POPULARITY
5 episodes with beau bullock
12 episodes with beau bullock
5 episodes with beau bullock
8 episodes with beau bullock
4 episodes with beau bullock
2 episodes with beau bullock
4 episodes with beau bullock
This week we get inside the head of red teamers by talking with Marcus and the guys about the latest edition of his book series, Tribe of Hackers - Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity. Beau and Phil get into the action as well, by sharing their unique perspectives as contributing co-authors to the book. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325 Phil's Pwn School Project: https://pwnschool.com/about-pwn-school/ Follow Them on Twitter: Marcus - @marcusjcarey Phil - @PhillipWylie Beau - @dafthack Threatcare: https://threatcare.com --- Send in a voice message: https://anchor.fm/cyberspeakslive/message
Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […] The post Podcast: Weaponizing Corporate Intel. This Time, It's Personal! appeared first on Black Hills Information Security.
Evilginx2 is a man-in-the-middle framework that can be utilized to intercept credentials including two-factor methods victims utilize when logging in to a web application. Instead of just duplicating the target web application it proxies traffic to it making the experience seamless to the victim. In this episode Ralph May (@ralphte1) joins Beau Bullock to demo Evilginx2. LINKS: https://github.com/kgretzky/evilginx2 https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/
This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week's episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. For Show Links: https://wiki.securityweekly.com/TS_Episode28
This is the Hacker Summer Camp 2018 edition of Tradecraft Security Weekly. In this week's episode Beau Bullock (@dafthack) talks about some of the more interesting items he saw come out of the Black Hat and DEF CON conferences this year. For Show Links: https://wiki.securityweekly.com/TS_Episode28
Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How […] The post PODCAST: Lee Kagan & Beau Bullock talk C2 appeared first on Black Hills Information Security.
Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bullock (@dafthack) demonstrate a tool that Mike wrote called CredSniper that assists in cloning portals for harvesting two-factor tokens. Links: https://github.com/ustayready/CredSniper
Organizations are implementing two-factor on more and more web services. The traditional methods for phishing credentials is no longer good enough to gain access to user accounts if 2FA is setup. In this episode Mike Felch (@ustayready) and Beau Bullock (@dafthack) demonstrate a tool that Mike wrote called CredSniper that assists in cloning portals for harvesting two-factor tokens. Links: https://github.com/ustayready/CredSniper
In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pentesting tools like Nmap when no evasion options are used. Additionally, companies are doing a better job at detecting and blocking IP addresses performing password attacks. Proxycannon is a tool that allows pentesters to spin up multiple servers to proxy attempts through to bypass some of these detection mechanisms. Links: Nmap Evasion Options - https://nmap.org/book/man-bypass-firewalls-ids.html ProxyCannon - https://www.shellntel.com/blog/2016/1/14/update-to-proxycannon
In this episode of Tradecraft Security Weekly hosts Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss methods for evading network-based detection mechanisms. Many commercial IDS/IPS devices do a pretty decent job of detecting standard pentesting tools like Nmap when no evasion options are used. Additionally, companies are doing a better job at detecting and blocking IP addresses performing password attacks. Proxycannon is a tool that allows pentesters to spin up multiple servers to proxy attempts through to bypass some of these detection mechanisms. Links: Nmap Evasion Options - https://nmap.org/book/man-bypass-firewalls-ids.html ProxyCannon - https://www.shellntel.com/blog/2016/1/14/update-to-proxycannon
It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau Bullock (@dafthack) & Mike Felch (@ustayready) demonstrate how to exploit a XSS vulnerability to access HTML5 local storage to steal a cookie. (Sorry the camera video feed froze at 9 minutes)
It is fairly common for pentesters to discover Cross-Site Scripting (XSS) vulnerabilities on web application assessments. Exploiting these issues potentially allow access to a user's session tokens enabling attackers to navigate a site as the victim in the context of the web application. In this episode the hosts Beau Bullock (@dafthack) & Mike Felch (@ustayready) demonstrate how to exploit a XSS vulnerability to access HTML5 local storage to steal a cookie. (Sorry the camera video feed froze at 9 minutes)
In this episode of Tradecraft Security Weekly, Mike Felch discusses with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass many common security controls so add it to your red team toolboxes. Mike Felch (@ustayready) Beau Bullock (@dafthack) LINKS: SensePost Blog - https://www.dropbox.com/s/hmna48mc6qodlrw/TSW%20Episode%2021.mp4?dl=0
In this episode of Tradecraft Security Weekly, Mike Felch discusses with Beau Bullock about the possibilities of using framesets in MS Office documents to send Windows password hashes remotely across the Internet. This technique has the ability to bypass many common security controls so add it to your red team toolboxes. LINKS: SensePost Blog - https://www.dropbox.com/s/hmna48mc6qodlrw/TSW%20Episode%2021.mp4?dl=0
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place. Links: Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place. Links: Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
