Testing TLS and Certificates
Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]
Brian King
Webcast: Hack for Show, Report For Dough: Part 2
At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Uncovering Secrets and Simplifying Your Life with CyberChef
Information takes many forms. Some of these forms are easy to understand and others less so. Some are hardly even recognizable. How do you know when you’ve found something interesting? […]
Webcast: Getting Started with Burp Suite & Webapp Pentesting
Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Modern Webapp Pentesting: How to Attack a JWT
So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests
I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. You don’t need a big […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
What’s Changed in Recon-ng 5.x
Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for […]
Your Reporting Matters: How to Improve Pen Test Reporting
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June 2019. The fun part of pentesting is […]
How to Find an InfoSec Mentor
BB King // We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a […]