But what if we need to wrangle Windows Event Logs for more than one system? In part 2, weβll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (βREIWβ)!Β
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..
DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.
The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..
In part 1 of this post, weβll discuss how Hayabusa and βSecurity Operations and Forensics ELKβ (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELKΒ (Part 1) appeared first on Black Hills Information Security, Inc..
The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy.Β
The post Microsoft Store and WinGet: Security Risks for Corporate Environments appeared first on Black Hills Information Security, Inc..
Remember the good βol days of Zip drives, Winamp, the advent of βOffice 365,β and copy machines that didnβt understand email authentication? Okay, maybe they werenβt so good! For a [β¦]
The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..
In this blog, Iβm going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest.
The post Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite appeared first on Black Hills Information Security, Inc..
Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.
The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..
Nmap, also known as Network Mapper, is a commonly used network scanning tool. As penetration testers, Nmap is a tool we use daily that is indispensable for verifying configurations and identifying potential vulnerabilities.
The post Vulnerability Scanning with NmapΒ appeared first on Black Hills Information Security, Inc..
One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.
The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..
Dirsearch is an open-source multi-threaded βweb path discoveryβ tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.
The post How to Use Dirsearch appeared first on Black Hills Information Security, Inc..
In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.
The post Augmenting Penetration Testing Methodology with Artificial Intelligence β Part 3: Arcanum Cyber Security Bot appeared first on Black Hills Information Security, Inc..
Compression is everywhereβin files, videos, storage, and networksβso itβs only natural it should also be in your workflow too. You can βcompressβ a series of tedious, repetitive tasks requiring multiple steps and several configurations into a single button press with a macro pad such as the Stream Deck or a fully software-customizable mechanical keyboard.Β
The post Why Use a Macro Pad? appeared first on Black Hills Information Security, Inc..
Espanso is a powerful cross-platform and open-source text replacement (or text expander) tool. At a simple level: it replaces what you type with something else.
The post Espanso: Text Replacement, the Easy Way appeared first on Black Hills Information Security, Inc..
A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.
The post Augmenting Penetration Testing Methodology with Artificial Intelligence β Part 2: Copilot appeared first on Black Hills Information Security, Inc..
Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.
The post Offline Memory Forensics With Volatility appeared first on Black Hills Information Security, Inc..
You may have read some of our previous blog posts on Artificial Intelligence (AI). We discussed things like using PyRIT to help automate attacks. We also covered the dangers of [β¦]
The post Getting Started with AI Hacking: Part 1 appeared first on Black Hills Information Security, Inc..
In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.
The post How to Test Adversary-in-the-Middle Without Hacking Tools appeared first on Black Hills Information Security, Inc..
Iβve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem [β¦]
The post Canary in the Code: Alert()-ing on XSS Exploits appeared first on Black Hills Information Security, Inc..
In this video, John Strand and his team discuss the challenges of setting up and running wireless labs, particularly focusing on the issues faced during Wild West Hackinβ Fest events. They highlight the development of an open-source project aimed at virtualizing wireless labs, which allows learners to practice wireless hacking techniques without needing physical hardware.
The post How to Hack Wi-Fi with No Wi-Fi appeared first on Black Hills Information Security, Inc..
RAG connects pre-trained LLMs with current data sources. Moreover, a RAG system can use many data sources.
The post Avoiding Dirty RAGs: Retrieval-Augmented Generation with Ollama and LangChain appeared first on Black Hills Information Security, Inc..
Login