by

Trustwave’s Spiderlabs has built a wonderful tool commonly used by Pentesters and miscreants to take advantage of  and  abuse local area network protocols to implement man in the middle attacks. These attacks exploit weaknesses in Netbios broadcasts, LLMNR broadcasts, and Windows clients that seek to auto discover proxy server settings by searching for WPAD. The attack has been

by

This past weekend I gave a presentation at BSidesBoston titled pentesting for fun and profit. If you attended or would like a copy of my slides from this presentation please see the link below:   Pentesting for fun and profit – BSidesBOS – 2016 (PDF) Pentesting for fun and profit – BSidesBOS – 2016 (Powerpoint)

by

It may seem like a pen testers job is extremely difficult. That testers have the seemingly impossible job of having to know how to both secure and demonstrate exploitation and risk of every device, every service, and every application they run across. The truth is, however that a tester can be wildly successful and have

by

Want to stop ransomware? Don’t allow internet access from secure locations. Use a citrix session or terminal services session where internet access is required. How would this work? (User secure station) —> (TS Session) —> (DMZ Internet terminal server.) But I can’t afford a dedicated server! If you had to do this at a small

by

Thought of the day. We have threat intelligence, maps, reverse engineering, sandboxing, hardening. Yet still we have outbreaks of malware. Isn’t how we deal with viruses like Polio, and SARS similar enough to model a simple – platform of detection in informations think GFN for IT? Immediate detection, immediate responce. This seems to be the

by

I’m William Reyor, I’m a geek, motorcyclist, hackerspace co-founder, pentester, blueteamer, occasional speaker, and all around infosec nerd. I have an interest in finding interesting ways to use data to solve problems. Send me a note if you’d like to contribute to this site. You can find me on twitter, and linkedin