CORS Lite
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]
Red Team
WEBCAST: Testing G Suites with MailSniper
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username […]
Hashcat 4.10 Cheat Sheet v 1.2018.1
Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]
WEBCAST: Attack Tactics Part 1
John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with […]
How to Configure SPFv1: Explained for the Masses
Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, […]
C2, C3, Whatever It Takes
Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called […]
How to Crack Office Passwords with a Dictionary
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]
WEBCAST: Web App Assessments for Non-Majors
BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]
Got Privs? Crack Those Hashes!
Joff Thyer // Black Hills Information Security loves performing both internal penetration tests, as well as command and control testing for our customers. Thanks to the efforts of many great […]