The Courage to be Vulnerable: An Ode to Rita
Sierra Ward // The other day I went to get some food with a co-worker. When the counter boy asked for my name I told him. The co-worker said she could […]
Lawrence’s List 072216
Lawrence Hoffman // The list this week is a little shorter, I didn’t include a tool or POC link as I usually do. No particular reason, just didn’t run across […]
How to Build a 404 page not found C2
A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet […]
Data Mining & Privacy: How Anonymous Are You Really?
Sam Carroll // When I started at BHIS I was surprised at the sensitivity of personal data, such as my birthday. I was soon reminded of a data mining class […]
Lawrence’s List 071516
Lawrence Hoffman // Hey, I’m back! Vacation was great. I spent part of last week on an Island so I was unable to scratch the keep-up-with-the-media itch. Now that I’m […]
Get to Know a Tester: Sally
Note: A few months ago we did a short interview with a tester when we talked to Ethan. This month we had a conversation with Sally Vandeven, who’s only been […]
Securing Your Way to Restful Sleep with Ansible Galaxy
Jordan Drysdale // Life as a ‘blue-teamer’ can often be a stressful experience. Working in an environment with a strong Linux infrastructure can help some, but Ansible can help […]
Three Simple Disguises for Evading Antivirus
Logan Lembke // Antivirus has been a key component in defending computer systems since the 1990s. Over the years, antivirus began to dominate the discussion of PC security with other […]
Question: What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal?
Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]