Insufficient egress filtering is a commonly identified vulnerability found during BHIS penetration tests. The insufficient egress filtering finding indicates that network traffic leaving the organizationβs environment is not properly restricted.
The post Insufficient Egress Filtering: How Weak Outbound Controls Enable Attacks appeared first on Black Hills Information Security, Inc..
An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.
The post Signed, Trusted, and Abused: Proxy Execution via WebView2 appeared first on Black Hills Information Security, Inc..
This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.
The post Why You Got Hacked β 2025 Super Edition appeared first on Black Hills Information Security, Inc..
While DLL hijacking attacks can take on many different forms, this blog post will explore a specific type of attack called DLL proxying, providing insights into how it works, the potential risks it poses, and briefly the methodology for discovering these vulnerable DLLs, which led to the discovery of several zero-day vulnerable DLLs that Microsoft has acknowledged but opted to not fix at this time.
The post Proxying Your Way to Code Execution β A Different Take on DLL HijackingΒ appeared first on Black Hills Information Security, Inc..
Patterson Cake // In PART 1 of βWrangling the M365 UAL,β we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, [β¦]
The post Wrangling the M365 UAL with SOF-ELK on EC2 (Part 2 of 3) appeared first on Black Hills Information Security, Inc..
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve [β¦]
The post Sshβ¦ Donβt Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network appeared first on Black Hills Information Security, Inc..
Ean Meyer // This post is for attendees of Wild West Hackinβ Fest: Deadwood 2022 POGs? Yes, POGs! If you arenβt familiar with POGs, this game started decades ago, reaching [β¦]
The post POGS at Wild West Hackinβ Fest!Β appeared first on Black Hills Information Security, Inc..
Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red [β¦]
The post Rogue RDP β Revisiting Initial Access Methods appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found [β¦]
The post Securing the Cloud: A Story of Research, Discovery, and Disclosure appeared first on Black Hills Information Security, Inc..
Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a targetβs traffic [β¦]
The post Using CloudFront to Relay Cobalt Strike Traffic appeared first on Black Hills Information Security, Inc..
Timecode links take you to YouTube: 4:11 β Infrastructure & Background8:28 β Overview & Breakdown of Attack Methodology and Plans11:35 β Start of Attack (Gaining Access), Password Spraying Toolkit15:24 β [β¦]
The post Webcast: Attack Tactics 5 β Zero to Hero Attack appeared first on Black Hills Information Security, Inc..
Joff Thyer// In this webcast, we talk about the 2020 End of Life for Python2. We address what the short and medium term impacts will likely be. Key language differences [β¦]
The post BHIS Webcast: Py2k20 β Transitioning from Python2 to Python3 appeared first on Black Hills Information Security, Inc..
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?Β In this one-hour podcast, originally recorded as [β¦]
The post BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security, Inc..
Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential [β¦]
The post Getting PowerShell Empire Past Windows Defender appeared first on Black Hills Information Security, Inc..
Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell [β¦]
The post SSHazam: Hide Your C2 Inside of SSH appeared first on Black Hills Information Security, Inc..
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions.Β In this blog, I will be showing how to do C2 over ICMP. First, what [β¦]
The post How To: C2 Over ICMP appeared first on Black Hills Information Security, Inc..
Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The [β¦]
The post Command and Control with WebSockets WSC2 appeared first on Black Hills Information Security, Inc..
Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazonβs best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your [β¦]
The post Scout2 Usage: AWS Infrastructure Security Best Practices appeared first on Black Hills Information Security, Inc..
Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How [β¦]
The post PODCAST: Lee Kagan & Beau Bullock talk C2 appeared first on Black Hills Information Security, Inc..
Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. Β You might have heard it also called [β¦]
The post C2, C3, Whatever It Takes appeared first on Black Hills Information Security, Inc..
Login