Author, InfoSec 201, John Strand, Webcasts blue teaming, cyber insurance, industry standards, infosec, insurance, making effective change, motivation posters, ransomware, red teaming

WEBCAST: Insurance & Ransomeware

John Strand // It’s odd, we try to push security forward through standards like NIST, the Critical Controls, and PCI, but most organizations strive to meet the bare minimum required […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Red Team Tools all the payloads, bash bunny, Hak5, usb, usb exfiltrator, windows XP

How to Get USB_Exfiltration Payload Using the Bash Bunny

Jordan Drysdale // This is a super quick write-up on the first very useful payload we tested and confirmed as 100% reliable on all Windows systems (XP-SP3+) with PowerShell enabled. […]

Read the entire post here

Red Team, Social Engineering fun fun fun, helpful help desk, IT Help Desk, maternity leave, password reset, social engineering, VM

Social Engineering – Sometimes It’s Too Easy

Carrie Roberts // A fun story from an adventure in social engineering not too long ago. Thought I’d pass on some things I learned and ways to be more prepared in the […]

Read the entire post here

External/Internal, Red Team, Web App Apache Struts, Unauthenticated Remote Code Execution

Strutting your stuff – Unauthenticated Remote Code Execution

Carrie Roberts // Unauthenticated Remote Code Execution? A hacker’s best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless Hak5, Travel Bag, Wi-Fi Attack Kits, Wi-Fi travel kit, Wireless Gear

The Wi-Fi Travel Kit v2 – Parts List Backtrack

Jordan Drysdale // The Wi-Fi travel kit part one was popular enough that, back by demand, here are the specific parts, part numbers and links. Pretty much everything on the list […]

Read the entire post here

Red Team, Web App All the Shellz, hacking, metasploit, msfvenom, netcat, OS Command Injection, pen-testing, Python, Real Life Hacking, Waiting

OS Command Injection; The Pain, The Gain

Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I […]

Read the entire post here

Author, Blue Team, Hunt Teaming, John Strand, Webcasts network tools, open source tools, Real Intelligence Threat Analysis, RITA, tool

WEBCAST: RITA

John Strand // Want to get started on a hunt team and discover “bad things” on your network? In this webcast, we will walk through the installation and usage of […]

Read the entire post here

InfoSec 101 Growing Pains, information security, Market Forces, Parents, Responsibility & Privilege, Supply & Demand

End-User Education: Getting the Parentals Onboard

Sierra Ward // We’re getting to that stage of life where we have to make some hard decisions regarding our parents.  How do we help them through sickness? When and […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here