Posts

The Attack During a recent internal red team assessment for a client, I found myself in familiar territory—established inside their network through a Citrix instance, carefully proxying commands through a covert tunnel to avoid detection. What started as routine reconnaissance would lead me to discover an attack vector I’d never seen exploited in the wild: turning multifunction printers into phishing delivery systems. I jokingly called it “prishing”—printer phishing, a play on other phishing techniques like “quishing” (QR code phishing) and “vishing” (voice phishing). ...

Adapting to a Hybrid Workforce with 1E’s Tachyon Product Beginning in early 2021, there has been a trending increase in the number of people that are quitting their jobs due to what seems to be a direct result of the COVID-19 pandemic. This trend, primarily in the United States, has been termed the Great Resignation, with four million Americans resigning in April alone. For some, illness directly related to COVID-19 may be why we’re seeing this shift to resigning, and for others, it may be the desire to find a new job that fits the new lifestyle that they have been forced to adopt. Whatever the case, organizations must take note and learn with the changing times. 1E seems to be tuned to this new environment with their new Tachyon v8 “experience management” product. ...

Introduction Recently, I was working on a PowerShell scripts that I wanted to share with others on my team but did not want to commit it to our Git repository with the customizable variables declared in the code (Always best practice. Keep the sensitives out of repos!). Instead, I wanted to implement a way to have a config file where these configurable variables can be set and the main script would load them when launched. A quick “DuckDuckGo” search led to many others that have had the same goal but I didn’t find one that really worked like I had intended. Here are my steps that I used to accomplish what I had in mind. ...

Introduction Hey! Kyle here. I recently released a small update to one of the PowerShell modules I put together to interact with EmailRep’s API and thought I would share a little about what it is and why I built it. Github PowerShellGallery First of all, if you work in Information Security or IT in general, be sure to check out EmailRep.io. This is an excellent service built by a great group of people to provide enrichment data about an email address. Nearly all of our online interactions these days link back to an email address and it is important that we observe the “reputation” of email addresses that are used to interact with our systems. ...