Want to learn HOW TO do something? This is a great place to start!
Pink Teaming: The Dilution of Pentesting
John Strand // There have been a few conversations at conferences and meet-ups over the past year or so about the validity of penetration testing. There are many things on the horizon of computer security that are going to be disruptive to the industry as a whole. And, in large part, these will be good […]
Webcast: Introducing Backdoors & Breaches Incident Response Card Game
This webcast was originally given live on June 5th, 2019 by John Strand and the BHIS (card) Testers. How To Play! download and print a pdf version of “how to play” So we have been working on a card game for Incident Response over the past few months and it is ready for a dry […]
End-Point Log Consolidation with Windows Event Forwarder
Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping events to a central location. Why do this? I wanted a Windows-based server with all of the event logs from the environment so that […]
Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV
Brian Fehrman (With shout outs to: Kelsey Bellew, Beau Bullock) // In a previous blog post, we talked about bypassing AV and Application Whitelisting by using a method developed by Casey Smith. In a recent engagement, we ran into an environment with even more restrictions in place. Not only did they have AV and Application Whitelisting, but they […]
Happy Halloween from BHIS
Melisa Wachs // Everyone seems to hates clowns these days. With all the crazy clown sightings, and banning of clown costumes at parades and schools, I got to thinking that this whole scary clown thing is way overdone. That was until I remembered why I, too, hate clowns. Feeling mischievous this Halloween, I decided to […]
Webcast: How to Prepare Before the Compromise
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 00:40 Intro, background information, how to deal with the psychology and politics in your company 15:34 Reviewing different cards in Backdoors & Breaches, Server Analysis 22:39 Security Information and Event Management Log Analysis (SIEM) 31:12 Firewall Logs, Zeek, and […]
Go Ahead, Make Our Day
Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and saw that they were storing LANMAN hashes alongside the NTLM hashes I thought to myself …. Wow. I LOVE my job! There are many moments […]
Waiting Is the Hardest Part: A Purple Team’s Take on MS15-034
Mick Douglas // Current Status: – MS15-034 has remote Denial of Service (DoS) – Remote exploit code appears to be ready soon… maybe. Stay tuned. BLUE TEAM MARCHING ORDERS: – Patch. Now. Please. – Pay *very* careful attention to your IIS logs for systems that are attacking or attempting the DoS. You are being profiled. […]
EyeWitness and Why It Rocks
Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the worst things that we find are in the results marked as Low-Severity or Informational in nature. It can be as easy as just visiting a […]
