David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A password could be easily recovered after capturing crackable password hashes. Password strength is a topic of serious contention within most of the organizations that we […]
Paul Clark* // What is Software Defined Radio and why should you, the noble InfoSec professional, care about it? What kind of hardware and software do you need to start working with SDR? How do you set it all up? Join Paul Clark as he answers these questions and walks through a quick demo to […]
Paul Clark* // Feeling uncomfortably productive today? I’ve got a remedy for that, involving internet memes and signal processing. Come and waste a few minutes of your day with Laurel, Yanny and GNURadio. It’s been going on for a couple of days, so you’re probably already wearying of the interpretive controversy centered around the audio […]
CJ Cox// Spring storms are often more dangerous and unpredictable than winter storms. The GDPR looks to be no exception. The General Data Protection Regulation is a universal law brought to us by the European Union, and it’s about to hit in May. So what does this mean for American companies? How can we in […]
Jordan Drysdale// tl;dr Vulnerability management is a part of doing business and operating on the public internet these days. Include training as part of this Critical Control. Users should be aware that attacks will continue to evolve and clicking links isn’t the only way to get infected these days. Hire a managed services provider worth […]
Kelsey// Dear Big All-Powerful Company, Your idea of a ‘strong password’ is flawed. When I first saw the following message, I laughed. I said out loud, “No, you have not seen that password before, ever; I guarantee it,” but I moved on. I thought, no big deal, I’ll add some length. And then adding length […]
Dakota Nelson// For a lot of our customers, their first introduction to pentesting is a vulnerability scan from BHIS. This is after talking to the testers, of course, and setting up rules of engagement, sharing which hosts are within scope, and talking over how we, as testers here at BHIS, can best help secure their […]
Rick Wisser// Here at BHIS we are always on the lookout for new toys. Especially if we can use them during a pentest. As a pentester, we all have a complimentary tool set in our jump bags that we have grown accustomed to using. Tools such as the Rubber Ducky, Konboot, Lan Turtle, proxmark3, crowbar […]
Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am getting asked more and more about it. People that I had mentioned Bitcoin to back in 2013 are coming out of the woodwork to ask about […]
