Indecent Exposure: Your Secrets are Showing
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.
Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]
This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.
In this video, Ethan Robish discusses the fundamentals and intricacies of data analytics using SQL.
In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]
This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]
In today’s world, security is more important than ever. As organizations increasingly rely on technology to drive business, digital threats are becoming more sophisticated, varied, and difficult to defend against. […]