Forwarding Traffic Through SSH
Fernando Panizza // This was meant to be an OpenSSH how-to blog, but since I had time, I decided to read the man pages (manual pages that you can access […]
Tales From the Pick: Intro to Physical Security Tools
Joseph Kingstone // Looking to get into physical security? Not sure what you need to get started? Look no further. What are Physical Security Assessments? Physical security assessments evaluate an […]
Gowitness, a Tester’s Time Saver
Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]
MITM6 Strikes Again: The Dark Side of IPv6
Dale Hobbs // As the world becomes increasingly connected through the internet, cyber attacks have become more sophisticated and prevalent. One type of attack that you may not have heard […]
Exploit Development – A Sincere Form of Flattery
moth // Recently, BHIS penetration tester Dale Hobbs was on an Internal Network Penetration Test and came across an RPC-based arbitrary command execution vulnerability in his vulnerability scan results. I […]
Who’s Bootin’? Dissecting the Master Boot Record
Hal Denton // Have you ever been given an encrypted hard drive to perform forensic analysis on? What could go wrong? Probably the first thought rolling through your mind is […]
How to Build a Pentest Robot With Selenium IDE
Have you ever been on a pentest and thought to yourself, “I wish I had a robot to do this testing for me right now cuz this is just too much work”?
PNPT: Certification Review
Daniel Pizarro // What is the PNPT? The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]
Start to Finish: Configuring an Android Phone for Pentesting
Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]