Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found […]

The post Securing the Cloud: A Story of Research, Discovery, and Disclosure appeared first on Black Hills Information Security, Inc..

Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also […]

The post Cisco Smart Install Escalation and Update! appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

The post Cisco Smart Installs and Why They’re Not “Informational” appeared first on Black Hills Information Security, Inc..

Dakota Nelson// For a lot of our customers, their first introduction to pentesting is a vulnerability scan from BHIS. This is after talking to the testers, of course, and setting […]

The post What to Expect from a Vulnerability Scan appeared first on Black Hills Information Security, Inc..

Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]

The post How to Scan Millions of IPv4 Addresses for Vulnerabilities appeared first on Black Hills Information Security, Inc..

Sally Vandeven // In a recent conversation with Paul Asadoorian, he mentioned a Nessus plugin called nmapxml.  He was not sure how well it worked but suggested I try it […]

The post Nessus & Nmap appeared first on Black Hills Information Security, Inc..

Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” […]

The post Service Detection – Tomcat Manager, From “Info” to “Ouch” appeared first on Black Hills Information Security, Inc..

Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network […]

The post Asterisk SIP Server, From “Info” to “Ouch” appeared first on Black Hills Information Security, Inc..