Black Hills Information Security, Inc.
RSS
  • About Us
    • Security Analysts
    • Admin
    • SOC Team
    • Interns
    • BHIS Family of Companies
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Complete Service Guide
    • Active SOC
    • AI Security Assessments
    • Blockchain Security
    • Blue Team Services
    • Continuous Penetration Testing
    • High-Profile Risk Assessments
    • Incident Response
    • Penetration Testing
  • Tools
    • Free Cybersecurity Tools
    • RITA
    • REKCAH
  • Learn
    • Backdoors & Breaches
    • Blogs
    • Free Cybersecurity Webcasts
    • Podcasts
    • PROMPT# Zine
    • Books
  • Community
    • Discord
    • LinkedIn
    • T-Shirts & Hoodies
    • Twitter
    • Upcoming Events
    • YouTube
  • Training
  • WWHF
s4u2self_header

Informational, Red Team, Red Team Tools Active Directory, Constrained Delegation, Hunter Wade, Kerberos, S4U2Self

Abusing S4U2Self for Active Directory Pivoting

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

Read the entire post here
macropad_header

General InfoSec Tips & Tricks, How-To, Informational, Mitchell Stein Elgato, Macro pad, Stream deck

Why Use a Macro Pad?

Compression is everywhere—in files, videos, storage, and networks—so it’s only natural it should also be in your workflow too. You can “compress” a series of tedious, repetitive tasks requiring multiple steps and several configurations into a single button press with a macro pad such as the Stream Deck or a fully software-customizable mechanical keyboard. 

Read the entire post here
espanso_header (1)

Chris Sullo', General InfoSec Tips & Tricks, How-To, Informational espanso, text expander, text replacement

Espanso: Text Replacement, the Easy Way

Espanso is a powerful cross-platform and open-source text replacement (or text expander) tool. At a simple level: it replaces what you type with something else.

Read the entire post here
copilotbronwen_header

Blue Team Tools, Bronwen Aker, General InfoSec Tips & Tricks, Informational Copilot, Cyber Deception, LLM

Caging Copilot: Lessons Learned in LLM Security

For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.

Read the entire post here
copilot_header

Craig Vincent, How-To, Informational AI, artifical intelligence, Copilot, penetration testing, Pentesting

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.

Read the entire post here
burpference_header

Informational, Red Team AI, artifical intelligence, Artificial Intelligence, burpference, penetration testing

Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.

Read the entire post here
trafficproxy_header (1)

Cameron Cartier, Dave Blandford, Informational, Mobile Flutter, proxy, traffic interception

Intercepting Traffic for Mobile Applications that Bypass the System Proxy

This is a foolproof guide to intercepting traffic from mobile applications built on Flutter, which historically have been especially challenging to intercept.

Read the entire post here
RootAndroid_header

Dave Blandford, Informational, Mobile Android, root, root user, Rooting, superuser

How to Root Android Phones

This blog will cover how to root an AVD emulator and a physical Pixel 6. But before we cover those topics, let’s cover what it is we will be doing and some of the pro/cons of rooting an Android phone.

Read the entire post here
BLOG_chalkboard_00717 (1)

Blue Team, Dale Hobbs, Informational, InfoSec 101 Boardroom Cybersecurity, Business-Driven Security, C-Suite Engagement, Cyber Risk Awareness, Cybersecurity Communication, Executive Buy-In, Financial Impact of Cybersecurity, Risk Management, Security Leadership, Security Strategy

Communicating Security to the C-Suite: A Strategic Approach 

Engaging with the C-suite is not just about addressing security concerns or defending budget requests. It’s about establishing and maintaining an ongoing discussion that aims to align security objectives with the interests of the business.  

Read the entire post here
1 2 3 4›»

Looking For Something?

Browse by category

Recent Posts

  • s4u2self_headerAbusing S4U2Self for Active Directory Pivoting
    TL;DR If you only have access to a valid machine hash,
  • macropad_headerWhy Use a Macro Pad?
    Compression is everywhere—in files, videos, storage,
  • espanso_header (1)Espanso: Text Replacement, the Easy Way
    Espanso is a powerful cross-platform and open-source

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team bypassing AV C2 Carrie Roberts cloud Cyber Deception encryption hacking infosec Infosec for Beginners Joff Thyer john strand Jordan Drysdale Kent Ickler Linux MailSniper Microsoft Nessus passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast PowerShell Python Raymond Felch Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008-2024


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
Search the site