Author

Author, Blue Team, How-To, Kent Ickler Active Directory, AD, AD Best Practices, Best Practices, Kent Ickler, Link Layer Multicast Name Resolution, LLMNR, network

How To Disable LLMNR & Why You Want To

Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]

Read the entire post here

Author, David Fletcher, Finding, Informational bad passwords, password, password policy, weak password

Finding: Weak Password Policy

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

Read the entire post here

Author, External/Internal, How-To, Kent Ickler, Password Cracking AES, CeWL, decrypt, dictionary, encryption, Exce, Hashcat, John the Ripper, JTR, Kent Ickler, LinkedIn, microsoft office, Office, SHA, wordlist

How to Crack Office Passwords with a Dictionary

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption.  Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

Read the entire post here

Author, Brian King, Web App, Webcasts Web App, Web App Assessment, Web Apps, webcast, webcasts

WEBCAST: Web App Assessments for Non-Majors

BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]

Read the entire post here

Author, Joff Thyer, Red Team, Red Team Tools Crack Hashes, Joff Thyer

Got Privs? Crack Those Hashes!

Joff Thyer // Black Hills Information Security loves performing both internal penetration tests, as well as command and control testing for our customers. Thanks to the efforts of many great […]

Read the entire post here

Author, CJ Cox, Informational, Webcasts GDPR, General Data Protection Regulation, webcast, webcasts

WEBCAST: GDPR – Spring Storm Warning

CJ Cox// Spring storms are often more dangerous and unpredictable than winter storms. The GDPR looks to be no exception. The General Data Protection Regulation is a universal law brought […]

Read the entire post here

Author, Blue Team, How-To, Informational, InfoSec 101, Jordan Drysdale Critical Controls, Jordan Drysdale, Medium Business, Security Stratigies, Small Business, Vulnerability Management

Small and Medium Business Security Strategies: Part 4

Jordan Drysdale// tl;dr Vulnerability management is a part of doing business and operating on the public internet these days. Include training as part of this Critical Control. Users should be […]

Read the entire post here

Author, How-To, John Strand, Webcasts Threat Intelligence, threat intelligence feeds, webcast

WEBCAST: How to Use Threat Intelligence

John Strand// Using threat intelligence feeds for good….instead of wasting time and money. John’s intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts AD Best Practices, Blue Team, webcast, Wireless, Wireless Blue Team, Wireless Defense, Wireless NEtworks

WEBCAST: Stop Sucking at Wireless

Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The […]

Read the entire post here