Darin Roberts // “Why do you recommend a 15-character password policy when (name your favorite policy here) recommends only 8-character minimum passwords?” I have had this question posed to me a couple of times in the very recent past. There were 2 separate policies that were shown to me when asking these questions. First was […]
On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Download slides: https://www.activecountermeasures.com/presentations/ 0:45 Introducing what a kill chain is and general background you need for this webcast 15:53 Getting into group policies, best practices, group policies that we’re not covering […]
Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for common commands and mapping of some old syntax to the new syntax. If you’re at all like me, you’ll assume that what you know from […]
Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some […]
Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Some useful terminology: Mobile Phone Related: MS mobile […]
Kayla Mackiewicz // Last year, fellow tester Jordan Drysdale wrote a blog post about Cisco’s Smart Install feature. His blog post can be found here. If this feature is enabled on a Cisco device, an attacker can download or upload a config file and even execute commands. Whether you use the Smart Install feature or […]
Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Preface: I held an Advanced Amateur Radio Operator […]
Download slides: https://www.activecountermeasures.com/presentations/ More info: https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ 2:09 Introduction to the types of cards in the deck, pricing, why we created B&B 10:25 Basic setup for playing the game and how to play the game 18:03 Breaking down cards and how they work 35:54 Demo Game 1 44:39 Demo Game 2 54:50 Questions and comments This […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 00:40 Intro, background information, how to deal with the psychology and politics in your company 15:34 Reviewing different cards in Backdoors & Breaches, Server Analysis 22:39 Security Information and Event Management Log Analysis (SIEM) 31:12 Firewall Logs, Zeek, and […]
