Red Team, Red Team Tools, Webcasts BurpSuite, ZAP

WEBCAST: There and Back Again – A Pathfinder’s Tale

Matthew Toussain// Portswigger’s Burpsuite has become the tool of choice for web application penetration testers. OWASP’s Zed Attack Proxy (ZAP) not only fights in the same weight class but also […]

Read the entire post here

Author, Jordan Drysdale, Physical, Red Team Badgy, Jordan Drysdale, pen-testing, penetration testing, pentest, Pentesting, Physical Pentest

Performing a Physical Pentest? Bring This!

Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you don’t own […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Red Team Application Whitelisting, escalated, penetration testing, Pentesting, privilege escalation, whitelisting, Windows, Windows Privilege Escalation

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

Read the entire post here

Author, C2, Joff Thyer, Red Team anti-virus, AV software, C2, easy button, pen-testing, penetration testing, pentest, Pentesting, Symantec, There is NO easy button

A Morning with Cobalt Strike & Symantec

Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]

Read the entire post here

Red Team, Red Team Tools how to hide payload in MS docs, Malware, Microsoft, MS Word, pen-testing, penetration testing, pentest, Pentesting, Pentesting tips and tricks, PowerShell, PowerShell Scripts, Word

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

Read the entire post here

Author, InfoSec 201, John Strand, News, Webcasts ACDC, ACDC Active Defense Law, Active Defense, webcast

WEBCAST: Proper Active Defense and the New ACDC Active Defense Law

John Strand// In this webcast John talks about the new ACDC law and what it means exactly. There has been quite a bit of anger and great GIFs about hacking […]

Read the entire post here

Fun & Games christmas gifts, christmas gifts for nerds, gift guide, infosecker gift list

BHIS’s 2nd Annual Infosecker’s* Gift-List

Sierra Ward with help from all // Wow, another year, another Christmas and another chance to be totally stumped by what to get you favorite InfoSecker. But fear not! We are […]

Read the entire post here

Ethan Robish, How-To, InfoSec 201 Cisco, guest networks, home network, home networking, how to set up your home wifi, how to set up your internet at home, Routers, wi-fi

Home Network Design – Part 1

Ethan Robish // In this series of posts, I’ll discuss how I segmented my home network using VLANs and how I moved away from using a risky consumer-grade router at […]

Read the entire post here

Author, Blue Team, John Strand Active Defense, ADHD, Arguing is Fun, Debates, Law, No Debate is Finished Until Hitler Is Mentioned

Debating the Active Defense Law.. Because Arguing is Fun

John Strand // I wanted to take a few moments and address the “Hacking Back” law that is working people up. There is a tremendously well-founded fear that this law […]

Read the entire post here