General InfoSec Tips & Tricks

Blue Team, DFIR, General InfoSec Tips & Tricks, Hal Denton, How-To, Informational Digital Forensics and Incident Response, Master Boot Record

Who’s Bootin’? Dissecting the Master Boot Record

Hal Denton // Have you ever been given an encrypted hard drive to perform forensic analysis on? What could go wrong? Probably the first thought rolling through your mind is […]

Read the entire post here

Daniel Pizarro, External/Internal, General InfoSec Tips & Tricks, Informational, LLMNR, Password Cracking, Password Spray, Recon, Red Team, Red Team Tools, Web App Cybersecurity Certification, PNPT

PNPT: Certification Review

Daniel Pizarro // What is the PNPT?  The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]

Read the entire post here

General InfoSec Tips & Tricks, Informational, Joff Thyer, Red Team, Web App

Forward into 2023: Browser and O/S Security Features 

Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]

Read the entire post here

Blue Team, Carrie Roberts, General InfoSec Tips & Tricks, Informational, InfoSec 101, Recon, Red Team

New PowerShell History Defense Evasion Technique

Carrie Roberts // PowerShell incorporates the handy feature of writing commands executed to a file to make them easy to refer back to later. This functionality is provided by the […]

Read the entire post here

Blue Team, General InfoSec Tips & Tricks, Informational, InfoSec 101, Red Team Carrie Roberts, PowerShell

Constrained Language Mode Bypass When __PSLockDownPolicy Is Used

Carrie Roberts // PowerShell’s Constrained Language (CLM) mode limits the functionality available to users to reduce the attack surface. It is meant to be used in conjunction with application control […]

Read the entire post here

Author, Blue Team, Blue Team Tools, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale Azure, defense, Detection, doazlab.com, Impacket, Jordan Drysdale

Impacket Defense Basics With an Azure Lab 

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]

Read the entire post here

Author, External/Internal, General InfoSec Tips & Tricks, Melissa Bruno, Web App

For Web Content Discovery, Who You Gonna Call? Gobuster!

Melissa Bruno // One of the best early steps to take when testing a network, especially a large one, is to run the tool EyeWitness to gain a quick understanding […]

Read the entire post here

Author, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Jordan Drysdale, Red Team Tools Jordan Drysdale

Impacket Offense Basics With an Azure Lab

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, Red Team, Steve Borosh Microsoft 365, Spoofing, Steve Borosh

Spoofing Microsoft 365 Like It’s 1995

Steve Borosh // Why Phishing? Those of us on the offensive side of security often find ourselves in the position to test our clients’ resilience to phishing attacks. According to […]

Read the entire post here