Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your […]
Matthew Toussain//* Wouldn’t you like to START your pentests knowing every username for all individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A […]
Beau Bullock & Mike Felch// Ways to Learn More, Network, and Wake Up Your Inner Hacker Whether you are brand new to InfoSec or a skilled veteran there are ways […]
John Strand// For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it’s becoming more […]
For the entire month of June, we ran a contest on our Twitter with the grand prize being a free ticket to Wild West Hackin’ Fest! We were quick to […]
David Fletcher & Sally Vandeven// Join David “Fletch” and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and […]
Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]
Derrick Rauch and Kent Ickler // (Updated 3/22/2019) First, to see what our build looks like, look here: https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next? Time for System Rebuild! First, you need to decide whether you […]
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]
