InfoSec 101

External/Internal, Informational, InfoSec 101, John Malone, Password Spray, Red Team

Hacking with Hydra

What is Hydra? Hydra is a tool that can be used for password spraying. Let’s begin by defining the term “password spray.” A password spray is where an attacker defines […]

Read the entire post here

External/Internal, Finding, General InfoSec Tips & Tricks, How-To, Melissa Bruno, Web App IDOR, Insecure Direct Object Reference

Revisiting Insecure Direct Object Reference (IDOR)

The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, LLMNR, Red Team

Bypass NTLM Message Integrity Check – Drop the MIC

In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]

Read the entire post here

Blue Team, General InfoSec Tips & Tricks, Incident Response, Informational, Patterson Cake OSINT

OSINT for Incident Response (Part 1)

Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, Jordan Drysdale Advice from a Help Desk Tech, Networking

The Simplest and Last Internet-Only ACL You’ll Ever Need 

tl;dr  Implement this ACL using whatever network gear, cloud ACL config, or uncomplicated firewall you use to protect your networks. Our IOT devices are on 10.99.99.0/24 for this example. Also, […]

Read the entire post here

Informational, InfoSec 101, Serena DiPenti internet protocol, IP, Networking

Unpacking the Packet: Demystifying the Internet Protocol

The internet is a product of a global group effort to build an interoperable network connecting billions of devices, regardless of country, region, or manufacturer. That effort yielded hundreds of […]

Read the entire post here

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team Active Directory, ADCS, exploit

Abusing Active Directory Certificate Services (Part 3)

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

Read the entire post here

Ethan Robish, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101 Personal Security

Rotating Your Passwords After a Password Manager Breach

| Ethan Robish It’s been nearly a year since Lastpass was breached and users’ encrypted vaults were stolen.  I had already migrated to a different password manager for all my […]

Read the entire post here

General InfoSec Tips & Tricks, Informational, Sean Verity

Opt for TOTP to Deal With MFA App Sprawl

| Sean Verity Do you have a bunch of MFA apps on your phone that leave you feeling like you can’t put your arms down? Or maybe all those MFA […]

Read the entire post here