How to Start Your InfoSec Career

Posted on January 15th, 2016

Overview: This webcast is hosted by Andrew, Luke, and Zack and we discuss tips and tricks for starting your InfoSec career.  The goal of this webcast is to share our knowledge and experience to help students bridge the gap between college and career.

Use the X-Forwarded-For Header, Luke: Joomla RCE CVE-2015-8562

Posted on December 17th, 2015

Summary: A recent vulnerability in Joomla (CVE-2015-8562) has been patched after reports of exploitation occurring in the wild impacting all versions from 1.5.0 to 3.4.5.  A new version of Joomla (3.4.6) has been released in response, as well as hotfixes for backdated versions of the software (1.5.x and 2.5.x). Initial reports by Sucuri, of the […]


Next Level Reconnaissance with Shodan and Censys

Posted on December 2nd, 2015

During the initial phases of a penetration test, online resources such as Shodan can serve as a starting point to identifying the technology footprint of your target organization. A new resource has been released, known as, that collects data on internet facing websites and systems through daily ZMap and ZGrab scans of the IPv4 […]

Detecting and Understanding Emdivi HTTP C2

Posted on November 20th, 2015

Detecting sophisticated cyber threats is an inherently difficult task.  Understanding what systems and information may have been compromised can be even more difficult.  Recently, Shusei Tomonaga & Yuu Nakamura from the Japan Computer Emergency Response Team/Coordination Center (JPCERT/CC) gave a presentation that discussed in technical detail two cyber operations targeting Japan.  The presentation covers the […]


Hunter Mindset

Posted on October 16th, 2015

BreakPoint Labs puts a large focus on the “hunter” mindset when approaching offensive and defensive challenges in cybersecurity.  The “hunter” mindset is all about understanding the technology being targeted or defended and thinking beyond the limitations of automated tools to find what others have missed. Whether we are hunting for sophisticated threats, or emulating them […]


XSS Part 3: Exploitation

Posted on October 15th, 2015

In part 1 we introduced XSS, and part 2 we showed some TTPs for enumerating XSS, part 3 will be demonstrating how to take advantage of XSS.  XSS can lead to full control over an application or system because it provides the attacker the ability to run code in the victim’s browser. This code is […]