Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24

In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pente… Continue reading Evading Network-Based Detection Mechanisms – Tradecraft Security Weekly #24

Google Event Injection – Tradecraft Security Weekly #20

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven’t been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events […]

The post Google Event Injection – Tradecraft Security Weekly #20 appeared first on Security Weekly.

Continue reading Google Event Injection – Tradecraft Security Weekly #20

Meterpreter with Categorized Domains & Trusted Certs – Tradecraft Security Weekly #4

It is common for organizations to proxy web traffic so they can place restrictions on what websites can be visited by employees. To make the management of allowing or denying access to a large number of sites easier many web proxies utilize categorizat… Continue reading Meterpreter with Categorized Domains & Trusted Certs – Tradecraft Security Weekly #4

Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3

Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Securit… Continue reading Attacking Exchange/OWA to Gain Access to AD Accounts – Tradecraft Security Weekly #3

Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

In episode 2 of Tradecraft Security Weekly Beau Bullock (@dafthack) discusses Windows privilege escalation techniques. There are many reasons why normal employees should not be local administrators of their own systems. Network administrators tend to l… Continue reading Windows Privilege Escalation Techniques (Local) – Tradecraft Security Weekly #2

Paul’s Security Weekly #496 – Tech Segment: Bypassing AV on Android, Beau Bullock

Beau Bullock shows us how to bypassing antivirus software using Android in this week’s tech segment! Full Show Notes Subscribe to YouTube Channel Security Weekly Website Follow us on Twitter: @securityweekly http://traffic.libsyn.com/pauldotcom,pswonly/Pauls_Security_Weekly__496_-_Tech_Segment_Bypassing_AV_on_Android_Beau_Bullock_converted.mp3 Continue reading Paul’s Security Weekly #496 – Tech Segment: Bypassing AV on Android, Beau Bullock

Hack Naked News #104 – December 28, 2016

Two critical vulnerabilities you will want to patch before 2017 and a free tool to keep ransomware off the new gadgets you received over the holidays. Full Show Notes Visit http://hacknaked.tv to get all the latest episodes! http://traffic.libsyn.com/p… Continue reading Hack Naked News #104 – December 28, 2016

Hack Naked News #104 – December 28, 2016

Two critical vulnerabilities you will want to patch before 2017 and a free tool to keep ransomware off the new gadgets you received over the holidays. Full Show Notes Visit http://hacknaked.tv to get all the latest episodes! http://traffic.libsyn.com/p… Continue reading Hack Naked News #104 – December 28, 2016

Outlook Web Access Two-Factor Authentication Bypass Exists

Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed. Continue reading Outlook Web Access Two-Factor Authentication Bypass Exists