Informational

Do You Know What Devices Are on Your Network?

Bryan Strand// I have recently started taking SEC566 with James Tarala via SANS on the CSC 20 Critical Controls and decided it would be a great blog series to do […]

Read the entire post here

Author, Brian King, How-To, Informational, InfoSec 101 FAQ, general infosec, General Questions, getting started, mentor, new to infosec

How to Find an InfoSec Mentor

BB King // We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a […]

Read the entire post here

Author, Informational, Mike Felch, Red Team, Red Team Tools Active Directory, Azure, reconnaissance, Red Team

Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure

Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]

Read the entire post here

Red Team ActiveX Controls, Microsoft Word, Red Team, UNC path injection, Windows Media Player

Having Fun with ActiveX Controls in Microsoft Word

Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]

Read the entire post here

How-To, Informational, Red Team pentest report, Pentesting, reports

DOs and DON’Ts of Pentest Report Writing

Melisa Wachs// The first day of school has started for your school-age kiddos. What better time to run through some of our basic reporting guidelines with y’all? Here is a […]

Read the entire post here

Author, Mike Felch, Phishing, Red Team 2FA, multi-factor, phishing, Red Team

Stealing 2FA Tokens on Red Teams with CredSniper

Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]

Read the entire post here

Fun & Games, General InfoSec Tips & Tricks, InfoSec 101, InfoSec 201 Blue Team, books, Getting into Infosec, infosec 101, infosec books, Red Team, tools

Your Infosec Supply List

Bre Schumacher // As I was walking through the back to school display at the store the other day, I picked up a handy-dandy school supply list. Of course there were […]

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale, Kent Ickler, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jordan Drysdale, Jugular, Kent Ickler, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

Read the entire post here

Author, Ethan Robish, How-To Socket.io, WebSockets

How to Hack WebSockets and Socket.io

Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]

Read the entire post here