DNS Triage is a reconnaissance tool that finds information about an organization's infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.

The post DNS Triage Cheatsheet appeared first on Black Hills Information Security, Inc..

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

The post How to Test Adversary-in-the-Middle Without Hacking Tools appeared first on Black Hills Information Security, Inc..

In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes.

The post Adversary in the Middle (AitM): Post-Exploitation appeared first on Black Hills Information Security, Inc..

Recently, as part of our ANTISOC Continuous Penetration Testing (CPT) service, I had an opportunity to investigate how attackers can leverage Slack in cyber-attacks, similar to how we frequently use […]

The post Introducing SlackEnum: A User Enumeration Tool for Slack appeared first on Black Hills Information Security, Inc..

The post Webcast: How to Burn Out in Infosec (and what to do next) w/ Corey Ham and Others appeared first on Black Hills Information Security, Inc..

How to make sure your antivirus is working without any malware  Michael Allen // Recently, a customer asked me if there was a way they could generate alerts from the new antivirus product they deployed without executing any actual […]

The post Is This Thing On? appeared first on Black Hills Information Security, Inc..

During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and […]

The post Webcast: OPSEC Fundamentals for Remote Red Teams appeared first on Black Hills Information Security, Inc..

Michael Allen // Every year around the holidays I end up having a conversation with at least one friend or family member about the importance of choosing unique passwords for […]

The post The Paper Password Manager appeared first on Black Hills Information Security, Inc..

Michael Allen // A couple of years ago, I had a YubiKey that was affected by a security vulnerability, and to fix the issue, Yubico sent me a brand new […]

The post How to Weaponize the Yubikey appeared first on Black Hills Information Security, Inc..