TestSSL.sh –Assessing SSL/TLS Configurations at Scale
David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation. I found […]
Internal Pivot, Network Enumeration, & Lateral Movement
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
Get to Know a Tester: Ethan Robish
Sierra Ward & Ethan Robish // Intro by Ethan: Sierra came up with the idea to interview me for this blog. I thought it was a great idea and after watching Rick […]
How to Bypass Application Whitelisting & AV
Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool […]
The Courage to Learn
Sierra Ward // Last year I listened to a podcast* from Freakonomics that has stuck with me – in fact, I think it’s changed the way I think – powerful stuff […]
Herding Those Pesky Passwords
Rick Wisser & Gail Menius // Frequently we get asked about where to store passwords. Should they be stored in a word/excel /txt file on your computer? Maybe, written down […]
What’s Trust Among Friends: Secure Connections & Man-in-the-Middle Attacks
Logan Lembke // Living in the information age is great, isn’t it? With just a visit to the internet you can learn what happened in London on September 2nd, 1666, […]
Black Box testing – Are you testing the Pentester, or your target?
Mike Perez // BHIS does a lot of outreach via our blog, HackNaked.TV, training, and especially webcasts. In the course of outreach, sometimes folks come to us whom never had […]
Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed
Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, […]