Are You Spying on me? Detecting SSL Man-in-the-Middle
Carrie Roberts//* Is your employer reading all your sensitive information when you browse the internet from your work computer? Probably. But how can you be sure? It is common for […]
Red Team
I Spy with InSpy
Darin Roberts// Do you ever find yourself on an engagement and need just a few more names with which to conduct a password spray? Everyone knows the more emails you have, […]
Treating Antivirus as āThe Gold Standardā
Jordan Drysdale // Sacred Cash Cow Tipping Webcast 2018 follow-up The great Kaspersky Internet Security 2017 antivirus product lived up to and met all of my expectations in testing, so […]
WEBCAST: There and Back Again – A Pathfinder’s Tale
Matthew Toussain// Portswigger’s Burpsuite has become the tool of choice for web application penetration testers. OWASP’s Zed Attack Proxy (ZAP) not only fights in the same weight class but also […]
Performing a Physical Pentest? Bring This!
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you donāt own […]
Digging Deeper into Vulnerable Windows Services
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]
A Morning with Cobalt Strike & Symantec
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]
WEBCAST: JavaScript Weaponized
Matthew Toussain // PowerShell is deadā¦ well dying, kind of. JavaScript interpreters, on the other hand, are everywhere, and they are far from confined to the web browser. Join Matt […]