Three Simple Disguises for Evading Antivirus
Logan Lembke // Antivirus has been a key component in defending computer systems since the 1990s. Over the years, antivirus began to dominate the discussion of PC security with other […]
Question: What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?
Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]
Lawrence’s List 070116
Lawrence Hoffman // As I previously mentioned I’m on vacation this week and next. As I like to go for long cross-country drives I’ve not had much time to keep […]
A Letter from John
John Strand // Last week BHIS took a new direction as a company. (Warning, this blog is not technical. But it is important.) In the past few years we’ve grown […]
Juniper Two Factor VPN & Linux
David Fletcher // On a recent internal penetration test engagement, I was faced with using a Juniper VPN to access the target network. One small problem, Juniper does not formally […]
Lawrence’s List 062416
This week is going to be sort of short. I get to go on vacation! I’ll still be trying to do some minimal posts during the next two weeks, but […]
SSH Config Files
Ethan Robish // Here’s a short intro for anyone not familiar with ssh config files, which are usually located at ~/.ssh/config As an example, you have ssh running on port […]
Book Review: “Red Team – How to Succeed by Thinking Like the Enemy”
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]
Lawrence’s List 061716
Lawrence Hoffman // Certain Intel chips come with what’s called a “Management Engine” or ME. This is an actual physical subsystem which implements Intel’s Active Management Technology (AMT.) Why is […]