Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..

Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.

The post Vulnerability Scanning with Nmap  appeared first on Black Hills Information Security, Inc..

One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.

The post Go-Spoof: A Tool for Cyber Deception appeared first on Black Hills Information Security, Inc..

This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]

The post Why Your Org Needs a Penetration Test Program appeared first on Black Hills Information Security, Inc..

GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign. 

The post Gone Phishing: Installing GoPhish and Creating a Campaign appeared first on Black Hills Information Security, Inc..

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

The post The Top Ten List of Why You Got Hacked This Year (2023/2024)  appeared first on Black Hills Information Security, Inc..

While DLL hijacking attacks can take on many different forms, this blog post will explore a specific type of attack called DLL proxying, providing insights into how it works, the potential risks it poses, and briefly the methodology for discovering these vulnerable DLLs, which led to the discovery of several zero-day vulnerable DLLs that Microsoft has acknowledged but opted to not fix at this time.

The post Proxying Your Way to Code Execution – A Different Take on DLL Hijacking  appeared first on Black Hills Information Security, Inc..

A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […]

The post Auditing GitLab: Public Gitlab Projects on Internal Networks appeared first on Black Hills Information Security, Inc..

Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will […]

The post Abusing Active Directory Certificate Services (Part 4) appeared first on Black Hills Information Security, Inc..

Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […]

The post Deploy an Active Directory Lab Within Minutes appeared first on Black Hills Information Security, Inc..

Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]

The post Wishing: Webhook Phishing in Teams appeared first on Black Hills Information Security, Inc..

What is Hydra? Hydra is a tool that can be used for password spraying. Let’s begin by defining the term “password spray.” A password spray is where an attacker defines […]

The post Hacking with Hydra appeared first on Black Hills Information Security, Inc..

The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […]

The post Revisiting Insecure Direct Object Reference (IDOR) appeared first on Black Hills Information Security, Inc..

In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]

The post Bypass NTLM Message Integrity Check – Drop the MIC appeared first on Black Hills Information Security, Inc..

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

The post Abusing Active Directory Certificate Services (Part 3) appeared first on Black Hills Information Security, Inc..

Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to domain administrator.

The post Abusing Active Directory Certificate Services (Part 2) appeared first on Black Hills Information Security, Inc..

Active Directory Certificate Services (ADCS) is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing certificates for systems, users, applications, and more.

The post Abusing Active Directory Certificate Services (Part 1) appeared first on Black Hills Information Security, Inc..

ImposterKeanu // Introduction  This blog post introduces the reader to “The Obfuscation Hustle”, a term I enjoy using to describe the tedious process of obfuscating and delivering files to corporate […]

The post Evasive File Smuggling with Skyhook  appeared first on Black Hills Information Security, Inc..

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

The post Gowitness, a Tester’s Time Saver appeared first on Black Hills Information Security, Inc..