Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it […]
Podcast: Play in new window | Download
Subscribe: RSS
Bre Schumacher // As I was walking through the back to school display at the store the other day, I picked up a handy-dandy school supply list. Of course there were all the usual things: scissors, glue, notebooks, etc. but it made me wonder what would be on the “supply list” for someone just starting out […]
Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command syntax. We’ve generated a Hashcat Cheat Sheet for quick reference that may save you a bunch of time if you’re often reaching out to the […]
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this post we will walk through the changes to C2K as well as re-deploy a demo C2 infrastructure with all the new features. It is worth […]
Jordan Drysdale // tl;dr uBlock Origin appears, based on non-scientific testing, to be fairly effective at keeping trackers from making outbound HTTP GET requests. Tested Extensions: No Add-ons v Ghostery v uBlock Origin v AdBlock PlusAnalyzed Website homepages: CNN v FoxNews v MSNBC I ran all of the following tests about the same. I clear […]
Jordan Drysdale // A few of us have discussed the stress that small and medium business proprietors and operators feel these days. We want to help stress you out even more. Not really, but if you aren’t worrying about IT security, you are probably doing it wrong. This series will run through some of the […]
John Strand// In this webcast John talks about the new ACDC law and what it means exactly. There has been quite a bit of anger and great GIFs about hacking back and the law so he thought it would be a good idea to actually walk through it and point out a few of its […]
Ethan Robish // In this series of posts, I’ll discuss how I segmented my home network using VLANs and how I moved away from using a risky consumer-grade router at the edge of my network. My goal for this series is to take you from using a consumer-grade router running a flat network to a […]
Jordan Drysdale // The following content is loosely based on a presentation I gave at BSides Denver. After speaking at BSides Denver, one of the audience members spent some time discussing the content with BHIS. He called the software he helped this particular data broker build “The Actual Privacy Death Star.” His claim was that […]
