How to Hack WebSockets and Socket.io
Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]
AWS: Assuming Access Key Compromise
Jordan Drysdale//* In this blog, we are assuming that we have obtained an access key, a secret key and maybe a .pem key from a network user who left these […]
What to Expect After a Pen Test
Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 […]
Command and Control with WebSockets WSC2
Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The […]
Scout2 Usage: AWS Infrastructure Security Best Practices
Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your […]
G Suite is the Soft Underbelly of Your Environment
Matthew Toussain//* Wouldn’t you like to START your pentests knowing every username for all individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A […]
WEBCAST: Highly Caffeinated InfoSec
Beau Bullock & Mike Felch// Ways to Learn More, Network, and Wake Up Your Inner Hacker Whether you are brand new to InfoSec or a skilled veteran there are ways […]
WEBCAST: Attack Tactics 3
John Strand// For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it’s becoming more […]
Free Ticket to the Most Hands-on Infosec Con
For the entire month of June, we ran a contest on our Twitter with the grand prize being a free ticket to Wild West Hackin’ Fest! We were quick to […]