InfoSec 101 Career in Infosec, Dreams, How to get into infosec

How to Get into Information Security

Dear BHIS, So I’m a big fan of you guys! I took John’s SANS504 OnDemand class and I saw the light. Now what? I want to get into security, (maybe […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, How-To, Kent Ickler How to fix a referrer policy, Kent Ickler, Referrer Policy, Scott Helme, Security Headers

How To Fix a Missing Referrer-Policy on a Website

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

Read the entire post here

Author, How-To, Kent Ickler Content Security Policy, Kent Ickler, Scott Helme, Security Headers, web page, web site, web site configuration

How To Fix a Missing Content-Security-Policy on a Website

Kent Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here

Author, How-To, Kent Ickler Cacti, HP ProCurve, Kent Ickler, ProCurve, ProCurve Switch, Switch

How to Add an HP ProCurve Switch to Cacti via SSH/Telnet/CLI

Kent Ickler // In my recent post, we installed and got Cacti up and running. Now, we’re going to add our first switch into Cacti’s services. Switch: This is an HP-Procurve line […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts

WEBCAST: How To Do Consolidated Endpoint Monitoring on a Shoestring Budget

Derek Banks & Joff Thyer // If you’re not currently logging and monitoring the Windows endpoints on the edge of your network you are missing valuable information that is not […]

Read the entire post here

Author, How-To, Kent Ickler Cacti, data, go hug a cactus, Kent Ickler, Net Admin, Network monitoring, switches, Ubuntu

How to Install Cacti 1.1.10 on Ubuntu 16.04

Kent Ickler // What is Cacti? Cacti is a network system that inputs system-generated quantifiable data and presents the data in spiffy graphs. Net-Admin In the Net-Admin world, it gives […]

Read the entire post here