Want to learn HOW TO do something? This is a great place to start!
WEBCAST: Live Forensics & Memory Analysis
John Strand // So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What are the first 10 commands you’d run to see if it’s actually compromised? This webcast is based on SANS 504, and introduces attendees to some […]
Cubicles and Compromises Printable
John Strand// Thanks for joining us for our Cubicles and Compromises webcast! We also have a recording available soon! In the meantime, here’s a blog post explanation: And, here you’ll find the printable version: https://www.blackhillsinfosec.com/wp-content/uploads/2019/09/CubiclesandCompromisesPrintable.pdf If you try this, let us know how it goes! Join the BHIS Blog Mailing List – get notified when we […]
PODCAST: Blue Team-Apalooza
Over the past few months, we have discovered a couple trends that organizations seem to be missing. No silver bullets, just some general vulnerability issues we are seeing again and again. In this podcast, Jordan & Kent give a few pointers and some new tools to help the blue team stay on top of these […]
Podcast: Play in new window | Download
OS Command Injection; The Pain, The Gain
Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I knew shellz were in my future, but it was not as easy as I expected. Here was my journey and some things I learned. First, […]
Can we C2? Yes we can!
Dakota Nelson // It’s become more and more common lately to see advanced attackers using legitimate internet channels to move data in and out of networks. Social networks such as Twitter and Tumblr, utilities such as Dropbox and Soundcloud, and even business tools such as Salesforce and Google Docs can all be used as channels […]
Deploy REMnux to the Cloud, Reverse Engineering Malware in the Cloud
Carrie Roberts //* REMnux is a free virtual machine image with Reverse Engineering Malware tools preinstalled. REMnux is maintained by Lenny Zeltser with extensive help from David Westcott and is available from https://remnux.org. I have created an Amazon AMI image from the current version of the image so you can easily create an instance of REMnux in the cloud. This […]
How To: C2 Over ICMP
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what is ICMP? ICMP is Internet Control Message Protocol. It allows internet-connected devices to send error messages back to the source IP address when problems in […]
Malicious Outlook Rules in Action
Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make this happen. Although it left a few things for the reader to figure out and there was one gotcha. In this post I provide […]
How to Build a 404 page not found C2
A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet some are simply used by an attacker to have access to a system so they can pivot to another device or to steal credentials and […]
