How to Phish for Geniuses
David Fletcher // Recently we were involved in an engagement where we expected to see a large number of Macs in the target environment. As an element of the engagement […]
Malicious Outlook Rule without an EXE
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]
A Marketer’s Lessons in Con Artistry for Good & Learning
Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]
WEBCAST: Demo of Domain Password Audit Tool
Check out Carrie’s demo of her DPAT, and if you missed her blog, check that out here.
Bite the Pages of an Ebook: Tiny People Need to See You Get Excited about Electronic Text
Gail Menius // We avoid tasks that are too hard. When we avoid them (consciously or unconsciously) the things we do instead are called “avoidance behaviors.” Adults and teachers alike […]
PowerShell Logging for the Blue Team
Joff Thyer // It is no secret that PowerShell is increasingly being used as an offensive tool for attack purposes by both Red Teamers and Criminals alike. Thanks to […]
BHIS’s Annual Infosecker’s* Gift-List
Sierra Ward & Staff // Buying gifts can be tough, especially for your family members who are totally mystified by your profession. “Don’t you hack the stuff with the things?” […]
Domain User Enumeration
Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]
WEBCAST: How Threat Intelligence Can Go Wrong
The webcast John did with Paul and Security Weekly a few weeks ago. Better late than never though, are we right??