Testing TLS and Certificates

Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]

Read the entire post here

Author, David Fletcher, Finding encryption, Secure Sockets Layer, SSL, TLS, Transport Layer Security, Web

Finding: Server Supports Weak Transport Layer Security (SSL/TLS)

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team Juniper, SSL, SSL VPN concentrator, VPN

Juniper Two Factor VPN & Linux

David Fletcher // On a recent internal penetration test engagement, I was faced with using a Juniper VPN to access the target network. One small problem, Juniper does not formally […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team cool stuff, shell script, SSL, testssl.sh, TLS, tools

TestSSL.sh –Assessing SSL/TLS Configurations at Scale

David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation. I found […]

Read the entire post here