Hunting Malware with Sysmon
Could your organization detect malware infections if your EDR/XDR tools disappeared tomorrow? The answer for most organizations is a hard, bold, and underlined “no.” Even with their precious EDR/XDR tools,…
Addressing Authentication in Active Directory
Did you know that if Active Directory were a person, it would be old enough to buy alcohol? While it isn’t quite old enough to rent a car, Active Directory…
Telling White Lies with Responder
A question that I receive often enough to include in this blog post is “What fascinates you so much about cybersecurity?” While I can never seem to come up with…
Get Your Logs on Lockdown with SIEM
Computers are complex machines and, unfortunately for us IT people, that will only get worse with time. Our human minds can’t begin to comprehend all the execution cycles happening as…
The Non-Technical Explanation of Cross-Site Scripting (XSS)
Let’s all reminisce back to the days of static web pages. Before there was a library of JavaScript for every day of the year, web development was much less complicated.…
Hash Cracking for the Flourishing Whitehat
Hashes are, to put it bluntly, the backbone of modern day password security. Whether you’re signing into your local Windows machine, remotely SSH-ing into your Ubuntu VPS, or just logging…
Making Sense of bCrypt
I hate to tell you, but hashing passwords is no longer enough. Hackers, like us, have discovered how to combat even the strongest of hashing algorithms. Hackers utilizing Rainbow Tables,…
Crunching the Numbers on Password Security
What makes a bad password? You might say anything under eight characters, only alphanumeric, or passwords based on a person’s interests is a bad password. While you would be correct…