Preview Mode Links will not work in preview mode

Tradecraft Security Weekly (Audio)

Jan 12, 2018

It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau...


Dec 1, 2017

In this episode of Tradecraft Security Weekly, Mike Felch discusses with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass many common security controls so add it to your red...


Nov 3, 2017

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and...


Jul 26, 2017

On penetration tests we are often-times faced with very large external or internal attack surfaces that are made up of multiple web applications. When there is a need to assess thousands of webapps quickly manually navigating each page with a browser would be very inefficient. In this episode of Tradecraft Security...


Jun 21, 2017

After exploiting a system on a remote & unfamiliar network it is extremely important to gain situational awareness as quickly, and quietly as possible. This will help ensure success moving forward with other attacks. In this episode of Tradecraft Security Weekly Beau Bullock (@dafthack) will show how to use PowerShell...