Who’s Bootin’? Dissecting the Master Boot Record

Hal Denton // Have you ever been given an encrypted hard drive to perform forensic analysis on? What could go wrong? Probably the first thought rolling through your mind is […]

Read the entire post here

External/Internal, How-To, Mobile, Password Spray, Red Team, Sean Verity, Web App

How to Build a Pentest Robot With Selenium IDE

Have you ever been on a pentest and thought to yourself, “I wish I had a robot to do this testing for me right now cuz this is just too much work”?

Read the entire post here

Daniel Pizarro, External/Internal, General InfoSec Tips & Tricks, Informational, LLMNR, Password Cracking, Password Spray, Recon, Red Team, Red Team Tools, Web App Cybersecurity Certification, PNPT

PNPT: Certification Review

Daniel Pizarro // What is the PNPT?  The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]

Read the entire post here

How-To, Mobile Android, android hacking, mobile hacking, penetration testing, Pentesting, walkthrough

Start to Finish: Configuring an Android Phone for Pentesting

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

Read the entire post here

General InfoSec Tips & Tricks, Informational, Joff Thyer, Red Team, Web App

Forward into 2023: Browser and O/S Security Features 

Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]

Read the entire post here

Informational

Talkin’ About Infosec News – 12/21/2022

00:00 – PreShow Banter™ — Talkin’ Bout [Elon] News00:51 – BHIS – Talkin’ Bout [infosec] News 2022-12-1902:46 – Story # 1: Antivirus and EDR solutions tricked into acting as data […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here