How To Blogs

Want to learn HOW TO do something? This is a great place to start!

00377_03182019_PODCAST_TrackingAttackers

BHIS PODCAST: Tracking attackers. Why attribution matters and how to do it.

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to track with Word Web Bugs in ADHD, and cover the awesome toolkit from Thinkst. We also cover some of the legal ramifications involved in doing […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00116_09252016_IntroducingMailSniper

Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data

Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in […]

Read the entire post here

Screen Shot 2017-01-06 at 10.00.27 AM

WEBCAST: Sacred Cash Cow Tipping 2016

John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.

Read the entire post here

Hacking Like It’s 1999

Hacking Like It’s 1999

Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where there was a virtual terminal open: After looking I asked what the system did, he said it was just a GitLab server for a personal […]

Read the entire post here

Untitled-1

Domain User Enumeration

Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect and exact. One very specific place where this problem comes up is when working with users on a domain. No matter how you try to […]

Read the entire post here

PODCAST: Active Directory Best Practices that Frustrate Pentesters

// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real Sierra was on vacation. See the webcast and Kent’s show notes here.

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

AttackTactics7-01

Webcast: Attack Tactics 7 – The Logs You Are Looking For

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics7LogsYouAreLookingFor.pdf So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through the defenses in a follow-up webcast, “Attack Tactics 6! Return of the Blue Team,” and now we need to have a talk about logs. Here […]

Read the entire post here

hidingPayloadinMSOffice

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then you might like this PowerShell script that will put a comment of any length into this field you. Microsoft limits the length of comments that can be […]

Read the entire post here

Empire Resource Files and Auto Runs

Empire Resource Files and Auto Runs

Carrie Roberts* // I have added resource file and autorun functionality to PowerShell Empire. Empire now has the ability to run multiple commands at once by specifying the commands in a resource file. You can use this feature to automate the startup of your listeners and perform other tasks. In addition, you can specify multiple […]

Read the entire post here

00505_01052021_SysmonEventID

8 Jan 2021

How-To, Informational, InfoSec 101 Sysmon

A Sysmon Event ID Breakdown – Now with Event ID 25!!

Jordan Drysdale // tl;dr This blog is being provided to demonstrate the capabilities of Sysmon logging broken down by event ID. The IDs will be captured in context and matched to their sysmon-modular configuration section for tuning opportunities. Please allow me a shout out here to the author of the sysmon-modular repository on Github. Olaf […]

Read the entire post here

RFID Proximity Cloning Attacks

17 Dec 2020

Hardware Hacking, How-To, Informational

RFID Proximity Cloning Attacks

Ray Felch // Introduction While packing up my KeyWe Smart Lock accessories, and after wrapping up my research and two previous blogs “Reverse Engineering a Smart Lock” and “Machine-in-the-Middle BLE Attack”, I came across a couple of KeyWe RFID tags. Although I was somewhat already familiar with RFID (Radio Frequency ID) technology, I decided this […]

Read the entire post here

00500_12072020_JoyridingSILENTTRINITYUpdates

10 Dec 2020

Fun & Games, How-To, Informational, InfoSec 101

Joyriding with SILENTTRINITY – UPDATES

Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the installation… and the instructions in the original blog I wrote are no longer accurate. https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/ Also, please read the call to arms. Help and support […]

Read the entire post here

00499_12082020_WebcastBurpSuite

7 Dec 2020

How-To, Informational, Podcasts, Webcasts

Webcast: Getting Started with Burp Suite & Webapp Pentesting

Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike!

2 Dec 2020

How-To, Informational, InfoSec 101

Azure Sentinel Quick-Deploy with Cyb3rWard0g’s Sentinel To-Go – Let’s Catch Cobalt Strike!

Jordan Drysdale // tl;dr Sentinel is easy! Especially when using Azure Sentinel To-Go. So, let’s do some threat research by deploying Sentinel To-Go and executing a Cobalt Strike beacon. Link: https://github.com/OTRF/Azure-Sentinel2Go Keeping up with Roberto’s (and his brother, and the OTRF contributors) is as monumental a task as his efforts to push threat research forward. […]

Read the entire post here

00494_11232020_AzureSecurityBasics

24 Nov 2020

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101

Azure Security Basics: Log Analytics, Security Center, and Sentinel

Jordan Drysdale // TL;DR The problem with a pentester’s perspective on defense, hunting, and security: Lab demographics versus scale. If it costs $15 bucks per month per server for me to get ATP data, demo its effectiveness, provide tips, tricks, and some basic guidance to the world, this is affordable. Deploying ATP on 5,000 virtual […]

Read the entire post here

00488_10262020_MachinIntheMiddle

28 Oct 2020

General InfoSec Tips & Tricks, Hardware Hacking, How-To, Informational, InfoSec 101

Machine-in-the-Middle (MitM) BLE Attack

Ray Felch // Introduction Continuing with my ongoing Smart Lock attack research (see blog Reverse Engineering a Smart Lock), I decided to move my focus to a different type of attack technique, namely a relay attack. The relay attack is a form of MitM attack, not to be confused with the more well-known replay attack. […]

Read the entire post here

00489_10262020_WebcastSOC

26 Oct 2020

How-To, Informational, Podcasts, Webcasts

Webcast: The SOC Age Or, A Young SOC Analyst’s Illustrated Primer

Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00487_10212020_HowToInstallMitreCALDERA

21 Oct 2020

How-To, Informational

How to Install Mitre CALDERA and Configure Your SSL Certificate

Carrie & Darin Roberts // If you would like to install the Mitre CALDERA server on your own, the CALDERA GitHub page has installation instructions on their ReadMe here. Detailed steps are provided below for installing CALDERA on Ubuntu and configuring it to use your SSL certification. Clone the Repository git clone https://github.com/mitre/caldera.git –recursive –branch […]

Read the entire post here

1 2 3 4 5 ›»

Subscribe to the BHIS blog

Archives