What we built, Fusion AI, runs at about a third the cost of a traditional external pentest, a human tester still signs off on every finding, and it is not here to replace anybody.
We have been hearing that one a lot. So when Melisa from our Business Capture team sat down with Brian Fehrman and me for this episode of AI Security Ops, she started with, “What is this thing you built, and is it the same hype everyone else is selling?”

The post Everyone’s Selling AI That Kills Pentesting. We Built One That Doesn’t. appeared first on Black Hills Information Security, Inc..

ANTISOC uses a mix of techniques from traditional penetration tests like red teams, cloud, web applications, externals, internals, and, of course, social engineering. We combine this mix of techniques with a wide-open scope, with the goal of going beyond what a typical pentest can discover.

The post Bad Habits: An ANTISOC Operation appeared first on Black Hills Information Security, Inc..

This blog is for anyone who is interested in finding a good penetration testing company.

The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..

In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot appeared first on Black Hills Information Security, Inc..

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot appeared first on Black Hills Information Security, Inc..

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference appeared first on Black Hills Information Security, Inc..

This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]

The post Why Your Org Needs a Penetration Test Program appeared first on Black Hills Information Security, Inc..

In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.

The post 5 Things We Are Going to Continue to Ignore in 2025 appeared first on Black Hills Information Security, Inc..

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..

In this video, experts delve into the intricacies of desktop application penetration testing methodologies.

The post Intro to Desktop Application Testing Methodology appeared first on Black Hills Information Security, Inc..

In today’s world, security is more important than ever. As organizations increasingly rely on technology to drive business, digital threats are becoming more sophisticated, varied, and difficult to defend against. […]

The post What Is Penetration Testing? appeared first on Black Hills Information Security, Inc..

Tom Smith // At Black Hills Information Security (BHIS), we deal with all manner of clients, public and private. Until a month or two ago, though, we’d never dealt with […]

The post Why Do Car Dealers Need Cybersecurity Services?  appeared first on Black Hills Information Security, Inc..

Jeff Barbi // *Guest Post Background Unless you’re pentesting mobile apps consistently, it’s easy for your methodologies to fall out of date. Each new version of Android brings with it […]

The post Start to Finish: Configuring an Android Phone for Pentesting appeared first on Black Hills Information Security, Inc..

John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of […]

The post Webcast: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..

Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you don’t own […]

The post Performing a Physical Pentest? Bring This! appeared first on Black Hills Information Security, Inc..

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

The post Digging Deeper into Vulnerable Windows Services appeared first on Black Hills Information Security, Inc..

Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]

The post A Morning with Cobalt Strike & Symantec appeared first on Black Hills Information Security, Inc..

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

The post How to Build a C2 Infrastructure with Digital Ocean – Part 1 appeared first on Black Hills Information Security, Inc..

Carrie Roberts // EyeWitness is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create […]

The post Web Server Screenshots with a Single Command appeared first on Black Hills Information Security, Inc..