InfoSec 301

Blue Team Tools, External/Internal, InfoSec 301, Recon, Red Team, Red Team Tools attacking, cicd, Defending, devops, GitLab, gogatoz, Phil Miller

Auditing GitLab: The CI/CD Kill Chain

Welcome to GoGatoZ — a purpose-built Go tool for GitLab CI/CD security auditing that can perform and automate the entire CI/CD kill chain along with everything those one-off scripts did and then some.

Read the entire post here

Informational, InfoSec 301, Joff Thyer AI, LLM, Model Context Protocol

Model Context Protocol (MCP)

The Model Context Protocol (MCP) is a proposed open standard that provides a two-way connection for AI-LLM applications to interact directly with external data sources. It is developed by Anthropic and aims to simplify AI integrations by reducing the need for custom code for each new system.

Read the entire post here

Informational, InfoSec 301, Webcast Wrap-Up, Webcasts Dark Web, Tor

Light at the End of the Dark Web

Join us for this one-hour Black Hills Information Security webcast with Joseph – Security Analyst, as he shares with you what he’s discovered and learned about the Dark Web, so you never ever ever have to go there for yourself.

Read the entire post here

How-To, Informational, InfoSec 301, Joff Thyer AI, AI Model Training, LLM

AI Large Language Models and Supervised Fine Tuning

This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]

Read the entire post here

Informational, InfoSec 301, Joff Thyer, Red Team devops, malwaredev

Initial Access Operations Part 2: Offensive DevOps

The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]

Read the entire post here

Informational, InfoSec 301, Joff Thyer, Red Team

Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]

Read the entire post here

Blue Team, Incident Response, Informational, InfoSec 301, Phishing, Red Team, Social Engineering, Steve Borosh Device Code, Microsoft

Dynamic Device Code Phishing

rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 301, Joff Thyer DNS Security, Joff Thyer

The DNS over HTTPS (DoH) Mess

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]

Read the entire post here

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

1 2