Author

Author, Derek Banks, Fun & Games, Informational disaster preparedness, emergency, hurricane, hurricane florence, what to pack for a hurricane

Digital Bug Out Bag: A Nerd and His Family Running From a Hurricane

Derek Banks// I live in an area that was initially projected to be hit by Hurricane Florence. Four days prior to the storm making landfall the governor of my state […]

Read the entire post here

Author, Brian King, How-To, Informational, InfoSec 101 FAQ, general infosec, General Questions, getting started, mentor, new to infosec

How to Find an InfoSec Mentor

BB King // We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a […]

Read the entire post here

Author, Informational, Mike Felch, Red Team, Red Team Tools Active Directory, Azure, reconnaissance, Red Team

Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure

Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]

Read the entire post here

Author, Blue Team, John Strand, Podcasts Active Countermeasures, Attack Tactics, Podcasts

PODCAST: From Active Countermeasures – Attack Tactics 4

Join John Strand as he continues his Attack Tactic series this time with the defense ideas for the attacks mentioned in episode 3 (see more here) To see the entire […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Mike Felch, Phishing, Red Team 2FA, multi-factor, phishing, Red Team

Stealing 2FA Tokens on Red Teams with CredSniper

Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]

Read the entire post here

Author, Jordan Drysdale, Kent Ickler, Podcasts Active Directory, active directory best practices, AWS Active Directory setup, How to set up active directory

PODCAST: Active Directory Best Practices that Frustrate Pentesters

// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale, Kent Ickler, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jordan Drysdale, Jugular, Kent Ickler, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

Read the entire post here

Author, Ethan Robish, How-To Socket.io, WebSockets

How to Hack WebSockets and Socket.io

Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great […]

Read the entire post here

Author, CJ Cox, Informational, InfoSec 101, Podcasts Policy, Security Policy, Why Security Policy Matters

PODCAST: Security Policy: Fact Fiction or Implement the Marquis de Management

CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here