A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […]

The post Auditing GitLab: Public Gitlab Projects on Internal Networks appeared first on Black Hills Information Security, Inc..

BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]

The post When Infosec and Weed Collide: Handling Administrative Actions Safely appeared first on Black Hills Information Security, Inc..