InfoSec 101

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

Author, Brian Fehrman, General InfoSec Tips & Tricks, Informational external engagement, Lync, Lync server

PSA: It’s 10PM, Do You Know Where Your Lync Servers Are?

Brian Fehrman// Microsoft Lync servers have been a staple of my external engagements for the past six months or so. I have found a Lync server on all of those […]

Read the entire post here

Author, How-To, Informational, InfoSec 101, Jordan Drysdale INFOSEC 301 CRITICAL CONTROLS, it security, Jordan Drysdale, Small Business

Small and Medium Business Security Strategies: Part 3

Jordan Drysdale // Blurb: A few of us have discussed the stress that small and medium business proprietors and operators feel these days. We want to help stress you out […]

Read the entire post here

How-To, InfoSec 101 c-level, c-Suite, information security, infosec, infosec 101

How to Build a Better Relationship With Your C-level Regarding Information Security

Josh Thomas // Editor’s Note: Recently on Twitter, we asked our followers “What’s the hardest thing to get your C-level to understand regarding security?” The answers came in like a roaring […]

Read the entire post here

Author, Brian Fehrman, How-To, Informational, InfoSec 101 Application Whitelisting Software, AWS, PowerShell

PowerShell w/o PowerShell Simplified

Brian Fehrman // In a previous post, titled PowerShell without PowerShell, we showed you how you can bypass Application Whitelisting Software (AWS), PowerShell restrictions/monitoring, and Command Prompt restrictions. In some […]

Read the entire post here

Author, Brian King, Informational, News, Web App audit, authentication, government, legal, ohio, potheads, webapp, webapp test

When Infosec and Weed Collide: Handling Administrative Actions Safely

BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]

Read the entire post here

Author, InfoSec 201, John Strand, News, Webcasts ACDC, ACDC Active Defense Law, Active Defense, webcast

WEBCAST: Proper Active Defense and the New ACDC Active Defense Law

John Strand// In this webcast John talks about the new ACDC law and what it means exactly. There has been quite a bit of anger and great GIFs about hacking […]

Read the entire post here

Author, InfoSec 101, John Strand, Webcasts Arizona Cyber Warfare Range, BHIS Webcast World Tour, webcast

WEBCAST: BHIS Webcast World Tour – Live from AZ

John Strand// As part of the BHIS Webcast World Tour, we held a live event at the newly opened Arizona Cyber Warfare Range (AZCWR) in Phoenix AZ. To read about and […]

Read the entire post here

Author, CJ Cox, InfoSec 101, Webcasts General Questions, pen-testing, preparing for a pen test, webcast

WEBCAST: Preparing Yourself & Your Company for a First Pen-test

CJ Cox// Are you about to have your first pen test? It can be a little overwhelming as a lot of people are sure they’re going to be destroyed in […]

Read the entire post here