Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf 0:54 Background behind this webcast, what and [β¦]
The post Webcast: Weaponizing Active Directory appeared first on Black Hills Information Security, Inc..
Timecode links take you to YouTube: 4:11 β Infrastructure & Background8:28 β Overview & Breakdown of Attack Methodology and Plans11:35 β Start of Attack (Gaining Access), Password Spraying Toolkit15:24 β [β¦]
The post Webcast: Attack Tactics 5 β Zero to Hero Attack appeared first on Black Hills Information Security, Inc..
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A [β¦]
The post I Spy with InSpy v3.0 appeared first on Black Hills Information Security, Inc..
Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated [β¦]
The post The CredDefense Toolkit appeared first on Black Hills Information Security, Inc..
Chevy Swanson // EveryoneΒ loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect [β¦]
The post Domain User Enumeration appeared first on Black Hills Information Security, Inc..
Carrie Roberts //Β Update 10/03/16:Β Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, youβve gained access [β¦]
The post Downloading an Address Book from an Outlook Web App (OWA) Portal appeared first on Black Hills Information Security, Inc..
Carrie RobertsΒ // Answer:Β Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described hereΒ in this great post by Beau Bullock. [β¦]
The post Question: Β What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal? appeared first on Black Hills Information Security, Inc..
Brian Fehrman // In our experience, we see many Windows environments in which the local Administrator password is the same for many machines. We refer to this as Wide-Spread Local [β¦]
The post Wide-Spread Local Admin Testing appeared first on Black Hills Information Security, Inc..
Beau BullockΒ // This is part two of a series of posts (See part 1 here)Β where I am detailing multiple ways to gain access to domain user credentials without ever being [β¦]
The post Password Spraying Outlook Web Access β How to Gain Access to Domain Credentials Without Being on a Targetβs Network: Part 2 appeared first on Black Hills Information Security, Inc..
Joff Thyer // Β Many of us in the penetration testing community arβe used to scenarios whereby we land a targeted phishing campaign within a Windows enterprise environment and have [β¦]
The post Password Spraying & Other Fun with RPCCLIENT appeared first on Black Hills Information Security, Inc..
Login