TLS Certificates from EAP Network Traffic
Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]
Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]
Sally Vandeven has been a Security Analyst and Penetration Tester for Black Hills Information Security (BHIS) since 2015. She also currently works as a faculty research advisor for the SANS […]
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]
Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment […]
John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds. I feel just a bit bad about it. Right Apollo? But… I […]
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]
John Strand // There have been quite a few articles lately on how compliance standard X or Y is broken. Unfortunately, this often leads to blaming the nameless and faceless people behind the […]
Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” […]