Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]

The post Impacket Defense Basics With an Azure Lab  appeared first on Black Hills Information Security, Inc..

In this BHIS webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to track with Word Web Bugs in ADHD and […]

The post BHIS Webcast: Tracking Attackers. Why Attribution Matters and How To Do It. appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The […]

The post WEBCAST: Stop Sucking at Wireless appeared first on Black Hills Information Security, Inc..

John Strand// In this webcast John talks about the new ACDC law and what it means exactly. There has been quite a bit of anger and great GIFs about hacking […]

The post WEBCAST: Proper Active Defense and the New ACDC Active Defense Law appeared first on Black Hills Information Security, Inc..

John Strand // I wanted to take a few moments and address the “Hacking Back” law that is working people up. There is a tremendously well-founded fear that this law […]

The post Debating the Active Defense Law.. Because Arguing is Fun appeared first on Black Hills Information Security, Inc..

Beau Bullock, Brian Fehrman, & Derek Banks // Pentesting organizations as your day-to-day job quickly reveals commonalities among environments. Although each test is a bit unique, there’s a typical path […]

The post WEBCAST: CredDefense Toolkit appeared first on Black Hills Information Security, Inc..

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping […]

The post End-Point Log Consolidation with Windows Event Forwarder appeared first on Black Hills Information Security, Inc..

Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated […]

The post The CredDefense Toolkit appeared first on Black Hills Information Security, Inc..

This is the in-studio version of our live in DC event from July. In this webcast, John covers how to set up Active Directory Active Defense (ADAD) using tools in […]

The post WEBCAST: Active Domain Active Defense (Active DAD) Primer with John Strand appeared first on Black Hills Information Security, Inc..

CJ Cox // We frequently get requests from customers asking us if we provide consultation defending their systems. The other day I got a question from a customer asking us […]

The post How to Build Super Secure Active Directory Infrastructure* appeared first on Black Hills Information Security, Inc..

Kent Ickler // How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence Fail2Ban is a system that monitors logs and triggers actions based on those logs. While actions can be […]

The post How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence appeared first on Black Hills Information Security, Inc..