Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

The post The Top Ten List of Why You Got Hacked This Year (2023/2024)  appeared first on Black Hills Information Security, Inc..

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]

The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security, Inc..

by Gerald Auger of Simply Cyber // Guest Author You want to break into cybersecurity? That’s AWESOME. I’ve been in the field for 20 years and I LOVE IT! But […]

The post How to Get a Job in Cybersecurity appeared first on Black Hills Information Security, Inc..

by Amanda Berlin of Mental Health Hackers This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 […]

The post Mental Health – An Infosec Challenge appeared first on Black Hills Information Security, Inc..

by Martin Pearson || Guest Author This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical […]

The post Build a Home Lab: Equipment, Tools, and Tips appeared first on Black Hills Information Security, Inc..

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]

The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security, Inc..

The potential leaking of confidential information can pose a significant security risk for any organization. When sensitive details (i.e., API keys, passwords, cryptographic keys, and other credentials) are unintentionally committed […]

The post Rooting For Secrets with TruffleHog appeared first on Black Hills Information Security, Inc..

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]

The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security, Inc..

Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]

The post SNMP… Strings Attached! appeared first on Black Hills Information Security, Inc..

Kent Ickler // It’s been over two years since Jordan and I talked about a Blue Team’s perspective on Red Team tools.   A Blue Team’s Perspective on Red Team Hack […]

The post PlumHound Reporting Engine for BloodHoundAD appeared first on Black Hills Information Security, Inc..

Penetration Testing is often considered a dark art that’s shrouded in mystery. This unfortunate perception can hold back organizations from being more secure and keep people from an exciting career. […]

The post Webcast: Pentester Tactics, Techniques, and Procedures TTPs w/ Chris Traynor appeared first on Black Hills Information Security, Inc..

The post Webcast: Coercions and Relays – The First Cred is the Deepest w/ Gabriel Prud’homme appeared first on Black Hills Information Security, Inc..

The post Webcast: Offensive Windows Event Logs w/ Tim Fowler appeared first on Black Hills Information Security, Inc..

The post Webcast: Demystifying Web3 Attack Vectors, w/ Beau Bullock and Steve Borosh appeared first on Black Hills Information Security, Inc..

The post Webcast: Getting Started: Cybersecurity Maturity Model Certification (CMMC) w/ CJ Cox & Adam Austin appeared first on Black Hills Information Security, Inc..

The post Webcast: How Bartending Made Me a Better Infosec Consultant w/ Ben Burkhart appeared first on Black Hills Information Security, Inc..

The post Webcast: How DNS can be abused for Command & Control w/ Troy Wojewoda appeared first on Black Hills Information Security, Inc..

The post Webcast: Introduction to Pentesting w/ Mike Felch appeared first on Black Hills Information Security, Inc..

The post Webcast: How to Detect and Respond to Business Email (M365) Compromise w/ the BHIS DFIR Team  appeared first on Black Hills Information Security, Inc..