Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found two paths to ingress the customer’s virtual private cloud (VPC) through the elastic map reduce (EMR) application stacks. One of the vulns that gained us […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 0:54 Background behind this webcast, what and why 7:02 Creating resources in Active Directory, User accounts, Groups, and Dummy Computer accounts 18:54 Tools, ResponderGuard, General flow of attacks, reconnaissance, deception and planted credentials 38:12 Password Spraying, honey users, […]
Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a target’s traffic by making it appear that it is calling out to the domain owned by your target. This is a great technique for red teamers to […]
TJ Nicholls // *BHIS Guest Contributor TL;DR How many times have you had to parse the same output from a tool? Wouldn’t you like to get that time back? There is a lot of overlap in the tools we use and the workflows we perform as information security professionals. Let’s not reinvent the wheel every […]
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June, 2019. The fun part of pentesting is the hacking. But the part that makes it a viable career is the reporting. You can develop the most amazing exploit for the most surprising […]
Download presentation slides: https://www.activecountermeasures.com/presentations/ So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through the defenses in a follow-up webcast, “Attack Tactics 6! Return of the Blue Team,” and now we need to have a talk about logs. Here is the deal, most of […]
This webcast was originally given live on June 5th, 2019 by John Strand and the BHIS (card) Testers. Download slides: https://www.activecountermeasures.com/presentationsRequest a deck of B&B cards (Coming in Sept): https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/Also check out Cubicles & Compromises: https://www.blackhillsinfosec.com/dungeons-dragons-meet-cubicles-compromises So we have been working on a card game for Incident Response over the past few months and it […]
Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate to this webcast and how “eavesarp” basically works. 14:15 Demo of “eavesarp” against a Stale Network Address Configuration (SNAC) attack. 28:45 Q&A This webcast was […]
Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the ARP cache tables of neighboring hosts. While initially inspired by this technique and the desire to derive a means of passively obtaining a list of […]
