How To Blogs

Want to learn HOW TO do something? This is a great place to start!

00256_12062017_DiggingIntoVulnerableWindowsServices

Digging Deeper into Vulnerable Windows Services

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, dumping clear text credentials from memory, and installing persistent back doors on the system. Insecurely-configured Windows Services can be one avenue for privilege escalation. Windows […]

Read the entire post here

Service Detection – Tomcat Manager, From “Info” to “Ouch”

Service Detection – Tomcat Manager, From “Info” to “Ouch”

Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” finding reported by Nessus, particularly any web servers that it lists because there are often blatant security issues hidden in there. This is as […]

Read the entire post here

00380_Google_Purge_p1_03272019

How to Purge Google and Start Over – Part 1

Mike Felch// A Tale of Blue Destroying Red Let me start by sharing a story about a fairly recent red team engagement against a highly-secured technical customer that didn’t end so well for me. Their SOC was well-equipped with sophisticated in-house anomaly detection tools, incredible visibility across the organization, and a tenacious incident response team. […]

Read the entire post here

00347_10152018_EmbeddingMeterpreterInAndroidAPK

Embedding Meterpreter in Android APK

Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the days of thin clients. As the pendulum swings yet again, our thin client can be anything from a JavaScript browser framework to a mobile-enabled frontend […]

Read the entire post here

00378_03192019_Blog_Rotate_IP

How To Rotate Your Source IP Address

Darin Roberts// IP-Go-Round – Source IP Rotation I was on an engagement recently that was blocking my password sprays based on my IP address. If I made 3 incorrect requests from my IP, I was blocked out from making any other requests for 30 minutes. How annoying is that? It is a great form of […]

Read the entire post here

screen-shot-2016-11-30-at-11-08-12-am

WEBCAST: Exchange and OWA attacks – Step by Step

Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.

Read the entire post here

00203_05152017_DomainGoodness-1

Domain Goodness – How I Learned to LOVE AD Explorer

Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. Maybe a little less known is that they are super helpful for pentesters too! One of my favorites is AD Explorer. My colleague Dave Fletcher, […]

Read the entire post here

00263_01082018_AnalyzingExtensionEffectivenessWithBurp

Analyzing Extension Effectiveness with Burp

Jordan Drysdale // tl;dr uBlock Origin appears, based on non-scientific testing, to be fairly effective at keeping trackers from making outbound HTTP GET requests. Tested Extensions: No Add-ons v Ghostery v uBlock Origin v AdBlock PlusAnalyzed Website homepages: CNN v FoxNews v MSNBC I ran all of the following tests about the same. I clear […]

Read the entire post here

Get to Know a Tester: Sally

Note: A few months ago we did a short interview with a tester when we talked to Ethan. This month we had a conversation with Sally Vandeven, who’s only been with us just under a year, but already feels like an old friend. Enjoy! – Sierra

Read the entire post here

00429_01142020_WebcastSacredCashCow2020

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Webcasts carbonblack, Cisco, Cylance Bypass, john strand, PowerShell, Sacred Cash Cow Tipping, webcasts, Windows Defender

Webcast: Sacred Cash Cow Tipping 2020

Want to learn how attackers bypass endpoint products? Download slides: https://www.activecountermeasures.com/presentations/ 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco AMP EDR – Quick and Easy Bypass 18:24 – PowerShell AMSI Bypass – Rhino 19:07 – CylancePROTECT Bypass 24:14 – Windows Defender and Carbon Black Bypass 30:36 – Windows Subsystem for Linux […]

Podcast: Play in new window | Download

Subscribe: Android | RSS

Read the entire post here

00427_01072020_WebcastLetsTalkAboutElkBaby

Blue Team, Blue Team Tools, How-To, Informational, Webcasts Active Directory, applocker, Atomic Red Team, ATT&CK, ELK, Group Policies, Jordan Drysdale, Kent Ickler, Sysmon, Windows logging, Winlogbeat

Webcast: Let’s Talk About ELK Baby, Let’s Talk About You and AD

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Download slides: https://www.activecountermeasures.com/presentations/ […]

Podcast: Play in new window | Download

Subscribe: Android | RSS

Read the entire post here

00426_01022020_PaperPasswordManager

How-To, Informational, Password Cracking Michael Allen, Paper Password Manager, password management, passwords

The Paper Password Manager

Michael Allen // Every year around the holidays I end up having a conversation with at least one friend or family member about the importance of choosing unique passwords for each web site or service they use. Usually, it’s after they’ve received a phone or a camera or some other “smart” device for Christmas and […]

Read the entire post here

00421_12042019_CollectingUserInfoLinkedIn

Finding, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Phishing, Recon, Red Team, Red Team Tools Justin Angel, LinkedIn, Parsuite, Peasant, SendGrid

Collecting and Crafting User Information from LinkedIn

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering and password attacks. LinkedIn is obviously a prime source for this type of information since users can associate themselves with a particular company. Assuming we […]

Read the entire post here

00422_12092019_GNURadioPrimer

Hardware Hacking, How-To, Informational, Physical GNURadio, Hackrf, Raymond Felch, SDR

GNU Radio Primer

Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting any data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your traffic. Preface: Recently, I introduced myself to the world of […]

Read the entire post here

00418_11132019_WhatsChangedReconng

How-To, Informational, Recon Brian King, Recon-ng

What’s Changed in Recon-ng 5.x

Brian King // Recon-ng had a major update in June 2019, from 4.9.6 to 5.0.0. This post is meant to help with the adjustment by providing a cheat sheet for common commands and mapping of some old syntax to the new syntax. If you’re at all like me, you’ll assume that what you know from […]

Read the entire post here

00417_11062019_RainyDay

Blue Team, Blue Team Tools, How-To, Informational, Red Team, Red Team Tools Certutil, Clip, Clipboard, Cmdkey, Curl, Microsoft, Net1, Sally Vandeven, Tar, Where, Whoami, Windows, Windows Command, Wslconfig

Rainy Day Windows Command Research Results

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we have learned that Microsoft has some very interesting gems hiding in plain sight. Seriously, Microsoft seems to be making a concerted effort to add some […]

Read the entire post here

00415_11042019_GSMTrafficEncryption

Hardware Hacking, How-To, Informational A5/1 Stream Cipher, GSM, Raymond Felch

GSM Traffic and Encryption: A5/1 Stream Cipher

Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. Additionally, intercepting and decrypting someone else’s data is illegal, so be careful when researching your phone traffic. Some useful terminology: Mobile Phone Related: MS mobile […]

Read the entire post here

00416_11012019_IntroToCCAT

How-To, Informational CCAT, Cisco Config Analysis Tool, kayla mackiewicz

How to Use CCAT: An Analysis Tool for Cisco Configuration Files

Kayla Mackiewicz // Last year, fellow tester Jordan Drysdale wrote a blog post about Cisco’s Smart Install feature. His blog post can be found here. If this feature is enabled on a Cisco device, an attacker can download or upload a config file and even execute commands. Whether you use the Smart Install feature or […]

Read the entire post here

1 2 3 4 5 >»

Subscribe to the BHISblog

Archives