Mike Hodges

Consultant, Attack and Penetration

Mike Hodges is a consultant in Optiv’s advisory services practice on the attack and penetration team. Mike’s role is to provide network and application penetration testing to determine vulnerabilities and weaknesses in client networks and environments. He specializes in assessing the security of perimeter networks and identifying flaws in web applications.

 

Escape and Evasion Egressing Restricted Networks – Part 2

· By Mike Hodges, Jason Doelger, Curtis Fechner, Brian Payne ·

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This blog post revisits this type of evasive offensive cyber operations, which we first covered in a previous post. In this follow-up, we will discuss and demonstrate a nuance to domain fronting, which establishes command and control (C2) channels directly to inbox.google.com as well as other *.google.com applications, and the C2 channel is even encrypted with the legitimate Google SSL Certificate for that application. We'll further share some detection techniques that can be employed in an effort to identify this type of malicious traffic.

Continue reading

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 18

· By Mike Hodges ·

Manage the security lifecycle of all in-house developed and acquired software in order to prevent, detect and correct security weaknesses.

Continue reading
(2 Results)