Matt Toussain goes through how Mailsniper can be the penetration tester’s best friend. If you haven’t been using this tool in your tests you might start now! Check out the video for all the slides. This is audio only.
Podcast: Play in new window | Download
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with […]
Kent R. Ickler// It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command syntax. We’ve generated a Hashcat Cheat Sheet for quick reference that may save you a bunch of time if you’re often reaching out to […]
David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across the breadth of our testing. Why is this finding important? This finding is important because attackers are ultimately interested in data. Use of a strong […]
John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/
Podcast: Play in new window | Download
This is the audio only version of John’s webcast about how we would attack your company during a pentest. Grab his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/
Podcast: Play in new window | Download
John Strand // This is the second part of our series about Attack Tactics. In the first part we discussed how we’d attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step of the way. We cover event logs, […]
Kent R. Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me and all the others say it many many times. LLMNR was (is) a protocol used that allowed name resolution without the requirement of a DNS server. It was (is) able to provide a […]
John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack. […]
