by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

The post The Top Ten List of Why You Got Hacked This Year (2023/2024)  appeared first on Black Hills Information Security, Inc..

The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […]

The post Revisiting Insecure Direct Object Reference (IDOR) appeared first on Black Hills Information Security, Inc..

Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]

The post Hit the Ground Running with Prototype Pollution   appeared first on Black Hills Information Security, Inc..

Job hunting? Looking for a career change? Still in college and want to know how to get started now in your career? If you answered yes to any of these […]

The post Webcast: How to Hunt for Jobs like a Hacker appeared first on Black Hills Information Security, Inc..

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

The post Collecting and Crafting User Information from LinkedIn appeared first on Black Hills Information Security, Inc..

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to […]

The post BHIS PODCAST: Tracking attackers. Why attribution matters and how to do it. appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

The post Cisco Smart Installs and Why They’re Not “Informational” appeared first on Black Hills Information Security, Inc..

Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track.   The 3 […]

The post What to Expect After a Pen Test appeared first on Black Hills Information Security, Inc..

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports.  The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

The post Finding: Server Supports Weak Transport Layer Security (SSL/TLS) appeared first on Black Hills Information Security, Inc..

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

The post Finding: Weak Password Policy appeared first on Black Hills Information Security, Inc..