The DNS over HTTPS (DoH) Mess
Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]
Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]
At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Dale Hobbs // The Center for Internet Security (CIS) Controls are a recommended set of highly effective defensive actions for cyber defense that provide specific and actionable methods to prevent the most dangerous and pervasive cyber-attacks. They were initially […]
#hivenightmare / #lolwut Jeff McJunkin* // What is it? tl;dr — Unpatched privilege escalation in Windows 10 in nearly all supported builds. The vulnerability (CVE-2021–36934) allows an attacker with limited […]
We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon […]
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our […]