Joff Thyer

Informational, Joff Thyer, Physical, Red Team, Social Engineering Pen Testing, PROMPT#

Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

Read the entire post here

Informational, InfoSec 301, Joff Thyer, Red Team devops, malwaredev

Initial Access Operations Part 2: Offensive DevOps

The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]

Read the entire post here

Informational, InfoSec 301, Joff Thyer, Red Team

Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]

Read the entire post here

General InfoSec Tips & Tricks, Informational, Joff Thyer, Red Team, Web App

Forward into 2023: Browser and O/S Security Features 

Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 301, Joff Thyer DNS Security, Joff Thyer

The DNS over HTTPS (DoH) Mess

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]

Read the entire post here

Author, How-To, Informational, InfoSec 101, Joff Thyer, Webcasts

Webcast: Shellcode Execution with GoLang

In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Joff Thyer, Web App Joff Thyer

Web App Pen Testing in an Angular Context

Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years.  We all love our […]

Read the entire post here

Author, Informational, InfoSec 101, Joff Thyer, Webcasts

Webcast: Move Aside Script Kiddies – Malware Execution in the Age of Advanced Defenses

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Fun & Games, How-To, Informational, Joff Thyer, Webcasts IPv6, Joff Thyer

Webcast: IPv6: How to Securely Start Deploying

Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here