Storm Chasing: How We Hacked Your Cloud
Beau Bullock // Overview The traditional methodology of a remote attacker who has no preconceptions of a target network used to be fairly static. With organizations moving to “the cloud”, […]
You Down With APP? (Yeah You Know Me)
Derek Banks // Yes, I date myself with reference in the title of this blog post. I can be lame like that. A fair amount of my time at $last_gig […]
The Rejected Box – An Ode to IT Professionals
Melisa Wachs // Hello IT professional. If you haven’t heard it lately, I hope you know that you’re really amazing. You’re probably helping “laymen” like me all day long. Maybe […]
Nessus & Nmap
Sally Vandeven // In a recent conversation with Paul Asadoorian, he mentioned a Nessus plugin called nmapxml. He was not sure how well it worked but suggested I try it […]
Phishing with PowerPoint
Carrie Roberts & Chevy Swanson // How do we make sure people open up our malicious files and execute them? We simply let Microsoft work for years and years to gain […]
What’s trust among schoolchildren: Kerberos Authentication Explained
Logan Lembke // Kerberos authentication can be daunting but is an important protocol to understand for any IT professional, and especially important in the field of information security. While you […]
Browser Plugin Oversharing
Brian King // Do you know what that browser plugin is doing? There’s a browser plugin for just about everything. You can find one to change the name of […]
Advanced Msfvenom Payload Generation
Joff Thyer // It has been known for some time that an executable payload generated with msfvenom can leverage an alternative template EXE file, and be encoded to better evade […]
15 Ways to Be a Safer Computer User
Sierra Ward // Editor’s note: Though infosec professionals may see this advice as basic to the point of being obvious, as we visit with people and interact with swaths of other […]