Timecode links take you to YouTube: 4:11 β Infrastructure & Background8:28 β Overview & Breakdown of Attack Methodology and Plans11:35 β Start of Attack (Gaining Access), Password Spraying Toolkit15:24 β [β¦]
The post Webcast: Attack Tactics 5 β Zero to Hero Attack appeared first on Black Hills Information Security, Inc..
John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, βWhy do these endpoint security bypass techniques still work? Why?β The goal of [β¦]
The post Webcast: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..
John StrandΒ talks about how BHIS pen tests companies who use the cloud. Want to know how you can defend against attacks in your cloud infrastructure? Keep your eyes peeled for [β¦]
The post PODCAST: Attack Tactics Part 3: No Active Directory? No Problem! appeared first on Black Hills Information Security, Inc..
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you donβt own [β¦]
The post Performing a Physical Pentest? Bring This! appeared first on Black Hills Information Security, Inc..
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From [β¦]
The post A Morning with Cobalt Strike & Symantec appeared first on Black Hills Information Security, Inc..
Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then [β¦]
The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..
CJ Cox// Are you about to have your first pen test? It can be a little overwhelming as a lot of people are sure theyβre going to be destroyed in [β¦]
The post WEBCAST: Preparing Yourself & Your Company for a First Pen-test appeared first on Black Hills Information Security, Inc..
Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain [β¦]
The post How to Build a C2 Infrastructure with Digital Ocean β Part 1 appeared first on Black Hills Information Security, Inc..
Beau Bullock // Overview Microsoft Exchange users have the power to grant other users various levels of access to their mailbox folders. For example, a user can grant other users [β¦]
The post Abusing Exchange Mailbox Permissions with MailSniper appeared first on Black Hills Information Security, Inc..
John Strand // In this webcast, we walk through different tools to establish and test your Command and Control (C2) detection capabilities. Why does this matter? Almost all organizations we [β¦]
The post WEBCAST: Two Covert C2 Channels appeared first on Black Hills Information Security, Inc..
Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I [β¦]
The post OS Command Injection; The Pain, The Gain appeared first on Black Hills Information Security, Inc..
Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if [β¦]
The post How to Bypass Two-Factor Authentication β One Step at a Time appeared first on Black Hills Information Security, Inc..
Sally VandevenΒ & the BHIS TeamΒ // I was recently on an assessment where IΒ was able to grab all the password hashes from the domain controller. When I extracted the hashes and [β¦]
The post Go Ahead, Make Our Day appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Sally and I recently ventured to an on-site wireless engagement with a veryΒ security-matureΒ customer. Long story short, the level of protection that WPA2 Enterprise with certificate validation provides [β¦]
The post The Wi-Fi Travel Kits appeared first on Black Hills Information Security, Inc..
Sierra Ward*Β // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. Β I show up occasionally in webcasts, lurking again in the shadows, [β¦]
The post A Marketerβs Lessons in Con Artistry for Good & Learning appeared first on Black Hills Information Security, Inc..
David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration [β¦]
The post How to Take Advantage of Weak NTFS Permissions appeared first on Black Hills Information Security, Inc..
Carrie Roberts //Β Update 10/03/16:Β Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, youβve gained access [β¦]
The post Downloading an Address Book from an Outlook Web App (OWA) Portal appeared first on Black Hills Information Security, Inc..
Beau Bullock // TL;DR I compared three single-board computers (SBC) against each other with a specific goal of finding which one would serve best as a βpenetration testing dropboxβ, and [β¦]
The post How to Build Your Own Penetration Testing Drop Box appeared first on Black Hills Information Security, Inc..
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it [β¦]
The post Book Review: βRed Team β How to Succeed by Thinking Like the Enemyβ appeared first on Black Hills Information Security, Inc..
Heather Doerges // Of all the services we offer at BHIS, Social Engineering is the most interesting to me. Itβs something (and quite possibly the only thing) I completely understand [β¦]
The post The Easiest Con β Hacking the Human & 9 Tips to Avoid Social Engineering appeared first on Black Hills Information Security, Inc..
Login