In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer.

The post Getting Started with AI Hacking Part 2: Prompt Injection appeared first on Black Hills Information Security, Inc..

Whether it's forgotten temporary files, installation artifacts, READMEs, or even simple image files--default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.

The post Default Web Content appeared first on Black Hills Information Security, Inc..

Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks. 

The post Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security  appeared first on Black Hills Information Security, Inc..

DNS Triage is a reconnaissance tool that finds information about an organization's infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.

The post DNS Triage Cheatsheet appeared first on Black Hills Information Security, Inc..

CredMaster is a tool that facilitates password guessing attacks against common targets. It is designed with evasion and anti-detection capabilities and uses AWS APIs to rotate IP addresses for each guess.

The post CredMaster Cheatsheet appeared first on Black Hills Information Security, Inc..

GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!

The post GraphRunner Cheatsheet appeared first on Black Hills Information Security, Inc..

Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you're likely to use.

The post Burp Suite Cheatsheet appeared first on Black Hills Information Security, Inc..

Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.

The post Vulnerability Scanning with Nmap  appeared first on Black Hills Information Security, Inc..

Dirsearch is an open-source multi-threaded “web path discovery” tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.

The post How to Use Dirsearch appeared first on Black Hills Information Security, Inc..

Compression is everywhere—in files, videos, storage, and networks—so it’s only natural it should also be in your workflow too. You can “compress” a series of tedious, repetitive tasks requiring multiple steps and several configurations into a single button press with a macro pad such as the Stream Deck or a fully software-customizable mechanical keyboard. 

The post Why Use a Macro Pad? appeared first on Black Hills Information Security, Inc..

Espanso is a powerful cross-platform and open-source text replacement (or text expander) tool. At a simple level: it replaces what you type with something else.

The post Espanso: Text Replacement, the Easy Way appeared first on Black Hills Information Security, Inc..

For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.

The post Caging Copilot: Lessons Learned in LLM Security appeared first on Black Hills Information Security, Inc..

If you’ve ever had to take a request from Burp and turn it into a command line, especially for jwt_tool.py, you know it can be painful—but no more! The “Copy For” extension is here to save valuable time. 

The post Burp Suite Extension: Copy For  appeared first on Black Hills Information Security, Inc..

This article was originally published in the SOC Issue of our PROMPT# zine, which you can read for free HERE. The information was adapted from the 2018 webcast “John Strand’s […]

The post John Strand’s 5 Phase Plan For Starting in Computer Security appeared first on Black Hills Information Security, Inc..

It is no surprise that growing your social network can help get your name out there and provide opportunities to advance your career. LinkedIn, one of the original career-focused networking […]

The post How to Put Yourself Out There – Networking on Social Media appeared first on Black Hills Information Security, Inc..

by Gerald Auger of Simply Cyber // Guest Author You want to break into cybersecurity? That’s AWESOME. I’ve been in the field for 20 years and I LOVE IT! But […]

The post How to Get a Job in Cybersecurity appeared first on Black Hills Information Security, Inc..

| Bronwen Aker // Sr. Technical Editor, M.S. Cybersecurity, GSEC, GCIH, GCFE Go online these days and you will see tons of articles, posts, Tweets, TikToks, and videos about how […]

The post Crafting the Perfect Prompt: Getting the Most Out of ChatGPT and Other LLMs appeared first on Black Hills Information Security, Inc..

This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […]

The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet  appeared first on Black Hills Information Security, Inc..

by Amanda Berlin of Mental Health Hackers This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 […]

The post Mental Health – An Infosec Challenge appeared first on Black Hills Information Security, Inc..

by Martin Pearson || Guest Author This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical […]

The post Build a Home Lab: Equipment, Tools, and Tips appeared first on Black Hills Information Security, Inc..