Want to learn HOW TO do something? This is a great place to start!
WEBCAST: Tweets, Beats, and Sheets: C2 over Social Media
Dakota Nelson// The modern internet’s got a lot of places to hide. In this webcast, join Dakota as he shows how you can establish C2 channels and issue commands to implants over several different social media sites, including Google Sheets, Twitter, Tumblr, and Salesforce, in under 100 lines of Python. Slides can be […]
The CredDefense Toolkit
Derek Banks, Beau Bullock & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated privileges and ultimately access sensitive data. Most of the time, this is achieved through credential abuse. As pentesters, the primary condition we take advantage […]
Weaponizing Princess Toys: Crafting Wi-Fi Attack Kits
Jordan Drysdale // … Alternate Title: “Why I Love BHIS” So, I was gifted this cute little princessy-toy thing recently. My first thought was that my daughters will love this thing. My second thought was “let’s turn this into a princess play thing, reverse SSH Kali hacker backdoor exploit kit with onboard ad-hoc Wi-Fi that I […]
How To: C2 Over ICMP
Darin Roberts// In previous blogs I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what is ICMP? ICMP is Internet Control Message Protocol. It allows internet connected devices to send error messages back to the source IP address when problems in […]
AppleTV & nmap -sV
BBKing // So I’m working the other day, and my wife asks me why the TV is on. I don’t know. I didn’t turn it on. But it’s near my desk, and I know nobody else turned it on, either. I had been running nmap on my local network to test something out, though. You […]
Pink Teaming: The Dilution of Pentesting
John Strand // There have been a few conversations at conferences and meet-ups over the past year or so about the validity of penetration testing. There are many things on the horizon of computer security that are going to be disruptive to the industry as a whole. And, in large part, these will be good […]
Reminders – Simple Security and Finding Sanity In the Digital Age
Jordan Drysdale // As I wander through life, in what now seems like a world gone entirely mad, disconnecting from digital is my newest hobby. Information overload constantly smashes us in the face at every turn. I try to maintain overload data in a collection of bookmarks, mental notes, recurring nightmares, scrawl and Post-It™ notes […]
Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed
Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, a “firewall” decides what does and does not get to proceed through it. Most organizations have one of these protecting their network from the rest […]
Happy Halloween from BHIS
Melisa Wachs // Everyone seems to hates clowns these days. With all the crazy clown sightings, and banning of clown costumes at parades and schools, I got to thinking that this whole scary clown thing is way overdone. That was until I remembered why I, too, hate clowns. Feeling mischievous this Halloween, I decided to […]
