Want to learn HOW TO do something? This is a great place to start!
Lawrence’s List 072916
Lawrence Hoffman // So, LastPass is one of my favorite applications, and it’s making me more nervous every day. I haven’t lost faith yet, though it was lots more convenient when I had autofill on. LastPass is everywhere this week. Also we’ve got some neat stuff from OnionScanner and one of my favorite subjects “Why […]
WEBCAST: Tales from the Network Threat Hunting Trenches
John Strand// In this webcast John walks through a couple of cool things we’ve found useful in some recent network hunt teams. He also shares some of our techniques and tools (like RITA) that we use all the time to work through massive amounts of data. There are lots of awesome websites that can greatly […]
BHIS’s 2nd Annual Infosecker’s* Gift-List
Sierra Ward with help from all // Wow, another year, another Christmas and another chance to be totally stumped by what to get you favorite InfoSecker. But fear not! We are here with another riveting installment of the BHIS Christmas Gift Guide/Our Tester Wish List! This is divided by price point more than topically… It’s a […]
How to Test for Open Mail Relays
Carrie Roberts // It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can be abused by spammers, eating up your resources and landing you on a blacklist. It is not too common to find completely open mail relays these […]
Free Ticket to the Most Hands-on Infosec Con
For the entire month of June, we ran a contest on our Twitter with the grand prize being a free ticket to Wild West Hackin’ Fest! We were quick to allow a BHIS sticker or a book in place of a t-shirt as well. Before we get to the winner, for those of you who […]
Healthy Hacking with the Treadmill Elliptical Desk: My journey to staying healthy while hacking!
Carrie Roberts*// I’m a red teamer, I love my job but I spend way too much time at a desk in front of a computer. This year I wanted to find a way to continue spending a lot of time at the computer without letting my physical health decline. This article will describe my journey […]
Service Detection – Tomcat Manager, From “Info” to “Ouch”
Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service Detection” finding reported by Nessus, particularly any web servers that it lists because there are often blatant security issues hidden in there. This is as […]
Hashcat Benchmarks for Nvidia GTX 1080TI & GTX 1070 Hashcat Benchmarks
Kent R. Ickler // In my last post, I was building a password cracking rig and updating an older rig with new GPU cards. I struggled during the design process to find a reliable source of information regarding accurate Hashcat benchmarks. As promised I am posting unaltered benchmarks of our default configuration benchmarks. Nothing was […]
Hardware Hacking with Shikra
Rick Wisser// Comparing Apples to Oranges (Bus Pirate vs Shikra) this a Hardware Hacking 101 webcast follow up blog post. I recently did a hardware hacking webcast on hacking a router with the Bus Pirate. The webcast can be found at https://www.blackhillsinfosec.com/webcast-hardware-hacking-101/. In the webcast I made a comment on how long it took to dump the firmware […]
