Marcello Salvati// During Red Team and penetration tests, itβs always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that [β¦]
The post Having Fun with ActiveX Controls in Microsoft Word appeared first on Black Hills Information Security, Inc..
Derrick Rauch and Kent Ickler // (Updated 3/22/2019) First, to see what our build looks like, look here:Β https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ Whatβs next?Β Time for System Rebuild! First, you need to decide whether you [β¦]
The post Running HashCat on Ubuntu 18.04 Server with 1080TI appeared first on Black Hills Information Security, Inc..
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A [β¦]
The post Finding: Weak Password Policy appeared first on Black Hills Information Security, Inc..
Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then [β¦]
The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..
Carrie Roberts*Β // (Updated, 2/11/2019) Trying to figure out the password for a password protected MS Office document? This free solution might do the trick. It attempts to guess the password [β¦]
The post How to Crack Passwords for Password Protected MS Office Documents appeared first on Black Hills Information Security, Inc..
Kent Ickler // The Task Buy The Things: Total for new password cracking machine$5110 A Few Quick Lessons The CPU cooler doesnβt actually clear the case cover. This was OK [β¦]
The post How to Build a Password Cracker with NVidia GTX 1080TI & GTX 1070 appeared first on Black Hills Information Security, Inc..
Carrie Roberts // Β Β Β A malicious macro in a Microsoft Word or Excel document is an effective hacking technique. These documents could be delivered in a variety of [β¦]
The post How to Get Malicious Macros Past Email Filters appeared first on Black Hills Information Security, Inc..
Brian FehrmanΒ // As described in my last blog post,Β Powershell Without Powershell β How To Bypass Application Whitelisting, Environment Restrictions & AVΒ (sheeeshβ¦itβs been a bit!), we are seeing more environments in [β¦]
The post Power Posing with PowerOPS appeared first on Black Hills Information Security, Inc..
Ethan Robish // In my last twoΒ postsΒ I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). Β But donβt let all that effort go [β¦]
The post Bugging Microsoft Files: Part 3 β Clearing Metadata appeared first on Black Hills Information Security, Inc..
Ethan Robish // If youβre familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. [β¦]
The post Bugging Microsoft Files: Part 1 β Docx Files using Microsoft Word appeared first on Black Hills Information Security, Inc..
Brian Fehrman // In our experience, we see many Windows environments in which the local Administrator password is the same for many machines. We refer to this as Wide-Spread Local [β¦]
The post Wide-Spread Local Admin Testing appeared first on Black Hills Information Security, Inc..
Brian King // Thereβs a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or [β¦]
The post Check\ Your\ Tools appeared first on Black Hills Information Security, Inc..
Login