In An SMB Relay Race β How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and [β¦]
The post Bypass NTLM Message Integrity Check β Drop the MIC appeared first on Black Hills Information Security, Inc..
Pentest reports sometimes include bad information under a heading like, βWeak TLS Configurationβ or βInsecure SSL Certificates.β This article will explain how TLS is supposed to work, common ways it [β¦]
The post Testing TLS and CertificatesΒ appeared first on Black Hills Information Security, Inc..
Daniel Pizarro // What is the PNPT?Β The Practical Network Penetration Tester (PNPT), created by TCM Security (TCMS), is a 5-day ethical hacking certification exam that assesses a pentesterβs ability [β¦]
The post PNPT: Certification Review appeared first on Black Hills Information Security, Inc..
On this webcast, weβll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can [β¦]
The post Webcast: Group Policies That Kill Kill Chains appeared first on Black Hills Information Security, Inc..
Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate [β¦]
The post Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail β eavesarp (Tool Overview) appeared first on Black Hills Information Security, Inc..
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics6ReturnofBlueTeam.pdf In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed [β¦]
The post Webcast: Attack Tactics 6! Return of the Blue Team appeared first on Black Hills Information Security, Inc..
Timecode links take you to YouTube: 4:11 β Infrastructure & Background8:28 β Overview & Breakdown of Attack Methodology and Plans11:35 β Start of Attack (Gaining Access), Password Spraying Toolkit15:24 β [β¦]
The post Webcast: Attack Tactics 5 β Zero to Hero Attack appeared first on Black Hills Information Security, Inc..
Jordan Drysdale// This is basically a slight update and rip off of Marcelloβs work out here: https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html /tl;dr β Zero to DA on an environment through an exposed Outlook Web [β¦]
The post An SMB Relay Race β How To Exploit LLMNR and SMB Message Signing for Fun and Profit appeared first on Black Hills Information Security, Inc..
Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHISβs webcastΒ recorded on August 7, 2018,Β Active Directory Best Practices to Frustrate Attackers, which you can view below. [β¦]
The post Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up appeared first on Black Hills Information Security, Inc..
Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and youβve probably heard Jordan, John, me, and all the others say it many many times. LLMNR [β¦]
The post How To Disable LLMNR & Why You Want To appeared first on Black Hills Information Security, Inc..
Login