Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks. 

The post Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise Security  appeared first on Black Hills Information Security, Inc..

Carrie Roberts // PowerShell’s Constrained Language (CLM) mode limits the functionality available to users to reduce the attack surface. It is meant to be used in conjunction with application control […]

The post Constrained Language Mode Bypass When __PSLockDownPolicy Is Used appeared first on Black Hills Information Security, Inc..

Want to learn how attackers bypass endpoint products? Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco […]

The post Webcast: Sacred Cash Cow Tipping 2020 appeared first on Black Hills Information Security, Inc..

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

The post Webcast: Group Policies That Kill Kill Chains appeared first on Black Hills Information Security, Inc..

Beau Bullock // TL;DR Check-LocalAdminHash is a new PowerShell script that can check a password hash against multiple hosts to determine if it’s a valid administrative credential. It also has […]

The post Check-LocalAdminHash & Exfiltrating All PowerShell History appeared first on Black Hills Information Security, Inc..

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour podcast, originally recorded as […]

The post BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security, Inc..

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour webcast, we introduce a somewhat […]

The post Webcast: Endpoint Security Got You Down? No PowerShell? No Problem. appeared first on Black Hills Information Security, Inc..

Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]

The post Getting PowerShell Empire Past Windows Defender appeared first on Black Hills Information Security, Inc..

Brian Fehrman // In a previous post, titled PowerShell without PowerShell, we showed you how you can bypass Application Whitelisting Software (AWS), PowerShell restrictions/monitoring, and Command Prompt restrictions. In some […]

The post PowerShell w/o PowerShell Simplified appeared first on Black Hills Information Security, Inc..

Carrie Roberts//* Is your employer reading all your sensitive information when you browse the internet from your work computer? Probably. But how can you be sure? It is common for […]

The post Are You Spying on me? Detecting SSL Man-in-the-Middle appeared first on Black Hills Information Security, Inc..

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..

Carrie Roberts* // I have added resource file and autorun functionality to PowerShell Empire. Empire now has the ability to run multiple commands at once by specifying the commands in […]

The post Empire Resource Files and Auto Runs appeared first on Black Hills Information Security, Inc..

Carrie Roberts//* Have you found yourself trying to Grep through PowerView output, or any PowerShell output for that matter, and find that it returns no results for text you know […]

The post Grepping Through PowerView Output appeared first on Black Hills Information Security, Inc..

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

The post How To: Empire’s Cross Platform Office Macro appeared first on Black Hills Information Security, Inc..

Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]

The post How to Bypass Web-Proxy Filtering appeared first on Black Hills Information Security, Inc..

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

The post HostRecon: A Situational Awareness Tool appeared first on Black Hills Information Security, Inc..

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

The post Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent appeared first on Black Hills Information Security, Inc..

Brian Fehrman // As described in my last blog post, Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV (sheeesh…it’s been a bit!), we are seeing more environments in […]

The post Power Posing with PowerOPS appeared first on Black Hills Information Security, Inc..

Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]

The post PowerShell DNS Command & Control with dnscat2-powershell appeared first on Black Hills Information Security, Inc..

Joff Thyer //   It is no secret that PowerShell is increasingly being used as an offensive tool for attack purposes by both Red Teamers and Criminals alike. Thanks to […]

The post PowerShell Logging for the Blue Team appeared first on Black Hills Information Security, Inc..