Finding the Right Penetration Testing Company
This blog is for anyone who is interested in finding a good penetration testing company.
Deceptive-Auditing: An Active Directory Honeypots Tool
Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.
The Curious Case of the Comburglar
By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the client’s […]
How to Set Smart Goals (That Actually Work For You)
Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?
Inside the BHIS SOC: A Conversation with Hayden Covington
What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them.
Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation
This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven’t already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.
Why You Got Hacked – 2025 Super Edition
This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.
Abusing Delegation with Impacket (Part 2): Constrained Delegation
This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven’t already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.
Abusing Delegation with Impacket (Part 1): Unconstrained Delegation
In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.