Black Hills Information Security, Inc.
RSS
  • All Services
    • Penetration Testing
    • Continuous Penetration Testing
    • Web Application Testing
    • Active SOC
    • Fusion PenTest
    • AI Security Assessments
    • Incident Response
    • Blue Team Services
    • Blockchain Security
    • High-Profile Risk Assessments
    • Complete Service Guide
  • Contact Us
    • Contact Us
    • Email Sign-Up
  • About Us
    • Security Consultants
    • Admin Team
    • Active SOC Team
    • Antisyphon Training
    • BHIS Tribe of Companies
  • Free Resources
    • Blogs
    • Free Cybersecurity Tools
    • Free Cybersecurity Webcasts
    • Podcasts
    • RITA
  • Training
    • BHIS & Antisyphon Training
    • WWHF Conference
  • Community
    • Discord
    • LinkedIn
    • YouTube
    • Bluesky
    • Twitter/X
    • Upcoming Events
  • Fun Stuff
    • Backdoors & Breaches
    • Merch, Zines & More
    • PROMPT# Zine
    • REKCAH
    • Books
BLOG_chalkboard_000666

Informational, Joff Thyer, Physical, Red Team, Social Engineering Pen Testing, PROMPT#

Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

Read the entire post here
BLOG_chalkboard_00664

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Jordan Drysdale, Wireless How to, wifiphisher, wireless testing, wireless tools

How to Install and Perform Wi-Fi Attacks with Wifiphisher 

tl;dr: Install Wifiphisher on Kali and run a basic attack.  This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).   Two […]

Read the entire post here
BLOG_chalkboard_00663

Informational, InfoSec 101, Phishing, Physical, Red Team, Social Engineering Infosec for Beginners

The Human Element in Cybersecurity: Understanding Trust and Social Engineering 

Human Trust  Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]

Read the entire post here
BLOG_chalkboard_00662

General InfoSec Tips & Tricks, Incident Response, Informational, Terry Reece externally exploitable services

In Through the Front Door – Protecting Your Perimeter  

While social engineering attacks such as phishing are a great way to gain a foothold in a target environment, direct attacks against externally exploitable services are continuing to make headlines. […]

Read the entire post here
Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets 

How-To, InfoSec 201, Jack Hyland, Web App cross-site websocket hijacking, CSWSH, SOP, websocket

Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets 

The WebSocket Protocol, standardized in 2011 with RFC 6455, enables full-duplex communication between clients and web servers over a single, persistent connection, resolving a longstanding limitation of HTTP that hindered […]

Read the entire post here
BLOG_chalkboard_00660

External/Internal, Matthew Eidelberg, Phishing, Red Team, Red Team Tools Persistence, Teams, Webhooks

Wishing: Webhook Phishing in Teams

Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]

Read the entire post here
OSINTforIR_pt2

Incident Response, Informational, Patterson Cake OSINT

OSINT for Incident Response (Part 2)

Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]

Read the entire post here
BLOG_chalkboard_00658

Informational, InfoSec 301, Joff Thyer, Red Team devops, malwaredev

Initial Access Operations Part 2: Offensive DevOps

The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]

Read the entire post here
Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape

Informational, InfoSec 301, Joff Thyer, Red Team

Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]

Read the entire post here
«‹ 15 16 17 18›»

Looking For Something?

Browse by category

Recent Posts

  • webapp_headerFinding and Addressing Vulnerable and Outdated Web Application Components
    Vulnerable and outdated software components are one of
  • egress_headerInsufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
    Insufficient egress filtering is a commonly identified
  • _aipentest_headerEveryone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
    What we built, Fusion AI, runs at about a third the

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team C2 Carrie Roberts cloud Cyber Deception hacking infosec Infosec for Beginners InfoSec Survival Guide Joff Thyer john strand Jordan Drysdale Kent Ickler Kerberos Linux MailSniper Malware Microsoft Nessus Nmap passwords password spraying pen-testing penetration testing pentest Pentesting phishing PowerShell Python Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
  • YouTube
  • LinkedIn
  • Bluesky
  • Discord
  • X
  • iTunes
Search the site