Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]

The post Testing TLS and Certificates  appeared first on Black Hills Information Security, Inc..

Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG,  can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying […]

The post How I Cracked a 128-bit Password appeared first on Black Hills Information Security, Inc..

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports.  The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

The post Finding: Server Supports Weak Transport Layer Security (SSL/TLS) appeared first on Black Hills Information Security, Inc..

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption.  Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

The post How to Crack Office Passwords with a Dictionary appeared first on Black Hills Information Security, Inc..

Logan Lembke // Step One: Power. Step Two: Enter. Step Three: ???? Step Four: Profit. In the security industry, we love our encryption. However sometimes, the complexity introduced by encryption […]

The post Two Button PWNage appeared first on Black Hills Information Security, Inc..

Ethan Robish // Let’s Encrypt is a free service that allows you to obtain a free (as in beer) SSL/TLS domain validation certificate to use as you wish.  Here is what […]

The post How Does Let’s Encrypt Gain Your Browser’s Trust? appeared first on Black Hills Information Security, Inc..

Gail Menius // My husband set me up with GPG and Thunderbird and it was too hard. Ethan said it was cool. Lots of people gave it good reviews. It’s […]

The post 5 Reasons for Mailvelope & Easy Instructions appeared first on Black Hills Information Security, Inc..

Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special […]

The post Your Password Is… wait for it… NOT Always Encrypted appeared first on Black Hills Information Security, Inc..