An introduction to DNS

An overview of what DNS is, how it works, and the purposes of the various DNS resource record types

May 14, 2021 Information Security

A credential harvesting login page loaded in Microsoft Edge

How to examine a credential harvesting page using Microsoft Edge

A practical guide to using Microsoft Edge to examine heavily obfuscated JavaScript in a credential harvesting page

May 10, 2021 Information Security, Guides

How to configure a nginx reverse proxy with Let's Encrypt certificates

Let's Encrypt allows nginx reverse proxy servers to have a real, trusted SSL certificate, even for internal sites.

Feb 26, 2021 Guides

How the Parler data was legally acquired by activists

The Parler data dumps you've heard about were obtained legally by taking advantage of Parler's shoddy architecture. Here's how they did it.

Jan 13, 2021 Information Security

A sign reading "POLLING PLACE" in English and Spanish, with a handicapped symbol

Ohio's absentee ballot system disenfranchises disabled voters. Let's fix that before November.

Ohio is disenfranchising many disabled voters by requiring the same voter ID information multiple times. Oregon-style mail-in voting is better for everyone.

Apr 30, 2020 Politics

How to forward a forensic copy of an email as an attachment

Step-by-step instructions on how to many popular mail and webmail clients to properly forward emails as attachments with forensic headers intact

Aug 27, 2019 Guides, Information Security

How to view email headers

Step by step instructions for viewing email message headers using popular mail clients and webmail services, including Outlook, Gmail, and more.

Aug 27, 2019 Information Security, Guides

A redacted screenshot of the Proofpoint Email Fraud Defense dashboard

Proofpoint is requiring their customers to pay for Email Fraud Defense to get aggregate DMARC data from their gateways

In order to get aggregate DMARC data on mail flowing through their own gateways, Proofpoint customers must purchase Proofpoint Email Fraud Defense

Jun 4, 2019 Information Security, Reviews

A screenshot of a VirusTotal results page showing a detection rate of 10/58 for a Emotet dropper document

Emotet malspam campaign exploits reliance on magic for file type detection

Emotet is a trojan designed to steal banking information. It is frequently spread by sending phishing emails to governments, banks, healthcare organizations, and schools. The phishing emails will o...

Jan 25, 2019 Information Security, Reverse Engineering Malware

How to inspect the certificate of a mail server over a CLI

A tiny guide to using the openssl CLI tool to inspect and/or save the SSL.TLS certificates used by mail servers

Nov 29, 2018 Guides