Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on […]
Lisa Woody // On the 23rd of December, a cyber attack left hundreds of thousands of people in the Ukrainian region of Ivano-Frankivsk without power. This was the first confirmed incident of cyber attackers taking down a power grid. Various reports have since indicated that this was a coordinated, sophisticated effort which employed a trojan […]
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a “direct object reference”. That’s never a good sign. Let’s approach this from a different angle. Say there’s a website. Say there are users on this […]
Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment has been made in revitalizing and adding an area called “Main Street Square.” Almost all of these businesses offer some form of public wireless network, […]
Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where there was a virtual terminal open: After looking I asked what the system did, he said it was just a GitLab server for a personal […]
John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds. I feel just a bit bad about it. Right Apollo? But… I think I need to explain how I got to this point. Through SANS and IANS I come into contact with a large number of companies […]
Brian B. King // If working with several customers at once, or in succession, it would be easy to lose track of whose data you’re looking at, or to include one customer’s information in another’s report. That would be bad. Using a separate virtual machine for each customer can help you avoid those mistakes, but […]
Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special characters so that a computer would require many years to brute force it. Even though these passwords may be difficult to crack, it turns out […]
