Finding: Weak Password Policy
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]
WEBCAST: SDR Quick Start Guide
Paul Clark* // What is Software Defined Radio and why should you, the noble InfoSec professional, care about it? What kind of hardware and software do you need to start […]
GNURadio Can Make You Hear Laurel & Yanny
Paul Clark* // Feeling uncomfortably productive today? I’ve got a remedy for that, involving internet memes and signal processing. Come and waste a few minutes of your day with Laurel, […]
C2, C3, Whatever It Takes
Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called […]
Hardware Hacking with Shikra
Rick Wisser// Comparing Apples to Oranges (Bus Pirate vs Shikra) this a Hardware Hacking 101 webcast follow up blog post. I recently did a hardware hacking webcast on hacking a router […]
How to Crack Office Passwords with a Dictionary
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]
WEBCAST: Web App Assessments for Non-Majors
BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]
Got Privs? Crack Those Hashes!
Joff Thyer // Black Hills Information Security loves performing both internal penetration tests, as well as command and control testing for our customers. Thanks to the efforts of many great […]
WEBCAST: GDPR – Spring Storm Warning
CJ Cox// Spring storms are often more dangerous and unpredictable than winter storms. The GDPR looks to be no exception. The General Data Protection Regulation is a universal law brought […]