Got Enough Monitors?
Carrie Roberts // Guest Blog OK, I admit it: I might have a problem. But seriously, can you ever really have enough screen space? In this blog post, I’ll describe […]
Ssh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […]
Your Browser is Not a Safe Space
Corey Ham // Tl;dr Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items. Personal security: Do not save anything sensitive in […]
Parsing Sysmon Logs on Microsoft Sentinel
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]
Hit the Ground Running with Prototype Pollution
Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]
Forwarding Traffic Through SSH
Fernando Panizza // This was meant to be an OpenSSH how-to blog, but since I had time, I decided to read the man pages (manual pages that you can access […]
Tales From the Pick: Intro to Physical Security Tools
Joseph Kingstone // Looking to get into physical security? Not sure what you need to get started? Look no further. What are Physical Security Assessments? Physical security assessments evaluate an […]
Gowitness, a Tester’s Time Saver
Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]