That One Time My Parents Were Hacked
Heather Doerges // My mom called the other day. It started out, “Honestly, your father.” Which, isn’t a strange way for her to start a conversation about my dad. “What […]
TLS Certificates from EAP Network Traffic
Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]
Using Recursive Grep to Test Per-Request CSRF-Token Protected Pages
David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. […]
How to create a SOHO router using Ubuntu Linux
Joff Thyer // This post is cross-posted from Packet Header on 3/1/16. __________ On Security Weekly Episode 452, I presented a technical segment on how to build your own […]
More on Threat Intelligence Feeds
Derek Banks // John’s hating on threat intelligence feeds post got me thinking. As a former blue team member that is now solidly purple team, I do not hate threat intelligence […]
Check\ Your\ Tools
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]
Check Your Image
Lawrence Hoffman // Today I’ll walk through the process I use to verify ISO images before I install them. If you downloaded Linux Mint 17.3 Cinnamon on February 20th there’s […]
EyeWitness and Why It Rocks
Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]
How to Test for Open Mail Relays
Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can […]