John’s Talk from DerbyCon 2016
John Strand //
Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]
Turning a Raspberry Pi 3 Into a Cloaking Device With goSecure VPN
Jordan Drysdale // This article, like the IADGov link here has three major steps. First, acquire a Raspberry Pi and a VPS running CentOS 6.8. Second, configure the server and Raspberry […]
Adding Egress Brute Force to PowerShell Payloads
Guest post* by Robert Schwass // We’ve all been there. You craft the perfect phishing email, register a great domain name, your multi handler is set up ever so perfectly. And […]
Mining Mary’s Social Media Antics for Social Engineering
Christine Sorensen // Let’s talk about Mary. Mary Watson is a girl in her twenties and just graduated from Midtown University with her bachelors in Fashion Merchandising. Mary is now […]
Downloading an Address Book from an Outlook Web App (OWA) Portal
Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]
Let’s Get Physical* Part 1; Defeating Wetware Access Controls
Sally Vandeven // I found myself with a little extra time one day (and I didn’t tell my project manager) so I thought it would be a great time to […]
Honeyports & ADHD!!!
John Strand // Lets take a look at how to use HoneyPorts on the new Active Defense Harbinger Distribution. For those of you who do not know, this is a […]
How Does Let’s Encrypt Gain Your Browser’s Trust?
Ethan Robish // Let’s Encrypt is a free service that allows you to obtain a free (as in beer) SSL/TLS domain validation certificate to use as you wish. Here is what […]