Testing TLS and Certificates
Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]
encryption
Finding: Server Supports Weak Transport Layer Security (SSL/TLS)
David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]
How to Crack Office Passwords with a Dictionary
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]
Two Button PWNage
Logan Lembke // Step One: Power. Step Two: Enter. Step Three: ???? Step Four: Profit. In the security industry, we love our encryption. However sometimes, the complexity introduced by encryption […]
How Does Let’s Encrypt Gain Your Browser’s Trust?
Ethan Robish // Let’s Encrypt is a free service that allows you to obtain a free (as in beer) SSL/TLS domain validation certificate to use as you wish. Here is what […]
5 Reasons for Mailvelope & Easy Instructions
Gail Menius // My husband set me up with GPG and Thunderbird and it was too hard. Ethan said it was cool. Lots of people gave it good reviews. It’s […]
Your Password Is… wait for it… NOT Always Encrypted
Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]