Author, Brian Fehrman, External/Internal, Red Team EyeWitness, Pentesting, vulnerability scans

EyeWitness and Why It Rocks

Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the […]

Read the entire post here

External/Internal, Red Team Carrie Roberts, external network assessment, mail relays, mail servers, pen-testing, penetration testing, Pentesting, testing for open mail relays

How to Test for Open Mail Relays

Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team domain credentials, domain creds, password spraying, passwords

Password Spraying Outlook Web Access – How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 2

Beau Bullock // This is part two of a series of posts (See part 1 here) where I am detailing multiple ways to gain access to domain user credentials without ever being […]

Read the entire post here

Author, Beau Bullock, External/Internal, Password Spray, Red Team domain creds, exploiting passwords, gaining access to domain credentials, passwords, reusing passwords

Exploiting Password Reuse on Personal Accounts: How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 1

Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. […]

Read the entire post here

How-To, InfoSec 101 Average User, BlackEnergy, Education, macros, MS Office, Ukraine

Warning: This Post Contains Macros

Lisa Woody // On the 23rd of December, a cyber attack left hundreds of thousands of people in the Ukrainian region of Ivano-Frankivsk without power. This was the first confirmed […]

Read the entire post here

Red Team, Web App Direct Object References, HIPAA, HIPAA violations, user profiles, XKCD

Let’s Talk About Direct Object References

Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a […]

Read the entire post here

Author, General InfoSec Tips & Tricks, InfoSec 101, Jordan Drysdale free wifi, the dangers of public wifi, wifi

Beware Public Wi-Fi Insecurity – Part 1: Reviewing the Neighborhood

Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment […]

Read the entire post here

Blue Team, How-To, Hunt Teaming hacking, old scripts, old stuff

Hacking Like It’s 1999

Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where […]

Read the entire post here

Author, InfoSec 101, John Strand

Why The Hate for Threat Intelligence Feeds?

John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds.  I feel just a bit bad about it. Right Apollo? But…  I […]

Read the entire post here