Sally Vandeven has been a Security Analyst and Penetration Tester for Black Hills Information Security (BHIS) since 2015. She also currently works as a faculty research advisor for the SANS […]
Search Results for: password
Check\ Your\ Tools
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]
Let’s Talk About Direct Object References
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]
Beware Public Wi-Fi Insecurity – Part 1: Reviewing the Neighborhood
Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment […]
Why The Hate for Threat Intelligence Feeds?
John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds. I feel just a bit bad about it. Right Apollo? But… I […]
Pentesting ASP.NET Cookieless Sessions with Burp
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]
How Compliance Compromises Happen. (Or, The Most Boring Article Title in the History of All the Internet…)
John Strand // There have been quite a few articles lately on how compliance standard X or Y is broken. Unfortunately, this often leads to blaming the nameless and faceless people behind the […]
Service Detection – Tomcat Manager, From “Info” to “Ouch”
Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” […]