Why Implicit Deny?
Implicit Deny was started by a like-minded group of information security professionals from a variety of backgrounds. After months of swapping war stories, hacks, mitigations, workarounds, and best practices, they realized they were all asking the same question: Why does Information Security seem so difficult?
Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection
Often times a corporate internal network is heavily locked down. Workstations are restricted with limited internet access. These controls are often less strict on mobile devices (or sometimes not present), especially with BYOD being implemented more and more. While... read more
Hard Coded Credentials in Casino Software
Having been in this industry for a while, I've come to loathe vendors, especially those in highly vertical markets. In most of these markets, the hardware and software peddled by these vendors is rarely tested for security. Not only are there just not enough security... read more
Powerview Caught By Symantec Endpoint Protection
It has finally happened: @harmj0y's Powerview Powershell cmdlet was caught by Symantec Endpoint Protection (SEP) during a pentest this week. The cmdlet is SID 29038 in Symantec’s attack signature database. Scenario During testing I used the following one-liner to... read more