InfoSec 301

Informational, InfoSec 301, Joff Thyer, Red Team devops, malwaredev

Initial Access Operations Part 2: Offensive DevOps

The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]

Read the entire post here

Informational, InfoSec 301, Joff Thyer, Red Team

Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]

Read the entire post here

Blue Team, Incident Response, Informational, InfoSec 301, Phishing, Red Team, Social Engineering, Steve Borosh Device Code, Microsoft

Dynamic Device Code Phishing

rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 301, Joff Thyer DNS Security, Joff Thyer

The DNS over HTTPS (DoH) Mess

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]

Read the entire post here

C2, External/Internal, General InfoSec Tips & Tricks, How-To, InfoSec 201, InfoSec 301, Red Team, Red Team Tools, Social Engineering C2, C2 Infrastructure, C2K, command and control, Digital Ocean

How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped

Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]

Read the entire post here

Author, How-To, InfoSec 301, Joff Thyer MASSCAN, Technical

Are You Really Hacking Naked?

Joff Thyer // I had an interesting experience recently that reminded me to always “trust but verify.” Let me set the stage for you. As a penetration tester, and IT […]

Read the entire post here

Author, David Fletcher, How-To, InfoSec 301 AP, Soft Access Point, software access point, Ubuntu, Ubuntu 16.04

How to Build a Soft Access Point in Ubuntu 16.04

David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04. Having the ability to create a software AP can be very […]

Read the entire post here

Author, Brian King, InfoSec 301 Bad Certificates, Certificate Transparency, Chrome, Google

Certificate Transparency Means What, Again?

Brian King // News from Google this week says that Chrome will start enforcing Certificate Transparency a year from now. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw This means that when Chrome contacts a website, if […]

Read the entire post here

Author, Brian King, How-To, InfoSec 301 Apple, AppleTV, experiments, Nmap, testing

AppleTV & nmap -sV

BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my […]

Read the entire post here

1 2