Kelsey// Dear Big All-Powerful Company, Your idea of a ‘strong password’ is flawed. When I first saw the following message, I laughed. I said out loud, “No, you have not seen that password before, ever; I guarantee it,” but I moved on. I thought, no big deal, I’ll add some length. And then adding length […]
John Strand// Using threat intelligence feeds for good….instead of wasting time and money. John’s intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But, maybe there is a way we can do this better! Could we […]
Dakota Nelson// For a lot of our customers, their first introduction to pentesting is a vulnerability scan from BHIS. This is after talking to the testers, of course, and setting up rules of engagement, sharing which hosts are within scope, and talking over how we, as testers here at BHIS, can best help secure their […]
Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The webcast will discuss the last 15 years of wireless threats…..in less than five minutes. The other 55 minutes will cover modern defenses, Wi-Fi hardening and […]
Rick Wisser// Here at BHIS we are always on the lookout for new toys. Especially if we can use them during a pentest. As a pentester, we all have a complimentary tool set in our jump bags that we have grown accustomed to using. Tools such as the Rubber Ducky, Konboot, Lan Turtle, proxmark3, crowbar […]
Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am getting asked more and more about it. People that I had mentioned Bitcoin to back in 2013 are coming out of the woodwork to ask about […]
Melisa Wachs// Many of you have met John, so I thought you’d enjoy this posh little gem I dug up. This picture was taken in our first home, and although I don’t remember this very moment, I do have a fond memory from around this time, that many of y’all may be able to relate. Our […]
Jordan Drysdale // Let’s start this post at Walmart. Yes, the visit may be attributable against the purchaser via security camera footage retrieved by warrant, so hand your wife/husband/confidant/whomever a stack of untraceable cash. The first thing to snag is a new burner phone. This one seems acceptable for our purposes: Wait though, did we […]
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this post we will walk through the changes to C2K as well as re-deploy a demo C2 infrastructure with all the new features. It is worth […]
