InfoSec 101

InfoSec 101, Intern, Password Cracking, Red Team, Red Team Tools, Wireless

WifiForge – WiFi Exploitation for the Classroom

by William Oldert // BHIS Intern BHIS had a problem.   We needed an environment for students to learn WiFi hacking safely. Our original solution used interconnected physical network gear […]

Read the entire post here

General InfoSec Tips & Tricks, Guest Author, How-To, Informational, InfoSec 101 home lab, InfoSec Survival Guide, virtual machines

Build a Home Lab: Equipment, Tools, and Tips

by Martin Pearson || Guest Author This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical […]

Read the entire post here

External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201 audit, GitLab, gitleaks, leaks, secrets

Auditing GitLab: Public Gitlab Projects on Internal Networks

A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […]

Read the entire post here

Carrie Roberts, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101 Getting Started In InfoSec, training

From High School to Cyber Ninja—For Free (Almost)!

| Carrie Roberts // Guest Author Carrie Roberts is an Antisyphon instructor and experienced cyber security professional who has mentored many on their journey into cyber. My name is Carrie […]

Read the entire post here

Debjeet Banerjee, General InfoSec Tips & Tricks, Informational, InfoSec 201, Red Team, Red Team Tools

DLL Jmping: Old Hollow Trampolines in Windows DLL Land

DLL hollowing is an age-old technique used by malware authors to have a memory-backed shellcode. However, defensive mechanisms like CFG and XFG have made it incredibly difficult to implement such […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Red Team

Abusing Active Directory Certificate Services (Part 4)

Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will […]

Read the entire post here

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational

Deploy an Active Directory Lab Within Minutes

Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […]

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale, Wireless How to, wifiphisher, wireless testing, wireless tools

How to Install and Perform Wi-Fi Attacks with Wifiphisher 

tl;dr: Install Wifiphisher on Kali and run a basic attack.  This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).   Two […]

Read the entire post here

General InfoSec Tips & Tricks, Incident Response, Informational, Terry Reece externally exploitable services

In Through the Front Door – Protecting Your Perimeter  

While social engineering attacks such as phishing are a great way to gain a foothold in a target environment, direct attacks against externally exploitable services are continuing to make headlines. […]

Read the entire post here