Red Team, Red Team Tools Amazon, cloud, Cloud Cracking, GPU Acceleration, Kali 2017, Kali GPU, Kali Linux, Password cracking

How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)

Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts

WEBCAST: Your Active Directory Active Defense (ADAD) Primer

John Strand // In this webcast John covers how to set up Active Directory Active Defense (ADAD) using tools in Active Defense Harbinger Distribution (ADHD) and talks about potential active […]

Read the entire post here

InfoSec 101 Career in Infosec, Dreams, How to get into infosec

How to Get into Information Security

Dear BHIS, So I’m a big fan of you guys! I took John’s SANS504 OnDemand class and I saw the light. Now what? I want to get into security, (maybe […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, How-To, Kent Ickler How to fix a referrer policy, Kent Ickler, Referrer Policy, Scott Helme, Security Headers

How To Fix a Missing Referrer-Policy on a Website

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

Read the entire post here

Author, How-To, Kent Ickler Content Security Policy, Kent Ickler, Scott Helme, Security Headers, web page, web site, web site configuration

How To Fix a Missing Content-Security-Policy on a Website

Kent Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here

Author, How-To, Kent Ickler Cacti, HP ProCurve, Kent Ickler, ProCurve, ProCurve Switch, Switch

How to Add an HP ProCurve Switch to Cacti via SSH/Telnet/CLI

Kent Ickler // In my recent post, we installed and got Cacti up and running. Now, we’re going to add our first switch into Cacti’s services. Switch: This is an HP-Procurve line […]

Read the entire post here