WEBCAST: Testing G Suites with MailSniper
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username […]
Hashcat 4.10 Cheat Sheet v 1.2018.1
Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]
Finding: Server Supports Weak Transport Layer Security (SSL/TLS)
David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]
WEBCAST: Attack Tactics Part 2
John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. […]
How To Disable LLMNR & Why You Want To
Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]
WEBCAST: Attack Tactics Part 1
John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with […]
What I Wish I Would Have Known
Bre Schumacher// Many of you were probably asked as a young child what you wanted to be when you grew up. Maybe you had an idea of something that sounded […]
How to Configure SPFv1: Explained for the Masses
Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, […]
Finding: Weak Password Policy
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]