Black Hills Information Security, Inc.
RSS
  • All Services
    • Complete Service Guide
    • Active SOC
    • AI Security Assessments
    • Blockchain Security
    • Blue Team Services
    • Continuous Penetration Testing
    • High-Profile Risk Assessments
    • Incident Response
    • Penetration Testing
  • Contact Us
    • Contact Us
    • Email Sign-Up
  • About Us
    • Security Consultants
    • Admin
    • SOC Team
    • BHIS Family of Companies
  • Free Resources
    • Blogs
    • Free Cybersecurity Tools
    • Free Cybersecurity Webcasts
    • Podcasts
    • RITA
  • Training
    • BHIS & Antisyphon Training
    • WWHF Conference
  • Online Community
    • Discord
    • LinkedIn
    • YouTube
    • Bluesky
    • Twitter/X
    • Upcoming Events
  • Fun Stuff
    • Backdoors & Breaches
    • Merch, Zines & More
    • PROMPT# Zine
    • REKCAH
    • Books
netexec_header

Dale Hobbs, External/Internal, How-To, Informational, Password Spray, Red Team, Red Team Tools Active Directory Enumeration, Authentication Testing, Blue Team Defense, CrackMapExec Alternative, Credential Spraying, Lateral Movement, Netexec, Network Discovery, NTLM Authentication, Pass-the-Hash (PTH), Pass-the-Ticket (PTT), SMB Enumeration

Getting Started with NetExec: Streamlining Network Discovery and Access

One tool that I can’t live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

Read the entire post here
dirsearch_header

Chris Sullo', General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

How to Use Dirsearch

Dirsearch is an open-source multi-threaded “web path discovery” tool first released in 2014. The program, written in Python, is similar to other tools such as Dirbuster or Gobuster, and aims to quickly find hidden content on web sites.

Read the entire post here
arcanum_header

Craig Vincent, How-To, Informational, Red Team Tools AI, Arcanum Cyber Security Bot, artifical intelligence, penetration testing, Pentesting

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot

In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.

Read the entire post here
How to Design and Execute Effective Social Engineering Attacks by Phone

Informational, John Malone, Red Team, Social Engineering initial access, phishing, Vishing

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

Read the entire post here
s4u2self_header

Informational, Red Team, Red Team Tools Active Directory, Constrained Delegation, Hunter Wade, Kerberos, S4U2Self

Abusing S4U2Self for Active Directory Pivoting

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

Read the entire post here
macropad_header

General InfoSec Tips & Tricks, How-To, Informational, Mitchell Stein Elgato, Macro pad, Stream deck

Why Use a Macro Pad?

Compression is everywhere—in files, videos, storage, and networks—so it’s only natural it should also be in your workflow too. You can “compress” a series of tedious, repetitive tasks requiring multiple steps and several configurations into a single button press with a macro pad such as the Stream Deck or a fully software-customizable mechanical keyboard. 

Read the entire post here
espanso_header (1)

Chris Sullo', General InfoSec Tips & Tricks, How-To, Informational espanso, text expander, text replacement

Espanso: Text Replacement, the Easy Way

Espanso is a powerful cross-platform and open-source text replacement (or text expander) tool. At a simple level: it replaces what you type with something else.

Read the entire post here
copilotbronwen_header

Blue Team Tools, Bronwen Aker, General InfoSec Tips & Tricks, Informational Copilot, Cyber Deception, LLM

Caging Copilot: Lessons Learned in LLM Security

For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.

Read the entire post here
copilot_header

Craig Vincent, How-To, Informational AI, artifical intelligence, Copilot, penetration testing, Pentesting

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.

Read the entire post here
1 2 3 4›»

Looking For Something?

Browse by category

Recent Posts

  • netexec_headerGetting Started with NetExec: Streamlining Network Discovery and Access
    One tool that I can't live without when performing a
  • dirsearch_headerHow to Use Dirsearch
    Dirsearch is an open-source multi-threaded “web path
  • arcanum_headerAugmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot
    In my journey to explore how I can use artificial

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team bypassing AV C2 Carrie Roberts cloud Cyber Deception encryption hacking infosec Infosec for Beginners Joff Thyer john strand Jordan Drysdale Kent Ickler Linux MailSniper Microsoft Nessus passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast PowerShell Python Raymond Felch Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008-2024


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
Search the site