That One Time My Parents Were Hacked
Heather Doerges // My mom called the other day. It started out, “Honestly, your father.” Which, isn’t a strange way for her to start a conversation about my dad. “What […]
Search Results for: password
TLS Certificates from EAP Network Traffic
Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]
Check\ Your\ Tools
Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or […]
Let’s Talk About Direct Object References
Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]
Beware Public Wi-Fi Insecurity – Part 1: Reviewing the Neighborhood
Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment […]
Why The Hate for Threat Intelligence Feeds?
John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds. I feel just a bit bad about it. Right Apollo? But… I […]
Pentesting ASP.NET Cookieless Sessions with Burp
Carrie Roberts & Brian King // We were recently testing a web application that used ASP.NET cookieless sessions. This meant that the session token was part of the URL as shown in the […]
How Compliance Compromises Happen. (Or, The Most Boring Article Title in the History of All the Internet…)
John Strand // There have been quite a few articles lately on how compliance standard X or Y is broken. Unfortunately, this often leads to blaming the nameless and faceless people behind the […]