General InfoSec Tips & Tricks

Fun & Games, General InfoSec Tips & Tricks, Guest Author, How-To, Informational, InfoSec 101 Green Book, Infosec for Beginners, InfoSec Survival Guide

What to Do with Your First Home Lab

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?

Read the entire post here

General InfoSec Tips & Tricks, Informational Melisa Wachs, penetration testing

Finding the Right Penetration Testing Company

This blog is for anyone who is interested in finding a good penetration testing company.

Read the entire post here

General InfoSec Tips & Tricks, Guest Author, Informational, InfoSec 101 Green Book, Infosec for Beginners, InfoSec Survival Guide

How to Set Smart Goals (That Actually Work For You)

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

Read the entire post here

Brian Fehrman, General InfoSec Tips & Tricks, Informational AI, Artificial Intelligence, Large Language Models, LLMs, Prompt Injection

Getting Started with AI Hacking Part 2: Prompt Injection

In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem – Prompt Injection: The AI version of talking your way past the bouncer.

Read the entire post here

Chris Sullo', General InfoSec Tips & Tricks, Informational, InfoSec 101, Web App

Default Web Content

Whether it’s forgotten temporary files, installation artifacts, READMEs, or even simple image files–default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.

Read the entire post here

Dale Hobbs, General InfoSec Tips & Tricks, Informational, InfoSec 101 CMD, PowerShell, RDP

Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security

Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks.

Read the entire post here

Brian King, General InfoSec Tips & Tricks, Informational, InfoSec 101, Red Team Tools Burp Suite, Cheatsheet, Infosec for Beginners, InfoSec Survival Guide

Burp Suite Cheatsheet

Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you’re likely to use.

Read the entire post here

Beau Bullock, General InfoSec Tips & Tricks, Informational, InfoSec 101, Kaitlyn Wimberley, Red Team Tools Cheatsheet, GraphRunner, Infosec for Beginners, InfoSec Survival Guide

GraphRunner Cheatsheet

GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!

Read the entire post here

General InfoSec Tips & Tricks, Informational, InfoSec 101, Michael Allen, Red Team Tools Cheatsheet, DNS Triage, Infosec for Beginners, InfoSec Survival Guide

DNS Triage Cheatsheet

DNS Triage is a reconnaissance tool that finds information about an organization’s infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.

Read the entire post here

1 2 3 4 ›»