When pentesting web services or an application that leverage XML files, XML External Entity (XXE) attacks are a great way to start. By injecting an XXE into a well crafted XML payload before it's sent to the server, a penetration tester can trick the parser into executing other actions that the developer never intended. This can lead to reading local files, server-side request forgeries (SSRF) or even gaining remote code execution (RCE). To help penetration testers, Beau Bullock (@dafthack) and Mike Felch (@ustayready) cover a few different methods to attack XML parsers in episode 19 of Tradecraft Security Weekly. Links: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
If you are a penetration tester password cracking is something you will inevitably do. On most engagements we typically don't have months on end to crack passwords. In an effort to help be more efficient in your cracking techniques Beau Bullock (@dafthack) describes various ways to streamline your approach to cracking in episode 17 of Tradecraft Security Weekly. LINKS: Beau's blog post on password cracking - http://www.dafthack.com/blog/howtocrackpasswordhashesefficiently Hashcat Hash Examples - https://hashcat.net/wiki/doku.php?id=example_hashes
If you are a penetration tester password cracking is something you will inevitably do. On most engagements we typically don't have months on end to crack passwords. In an effort to help be more efficient in your cracking techniques Beau Bullock (@dafthack) describes various ways to streamline your approach to cracking in episode 17 of Tradecraft Security Weekly. LINKS: Beau's blog post on password cracking - http://www.dafthack.com/blog/howtocrackpasswordhashesefficiently Hashcat Hash Examples - https://hashcat.net/wiki/doku.php?id=example_hashes
There are a ton of modules in Metasploit that are extremely useful for performing various attacks post-exploitation. But sometimes there are external tools that you might want to use that are not included in Metasploit. It's possible to proxy other external tools through a Meterpreter session using a module in Metasploit and proxychains. In this episode Derek Banks (@0xderuke) and Beau Bullock (@dafthack) talk about how to pivot external tools through Meterpreter sessions and demo how to dump Kerberos tickets using this method. LINKS: BHIS Toast to Kerberoast Blog - https://www.blackhillsinfosec.com/a-toast-to-kerberoast/
Session management in web applications is extremely important in regards to securing user credentials and integrity within the application. Sometimes session tokens can be predicted provided the overall randomness is weak. If this is possible a remote attacker may be able to compromise the session of an authenticated user. In this episode of Tradecraft Security Weekly both Beau Bullock (@dafthack) and Mike Felch (@ustayready) discuss the issues associated with creating session tokens with weak entropy.
Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Security Weekly episode Beau Bullock (@dafthack) demonstrates how to utilize MailSniper to enumerate internal domains, enumerate usernames, perform password spraying attacks, and get the global address list from Exchange and Office365 portals. Links: MailSniper - https://github.com/dafthack/MailSniper
Microsoft Exchange and Office365 are extremely popular products that organizations use for enterprise email. These services can be exploited by remote attackers to potentially gain access to Active Directory user credentials. In this Tradecraft Security Weekly episode Beau Bullock (@dafthack) demonstrates how to utilize MailSniper to enumerate internal domains, enumerate usernames, perform password spraying attacks, and get the global address list from Exchange and Office365 portals. Links: MailSniper - https://github.com/dafthack/MailSniper
Beau Bullock shows us how to bypassing antivirus software using Android in this week’s tech segment! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode496#Technical_Segment:_Bypassing_AV_on_Android_with_Beau_Bullock_-_7:00PM-7:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Lesley Carhart of Motorola Solutions joins us, Beau Bullock delivers a tech segment on bypassing antivirus programs using Android, and we discuss the security news for this week. Stay tuned!
Beau Bullock shows us how to bypassing antivirus software using Android in this week’s tech segment! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode496#Technical_Segment:_Bypassing_AV_on_Android_with_Beau_Bullock_-_7:00PM-7:30PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Lesley Carhart of Motorola Solutions joins us, Beau Bullock delivers a tech segment on bypassing antivirus programs using Android, and we discuss the security news for this week. Stay tuned!
This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.
This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.
This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.
This week on Hack Naked TV, Beau Bullock talks about OpenSSHd Username Enum vulnerability, Attack of the Printers, there’s no Hacking in Baseball, and Ubuntu forum breached.
This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV! Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16
This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV! Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16
This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV! Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16
This week on Hack Naked TV, Beau Bullock talks about Bad Tunnel, GoToMyPC, and how Ransomware is all Javascript. Watch for full stories, here on Hack Naked TV! Beau teaching SANS SEC504 in Marina del Rey, CA August 15, 2016: http://tinyurl.com/beau-sec504-aug16
Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.
Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.
Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.
Need the Security News for Week? Here's an in-depth update with Beau Bullock about Critical 7-zip Vulns, Symantec BSOD, Facebook CTF Platform, and EmPyre.
This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.
This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.
This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.
This week, Beau Bullock discusses in depth about Badlock, WordPress Encryption, WhatsApp End to End Encryption, and AllPorts.Exposed. Stay tuned for more stories from Beau, here on Hack Naked TV.
© 2020-2025 Ivy Podcast Discovery LLC
