This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your [β¦]
The post Why Your Org Needs a Penetration Test Program appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found [β¦]
The post Securing the Cloud: A Story of Research, Discovery, and Disclosure appeared first on Black Hills Information Security, Inc..
Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also [β¦]
The post Cisco Smart Install Escalation and Update! appeared first on Black Hills Information Security, Inc..
Joff Thyer// Many of you have probably already looked at Beau Bullockβs fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the [β¦]
The post Pentesting Dropbox on Steroids appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)β¦for hackersβ¦ not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty [β¦]
The post Cisco Smart Installs and Why Theyβre Not βInformationalβ appeared first on Black Hills Information Security, Inc..
Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the [β¦]
The post Embedding Meterpreter in Android APK appeared first on Black Hills Information Security, Inc..
Dakota Nelson // Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm. See his slides here:Β https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/ Extra links & [β¦]
The post PODCAST: What Is a Red Team, Anyway? appeared first on Black Hills Information Security, Inc..
Scott Worden* // So you and your company had a pen testβ¦now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. Β The 3 [β¦]
The post What to Expect After a Pen Test appeared first on Black Hills Information Security, Inc..
Dakota Nelson// For a lot of our customers, their first introduction to pentesting is a vulnerability scan from BHIS. This is after talking to the testers, of course, and setting [β¦]
The post What to Expect from a Vulnerability Scan appeared first on Black Hills Information Security, Inc..
Rick Wisser// Here at BHIS we are always on the lookout for new toys. Especially if we can use them during a pentest. As a pentester, we all have a [β¦]
The post New Toy Alert: A Quick Review of Keysy appeared first on Black Hills Information Security, Inc..
David Fletcher// There are a number of items that I watch on eBay. Included in that group are long-range proximity card readers. As it turns out, I was recently able [β¦]
The post Gathering Proximity Card Credentials: The Wiegotcha appeared first on Black Hills Information Security, Inc..
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you donβt own [β¦]
The post Performing a Physical Pentest? Bring This! appeared first on Black Hills Information Security, Inc..
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From [β¦]
The post A Morning with Cobalt Strike & Symantec appeared first on Black Hills Information Security, Inc..
Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then [β¦]
The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..
This is a cross-posted blog post written by A. Miller, from SWAMP βΒ the Software Assurance Marketplace. Β BHIS recently did an engagement with them and you can read about the entire [β¦]
The post Cross-Post: MIR-SWAMP PEN TESTING WITH BLACK HILLS appeared first on Black Hills Information Security, Inc..
Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if [β¦]
The post How to Bypass Two-Factor Authentication β One Step at a Time appeared first on Black Hills Information Security, Inc..
Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it [β¦]
The post Book Review: βRed Team β How to Succeed by Thinking Like the Enemyβ appeared first on Black Hills Information Security, Inc..
Carrie Roberts &Β Chevy Swanson // How do we make sure people open up our malicious files and execute them? We simply let Microsoft work for years and years to gain [β¦]
The post Phishing with PowerPoint appeared first on Black Hills Information Security, Inc..
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, [β¦]
The post Internal Pivot, Network Enumeration, & Lateral Movement appeared first on Black Hills Information Security, Inc..
Login