Author

Author, General InfoSec Tips & Tricks, InfoSec 101, Jordan Drysdale

Public Wi-Fi Insecurity – Part Deux, For Compliance Sakes

Jordan Drysdale // (See Jordan’s Part 1 of this post here.) PCI-DSS strolled into town with the latest compliance package of minutiae laden IT speak at the end of last year. […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Joff Thyer, Red Team, Red Team Tools EAP Network, TSL Certificates

TLS Certificates from EAP Network Traffic

Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods.  EAP is used both in a wired network […]

Read the entire post here

David Fletcher, Red Team, Web App Cross-Site Request Forgery, CSRF, CSRF-Token, Recursive Grep, Testing Protected Pages, XSRF

Using Recursive Grep to Test Per-Request CSRF-Token Protected Pages

David Fletcher // Cross-Site Request Forgery (CSRF or XSRF) is an attack which is used to execute a transaction on behalf of a victim user against a vulnerable web application. […]

Read the entire post here

Author, How-To, Joff Thyer soho router, ubuntu linux

How to create a SOHO router using Ubuntu Linux

Joff Thyer // This post is cross-posted from Packet Header on 3/1/16. __________   On Security Weekly Episode 452, I presented a technical segment on how to build your own […]

Read the entire post here

Author, Derek Banks, InfoSec 101 Purple Team, threat intelligence feeds

More on Threat Intelligence Feeds

Derek Banks // John’s hating on threat intelligence feeds post got me thinking.  As a former blue team member that is now solidly purple team, I do not hate threat intelligence […]

Read the entire post here

Author, Brian King, Password Spray, Red Team bad passwords, password, passwords

Check\ Your\ Tools

Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]

Read the entire post here

Author, Brian Fehrman, External/Internal, Red Team EyeWitness, Pentesting, vulnerability scans

EyeWitness and Why It Rocks

Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team domain credentials, domain creds, password spraying, passwords

Password Spraying Outlook Web Access – How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 2

Beau Bullock // This is part two of a series of posts (See part 1 here) where I am detailing multiple ways to gain access to domain user credentials without ever being […]

Read the entire post here

Author, Beau Bullock, External/Internal, Password Spray, Red Team domain creds, exploiting passwords, gaining access to domain credentials, passwords, reusing passwords

Exploiting Password Reuse on Personal Accounts: How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 1

Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. […]

Read the entire post here