The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy. 

The post Microsoft Store and WinGet: Security Risks for Corporate Environments appeared first on Black Hills Information Security, Inc..

Use of Microsoft 365 products in security testing is not a new concept. For a long time, I’ve incorporated various activities using Office products into my testing regimen. In the […]

The post Augmenting Security Testing and Analysis Activities with Microsoft 365 Products appeared first on Black Hills Information Security, Inc..

Hi, it’s David with BHIS! You’ll be saying, “Wow,” every time you use this tool. It’s like a shammy. It’s like a towel. It’s like a sponge. A regular towel […]

The post Introducing Squeegee: The Microsoft Windows RDP Scraping Utility appeared first on Black Hills Information Security, Inc..

The post Webcast: How to Detect and Respond to Business Email (M365) Compromise w/ the BHIS DFIR Team  appeared first on Black Hills Information Security, Inc..

The post Webcast: Attack Tactics 8 – Poison the Well – Jordan Drysdale & David Fletcher appeared first on Black Hills Information Security, Inc..

David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon […]

The post Pushing Your Way In appeared first on Black Hills Information Security, Inc..

David Fletcher // Service Message Block (SMB) shares can represent a significant risk to an organization. Companies often lack a realistic understanding of the exposure that SMB shares represent. Effective management typically requires a sound information management […]

The post Finding Buried Treasure in Server Message Block (SMB) appeared first on Black Hills Information Security, Inc..

David Fletcher // This blog post discusses the relevance and techniques involved in logon script abuse. While the Backdoors & Breaches card is featured for this topic, the post will […]

The post Backdoors & Breaches: Logon Scripts appeared first on Black Hills Information Security, Inc..

David Fletcher // With so many organizations transitioning to remote work in order to stem the tide of COVID-19 infections, we wanted to cover some of the configuration elements you […]

The post Check Your Perimeter appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf 0:54 Background behind this webcast, what and […]

The post Webcast: Weaponizing Active Directory appeared first on Black Hills Information Security, Inc..

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports.  The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

The post Finding: Server Supports Weak Transport Layer Security (SSL/TLS) appeared first on Black Hills Information Security, Inc..

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

The post Finding: Weak Password Policy appeared first on Black Hills Information Security, Inc..

David Fletcher// There are a number of items that I watch on eBay. Included in that group are long-range proximity card readers. As it turns out, I was recently able […]

The post Gathering Proximity Card Credentials: The Wiegotcha appeared first on Black Hills Information Security, Inc..

David Fletcher // During WWHF we had a number of attendees ask for the Software Defined Radio (SDR) lab parts list and source code so that they could experiment at […]

The post Wild West Hackin’ Fest (WWHF) SDR Labs appeared first on Black Hills Information Security, Inc..

David Fletcher// Join David as he takes a look at one of the many labs that we’ll be offering during Wild West Hackin’ Fest. This lab explores signal analysis and […]

The post WEBCAST- WWHF Lab Exploration: Hands-on RF Attacks appeared first on Black Hills Information Security, Inc..

David Fletcher// My wife and I recently purchased a 2016 Ford Flex to replace an aging version of the same make and model that met an untimely fate. During the […]

The post Internet of Things Exploration: 2016 Ford Flex appeared first on Black Hills Information Security, Inc..

David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04.  Having the ability to create a software AP can be very […]

The post How to Build a Soft Access Point in Ubuntu 16.04 appeared first on Black Hills Information Security, Inc..

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

The post How To: Empire’s Cross Platform Office Macro appeared first on Black Hills Information Security, Inc..

David Fletcher //   Whenever I have the opportunity, I like to perform packet collection on a test for about five minutes so I can analyze the results and look […]

The post How to Identify Network Vulnerabilities with NetworkRecon.ps1 appeared first on Black Hills Information Security, Inc..

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

The post Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent appeared first on Black Hills Information Security, Inc..