We share our expertise to make the world a safer place.
InfoSec moves at a rapid pace and sometimes it’s hard to keep up—that’s where we enter the chat.
Discover current cybersecurity insights
Get vital information straight from the experts, without all the noise.
PivotTables For InfoSec Dummies
Plenty of people know how to toss an IP address and port list into Excel for sorting and searching but don’t get a chance to take it to a deeper level. Excel…
Black Hat USA Training - Adversary Tactics and Threat Hunting
During our Black Hat training, you will learn hands-on attacks that directly correlate to industry relevant TTPs, while performing threat hunting exercises and…
Let's Clone a Cloner - Part 3: Putting It All Together
We have arrived at our final stage of metamorphosis, taking our pupa and morphing it into a hacking machine. Let's finish this journey. Geared Up Pupa In the…
Measuring Effectiveness for Business Resilience
Testing and assessing security effectiveness is a core component of business resilience. Learn why this type of testing can help ensure you're protecting your…
Why is this Finding on my Pentest Report?
Sometimes, one weak link is all it takes. In this blog, Joe Sullivan explains why even seemingly minor findings matter to help highlight best practices,…
Hiding in the Shadows: Covert Tunnels via QEMU Virtualization
Attackers are getting increasingly creative—not just with their payloads, but with how they deliver and operate them. In a recent Incident Response engagement,…
HIPAA, HITECH, and HITRUST - It’s HI Time to Make Sense of it All
Organizations in the health care sector and those that work with it often hear about HIPAA, HITECH, and HITRUST compliance but may not understand what they all…
Azure's Front Door WAF WTF: IP Restriction Bypass
The Azure Front Door Web Application Firewall (WAF) has an "IP restriction" option that can be bypassed with the inclusion of an HTTP header. What's worse?…
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
While digging into the internals of my new Lenovo ThinkPad P1 Gen7, I came across an unexpected discovery that quickly escalated from curiosity to a viable…
Security Noise - Episode 7.19
Hacker Culture: The Self Modifying Code
Abusing Chrome Remote Desktop on Red Team Operations: A Practical Guide
In this post, we’ll be exploring a practical technique for abusing Chrome Remote Desktop (also known as Google Remote Desktop) within a Red Team operation. I…
Dialing Into Deception: A Social Engineer's Playbook for Voice-Based Attacks
Join Targeted Operations Practice Lead Jason Lang and Senior Security Consultant David Boyd as they walk through different aspects of social engineering and…
Loading...
Get our best blogs, latest webinars, and podcasts sent to your inbox.
Our monthly newsletter makes it easy to stay up-to-date on the latest in security.
