How to Find an InfoSec Mentor
BB King // We got an email from a fan today asking how best to find a mentor in information security. Maybe you’re looking for a mentor too. It’s a […]
Informational
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
DOs and DON’Ts of Pentest Report Writing
Melisa Wachs// The first day of school has started for your school-age kiddos. What better time to run through some of our basic reporting guidelines with y’all? Here is a […]
What to Expect After a Pen Test
Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 […]
PODCAST: Security Policy: Fact Fiction or Implement the Marquis de Management
CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
CORS Lite
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]
Hashcat 4.10 Cheat Sheet v 1.2018.1
Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]
What I Wish I Would Have Known
Bre Schumacher// Many of you were probably asked as a young child what you wanted to be when you grew up. Maybe you had an idea of something that sounded […]
Finding: Weak Password Policy
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]