Black Hills Information Security, Inc.
RSS
  • About Us
    • Security Analysts
    • Admin
    • SOC Team
    • Interns
    • BHIS Family of Companies
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Complete Service Guide
    • Active SOC
    • AI Security Assessments
    • Blockchain Security
    • Blue Team Services
    • Continuous Penetration Testing
    • High-Profile Risk Assessments
    • Incident Response
    • Penetration Testing
  • Tools
    • All Tools
    • RITA
    • Books
    • REKCAH
  • Learn
    • Backdoors & Breaches
    • Blogs
    • Podcasts
    • PROMPT# Zine
    • Webcasts
  • Community
    • Discord
    • LinkedIn
    • T-Shirts & Hoodies
    • Twitter
    • Upcoming Events
    • YouTube
  • Training
  • WWHF
copilot_header

Craig Vincent, How-To, Informational AI, artifical intelligence, Copilot, penetration testing, Pentesting

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.

Read the entire post here
burpference_header

Informational, Red Team AI, artifical intelligence, Artificial Intelligence, burpference, penetration testing

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.

Read the entire post here
trafficproxy_header (1)

Cameron Cartier, Dave Blandford, Informational, Mobile Flutter, proxy, traffic interception

Intercepting Traffic for Mobile Applications that Bypass the System Proxy

This is a foolproof guide to intercepting traffic from mobile applications built on Flutter, which historically have been especially challenging to intercept.

Read the entire post here
RootAndroid_header

Dave Blandford, Informational, Mobile Android, root, root user, Rooting, superuser

How to Root Android Phones

This blog will cover how to root an AVD emulator and a physical Pixel 6. But before we cover those topics, let’s cover what it is we will be doing and some of the pro/cons of rooting an Android phone.

Read the entire post here
BLOG_chalkboard_00717 (1)

Blue Team, Dale Hobbs, Informational, InfoSec 101 Boardroom Cybersecurity, Business-Driven Security, C-Suite Engagement, Cyber Risk Awareness, Cybersecurity Communication, Executive Buy-In, Financial Impact of Cybersecurity, Risk Management, Security Leadership, Security Strategy

Communicating Security to the C-Suite: A Strategic Approach 

Engaging with the C-suite is not just about addressing security concerns or defending budget requests. It’s about establishing and maintaining an ongoing discussion that aims to align security objectives with the interests of the business.  

Read the entire post here
BLOG_chalkboard_00716

Ben Bowman, How-To, Informational, Red Team, Red Team Tools Forensics, Memory Forensics, Volatility

Offline Memory Forensics With Volatility

Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.

Read the entire post here
Getting Started with AI Hacking

Brian Fehrman, How-To AI, AI Hacking, Artificial Intelligence, Hacking Classifiers, Machine Learning

Getting Started with AI Hacking: Part 1

You may have read some of our previous blog posts on Artificial Intelligence (AI). We discussed things like using PyRIT to help automate attacks. We also covered the dangers of […]

Read the entire post here
BLOG_chalkboard_00714

Ben Bowman, Blue Team, Blue Team Tools, External/Internal, Web App Cyber Deception, Deceptive Tooling, Go-Spoof

Go-Spoof: A Tool for Cyber Deception

Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.

Read the entire post here
AitM_header

How-To, Michael Allen, Webcast Wrap-Up Adversary-in-the-Middle, MFA, Multi-Factor Authentication

How to Test Adversary-in-the-Middle Without Hacking Tools

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

Read the entire post here
1 2 3 4›»

Follow Us

Looking For Something?

Browse by category

Recent Posts

  • copilot_headerAugmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot
    A common use case for LLMs is rapid software
  • burpference_headerAugmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference
    Burpference is a Burp Suite plugin that takes requests
  • trafficproxy_header (1)Intercepting Traffic for Mobile Applications that Bypass the System Proxy
    This is a foolproof guide to intercepting traffic from

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team bypassing AV C2 Carrie Roberts cloud encryption hacking infosec Infosec for Beginners Joff Thyer john strand Jordan Drysdale Kent Ickler Linux MailSniper Microsoft Nessus passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008-2024


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
Search the site