Pentesting with Linked Clones
Brian B. King // If working with several customers at once, or in succession, it would be easy to lose track of whose data you’re looking at, or to include […]
Your Password Is… wait for it… NOT Always Encrypted
Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]
RFID Replaying with the Proxmarx3
Rick Wisser // Ohhh Who Says Tree’s are not Interesting RFID’s (Radio-Frequency Identification) have been around for a while now and are utilized for Inventory tracking/control, retail, clothing, animal tracking, […]
InfoSec Basics & Fundamentals
John Strand // One of the more difficult aspects of getting started in any new field is knowing where to begin. When I got started in this field in 2000 […]
Pentesting ASP.NET Cookieless Sessions with Burp
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]
Using Simple Burp Macros to Automate Testing
David Fletcher // Recently, while assessing a web application I noticed content on one of the pages that appeared to be derived from sensitive information stored within the site’s user […]
Developing Hacking Kung Fu (or How To Get Into Information Security)
Derek Banks // More than occasionally I am asked how to get into Information Security as a profession. As attacks and breaches continue to escalate in frequency the demand […]
Can we C2? Yes we can!
Dakota Nelson // It’s become more and more common lately to see advanced attackers using legitimate internet channels to move data in and out of networks. Social networks such as […]