We share our expertise to make the world a safer place.
InfoSec moves at a rapid pace and sometimes it’s hard to keep up—that’s where we enter the chat.
Discover current cybersecurity insights
Get vital information straight from the experts, without all the noise.
Helpful Hints for Writing (and Editing) Cybersecurity Reports
When it comes to reading (and editing) (and proofreading) technical documents, it's important to remember that the details are key, and can make all the…
Purple Team Defense Strategies
Join Senior Security Consultant Sarah Norris and Security Consultant Zach Bevilacqua for a deep dive into how to create action items for a robust defense…
CMMC Subcontractors and Service Providers
Defense contractors are preparing their systems for the start of the upcoming CMMC rollout but what they may not have considered is how their relationship with…
Security Noise - Footprint Discovery for Red Teamers
On this episode of Security Noise, our team discusses footprinting and reconnaissance techniques for red teamers, including identifying a target's online…
Hack-cessibility: When DLL Hijacks Meet Windows Helpers
In preparation for a talk, Jason Lang (@curi0usJack) and I were doing at MCTTP about mining TTPs from VX-underground, we both ended up doing research based on…
InfoSec World Workshop - Adversary Tactics and Threat Hunting
This immersive workshop will train you to simulate attacks, hunt threats, and build detections using manual, automated, and AI-driven methods across network…
Security Noise - CON Men: Wild West Hackin' Fest + GrrCON
On this episode of Security Noise, we are discussing two of our favorite cybersecurity conferences Wild West Hackin' Fest and GrrCON! Our team presented at…
Detecting Password-Spraying in Entra ID Using a Honeypot Account
Password-spraying is a popular technique which involves guessing passwords to gain control of accounts. This automated password-guessing is performed against…
There's More than One Way to Trigger a Windows Service
Service triggers can be a pentester’s secret weapon, letting low-priv users quietly fire up powerful services like Remote Registry and EFS. Learn how they can…
Incident Response: Lessons From the Front Lines
IR Practice Lead Carlos Perez will draw from recent, anonymized investigations to expose the most devastating failure patterns our Incident Response team has…
Skimming Credentials with Azure's Front Door WAF
Your Web Application Firewall (WAF) sees EVERYTHING. In this blog, we demonstrate how an attacker with access to Azure Front Door’s WAF and Log Analytics can…
PCI P2PE vs. E2EE – Scoping it Out
If your payment processor says they use “End-to-End Encryption” your PCI DSS compliance scope may be bigger than you expect. In this blog, we break down how…
Loading...
Get our best blogs, latest webinars, and podcasts sent to your inbox.
Our monthly newsletter makes it easy to stay up-to-date on the latest in security.
