Preview Mode Links will not work in preview mode

Tradecraft Security Weekly (Audio)

Nov 3, 2017

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and...


Sep 8, 2017

Domain fronting is a technique used to mask command and control (C2) traffic. It is possible for C2 channels to be proxied through CDN's like Cloudfront to make it appear like normal Internet traffic. It is very difficult to detect and block for defenders as it appears as if clients on a network are connecting to valid...


Sep 1, 2017

If you are a penetration tester password cracking is something you will inevitably do. On most engagements we typically don't have months on end to crack passwords. In an effort to help be more efficient in your cracking techniques Beau Bullock (@dafthack) describes various ways to streamline your approach to cracking...


Jul 26, 2017

On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a browser would be very inefficient. In this episode of Tradecraft Security...


Jun 21, 2017

After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) will show how to use PowerShell...