Dynamic Device Code Phishing
rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]
InfoSec 301
The DNS over HTTPS (DoH) Mess
Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]
How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]
Are You Really Hacking Naked?
Joff Thyer // I had an interesting experience recently that reminded me to always “trust but verify.” Let me set the stage for you. As a penetration tester, and IT […]
How to Build a Soft Access Point in Ubuntu 16.04
David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04. Having the ability to create a software AP can be very […]
Certificate Transparency Means What, Again?
Brian King // News from Google this week says that Chrome will start enforcing Certificate Transparency a year from now. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw This means that when Chrome contacts a website, if […]
AppleTV & nmap -sV
BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]
Bitlocker Ransomware: Using BitLocker for Nefarious Reasons
Editor’s Note: We’re excited to publish our first guest post! If you’d like to guest post on our blog DM us on Twitter, or use our contact form to contact us […]
Evil Twin: WPA2 Enterprise Syle on Kali 2.0
Brian Fehrman //
1 2