Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 Stage of the Penetration Test The TESTER The TESTED Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, […]
CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. My Methodology The Rant Cross between Bob Cat Goldthwaite and Dennis Miller Policy is the foundation to the foundation Don’t we all just love Policy […]
Podcast: Play in new window | Download
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” overview of CORS, with a focus on security vulnerabilities that we see most frequently on tests. This isn’t intended to be a full CORS primer […]
Kent R. Ickler// It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command syntax. We’ve generated a Hashcat Cheat Sheet for quick reference that may save you a bunch of time if you’re often reaching out to […]
Bre Schumacher// Many of you were probably asked as young child what you wanted to be when you grew up. Maybe you had an idea of something that sounded fun to you, like being an astronaut or the mayor. Perhaps you hadn’t decided. Maybe you still haven’t decided! Either way, I’m guessing as a child the thought […]
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A password could be easily recovered after capturing crackable password hashes. Password strength is a topic of serious contention within most of the organizations that we […]
Paul Clark* // What is Software Defined Radio and why should you, the noble InfoSec professional, care about it? What kind of hardware and software do you need to start working with SDR? How do you set it all up? Join Paul Clark as he answers these questions and walks through a quick demo to […]
Paul Clark* // Feeling uncomfortably productive today? I’ve got a remedy for that, involving internet memes and signal processing. Come and waste a few minutes of your day with Laurel, Yanny and GNURadio. It’s been going on for a couple of days, so you’re probably already wearying of the interpretive controversy centered around the audio […]
CJ Cox// Spring storms are often more dangerous and unpredictable than winter storms. The GDPR looks to be no exception. The General Data Protection Regulation is a universal law brought to us by the European Union, and it’s about to hit in May. So what does this mean for American companies? How can we in […]
