John Strand // In this webcast, we walk through different tools to establish and test your Command and Control (C2) detection capabilities. Why does this matter? Almost all organizations we test can’t detect these outgoing channels.
Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I knew shellz were in my future, but it was not as easy as I expected. Here was my journey and some things I learned. First, […]
Editor’s Note: We’re excited to publish our first guest post! If you’d like to guest post on our blog DM us on Twitter, or use our contact form to contact us for details. _________ Robert Schwass // I don’t know how I got there, but a few days ago I found myself looking at an article on […]
Derek Banks // Yes, I date myself with reference in the title of this blog post. I can be lame like that. A fair amount of my time at $last_gig was spent analyzing the Tools Techniques and Procedures of the Advanced Persistent Threat. Now, as a pentester, I have often thought about applying some of […]
Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where there was a virtual terminal open: After looking I asked what the system did, he said it was just a GitLab server for a personal […]