Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

The cybersecurity industry has long debated whether prevention or detection is more important. The AV-Comparatives EPR Comparative Report 2025 settles the debate. By measuring both, it reveals that prevention-first is the winning strategy—stronger, simpler, and more cost-effective. Bitdefender GravityZone didn’t just participate in the evaluation; it led across the board. Bitdefender achieved the highest detection rate among all participating vendors and the lowest Total Cost of Ownership (TCO), underscoring a commitment to both security efficacy and operational efficiency. The evaluation also proves that modern security means blocking threats before they disrupt business.  

Irregular is testing the cybersecurity capabilities of AI models, including Anthropic’s Claude and OpenAI’s ChatGPT.

The post Irregular Raises $80 Million for AI Security Testing Lab appeared first on SecurityWeek.

The Israeli cybersecurity startup plans to expand its offensive security offering to cover more enterprise attack surface.

The post Terra Security Raises $30 Million for AI Penetration Testing Platform appeared first on SecurityWeek.

Bitdefender Recognized for a Third Consecutive Year for Its Ability to Execute and Completeness of Vision  Bitdefender is proud to announce that we have been named the only Visionary in the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP). This marks Bitdefender’s third consecutive placement in the Visionary Quadrant—a distinction we believe reflects our unwavering commitment to innovation, customer-centric security, and consistent execution in a rapidly evolving threat landscape. 

One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot appeared first on Black Hills Information Security, Inc..

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot appeared first on Black Hills Information Security, Inc..

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference appeared first on Black Hills Information Security, Inc..

This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]

The post Why Your Org Needs a Penetration Test Program appeared first on Black Hills Information Security, Inc..

In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.

The post 5 Things We Are Going to Continue to Ignore in 2025 appeared first on Black Hills Information Security, Inc..

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..

In this video, Dave Blandford discusses a beginner's guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

The post Creating Burp Extensions: A Beginner’s Guide appeared first on Black Hills Information Security, Inc..

Over the last few years, the MITRE ATT&CK® Evaluations has become an industry standard for evaluating detection capabilities of security products and services by simulating real-world attacks.

In this video, experts delve into the intricacies of desktop application penetration testing methodologies.

The post Intro to Desktop Application Testing Methodology appeared first on Black Hills Information Security, Inc..

In today’s world, security is more important than ever. As organizations increasingly rely on technology to drive business, digital threats are becoming more sophisticated, varied, and difficult to defend against. […]

The post What Is Penetration Testing? appeared first on Black Hills Information Security, Inc..

This webcast was originally published on September 26, 2024. In this video, Kevin Klingbile from Black Hills Information Security discusses the intricacies of Azure Cloud services and M365, focusing on […]

The post Reconnaissance: Azure Cloud w/ Kevin Klingbile appeared first on Black Hills Information Security, Inc..

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security, Inc..

tl;dr: Install Wifiphisher on Kali and run a basic attack.  This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).   Two […]

The post How to Install and Perform Wi-Fi Attacks with Wifiphisher  appeared first on Black Hills Information Security, Inc..

Tom Smith // At Black Hills Information Security (BHIS), we deal with all manner of clients, public and private. Until a month or two ago, though, we’d never dealt with […]

The post Why Do Car Dealers Need Cybersecurity Services?  appeared first on Black Hills Information Security, Inc..