DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.

The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..

In this blog, I’m going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest.

The post Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite appeared first on Black Hills Information Security, Inc..

Dirsearch is an open-source multi-threaded “web path discovery” tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.

The post How to Use Dirsearch appeared first on Black Hills Information Security, Inc..

This webcast was originally published on September 26, 2024. In this video, Kevin Klingbile from Black Hills Information Security discusses the intricacies of Azure Cloud services and M365, focusing on […]

The post Reconnaissance: Azure Cloud w/ Kevin Klingbile appeared first on Black Hills Information Security, Inc..

This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […]

The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet  appeared first on Black Hills Information Security, Inc..

Recently, as part of our ANTISOC Continuous Penetration Testing (CPT) service, I had an opportunity to investigate how attackers can leverage Slack in cyber-attacks, similar to how we frequently use […]

The post Introducing SlackEnum: A User Enumeration Tool for Slack appeared first on Black Hills Information Security, Inc..

shenetworks // One day at work I received a case stating a client couldn’t connect to the management interface of a new server. I asked the client to change the […]

The post Shenetworks Recommends: Using Nmap Like a Pro  appeared first on Black Hills Information Security, Inc..

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

The post Gowitness, a Tester’s Time Saver appeared first on Black Hills Information Security, Inc..

Daniel Pizarro // What is the PNPT?  The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentester’s ability […]

The post PNPT: Certification Review appeared first on Black Hills Information Security, Inc..

Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]

The post SNMP… Strings Attached! appeared first on Black Hills Information Security, Inc..

Carrie Roberts // PowerShell incorporates the handy feature of writing commands executed to a file to make them easy to refer back to later. This functionality is provided by the […]

The post New PowerShell History Defense Evasion Technique appeared first on Black Hills Information Security, Inc..

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

The post Collecting and Crafting User Information from LinkedIn appeared first on Black Hills Information Security, Inc..

Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for […]

The post What’s Changed in Recon-ng 5.x appeared first on Black Hills Information Security, Inc..

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

The post Podcast: Weaponizing Corporate Intel. This Time, It’s Personal! appeared first on Black Hills Information Security, Inc..

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

The post Webcast: Weaponizing Corporate Intel. This Time, It’s Personal! appeared first on Black Hills Information Security, Inc..

Timecode links take you to YouTube: 4:11 – Infrastructure & Background8:28 – Overview & Breakdown of Attack Methodology and Plans11:35 – Start of Attack (Gaining Access), Password Spraying Toolkit15:24 – […]

The post Webcast: Attack Tactics 5 – Zero to Hero Attack appeared first on Black Hills Information Security, Inc..

Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A […]

The post I Spy with InSpy v3.0 appeared first on Black Hills Information Security, Inc..

Darin Roberts// Do you ever find yourself on an engagement and need just a few more names with which to conduct a password spray? Everyone knows the more emails you have, […]

The post I Spy with InSpy appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

The post WEBCAST: Wrangling Internal Network Vulnerabilities appeared first on Black Hills Information Security, Inc..