Black Hills Information Security, Inc.
RSS
  • All Services
    • Penetration Testing
    • Continuous Penetration Testing
    • Web Application Testing
    • Active SOC
    • Fusion PenTest
    • AI Security Assessments
    • Incident Response
    • Blue Team Services
    • Blockchain Security
    • High-Profile Risk Assessments
    • Complete Service Guide
  • Contact Us
    • Contact Us
    • Email Sign-Up
  • About Us
    • Security Consultants
    • Admin Team
    • Active SOC Team
    • Antisyphon Training
    • BHIS Tribe of Companies
  • Free Resources
    • Blogs
    • Free Cybersecurity Tools
    • Free Cybersecurity Webcasts
    • Podcasts
    • RITA
  • Training
    • BHIS & Antisyphon Training
    • WWHF Conference
  • Community
    • Discord
    • LinkedIn
    • YouTube
    • Bluesky
    • Twitter/X
    • Upcoming Events
  • Fun Stuff
    • Backdoors & Breaches
    • Merch, Zines & More
    • PROMPT# Zine
    • REKCAH
    • Books
BLOG_chalkboard_00647

General InfoSec Tips & Tricks, How-To, Informational, Jordan Drysdale Advice from a Help Desk Tech, Networking

The Simplest and Last Internet-Only ACL You’ll Ever Need 

tl;dr  Implement this ACL using whatever network gear, cloud ACL config, or uncomplicated firewall you use to protect your networks. Our IOT devices are on 10.99.99.0/24 for this example. Also, […]

Read the entire post here
BLOG_chalkboard_00646

Informational, InfoSec 101, Serena DiPenti internet protocol, IP, Networking

Unpacking the Packet: Demystifying the Internet Protocol

The internet is a product of a global group effort to build an interoperable network connecting billions of devices, regardless of country, region, or manufacturer. That effort yielded hundreds of […]

Read the entire post here
BLOG_chalkboard_00645

Alyssa Snow, Blue Team, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team Active Directory, ADCS, exploit

Abusing Active Directory Certificate Services (Part 3)

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]

Read the entire post here
BLOG_chalkboard_00644

Ethan Robish, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101 Personal Security

Rotating Your Passwords After a Password Manager Breach

| Ethan Robish It’s been nearly a year since Lastpass was breached and users’ encrypted vaults were stolen.  I had already migrated to a different password manager for all my […]

Read the entire post here
BLOG_chalkboard_00642

General InfoSec Tips & Tricks, Informational, Sean Verity

Opt for TOTP to Deal With MFA App Sprawl

| Sean Verity Do you have a bunch of MFA apps on your phone that leave you feeling like you can’t put your arms down? Or maybe all those MFA […]

Read the entire post here
Untitled

Beau Bullock, How-To, Red Team, Red Team Tools, Steve Borosh Azure, cloud, microsoft365

Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365

By Beau Bullock & Steve Borosh TL;DR We built a post-compromise toolset called GraphRunner for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and […]

Read the entire post here
BLOG_chalkboard_00641

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services (Part 2)

Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to domain administrator.

Read the entire post here
How Attackers Use SSH.exe as a Backdoor Into Your Network (5)

Alyssa Snow, Blue Team, External/Internal, How-To, Informational, Red Team, Red Team Tools Active Directory, exploit

Abusing Active Directory Certificate Services (Part 1)

Active Directory Certificate Services (ADCS) is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing certificates for systems, users, applications, and more.

Read the entire post here
BLOG_chalkboard_00639

Blue Team, Hayden Covington, Hunt Teaming, Informational, Phishing

Stop Phishing Yourself: How Auto-Forwarding and Exchange Contacts Can Stab You in the Back

Hayden Covington // Phishing is an ever-present threat, but lately, user education and spam filters have helped mitigate some of that threat. But what happens when a phish makes it […]

Read the entire post here
«‹ 17 18 19 20›»

Looking For Something?

Browse by category

Recent Posts

  • webapp_headerFinding and Addressing Vulnerable and Outdated Web Application Components
    Vulnerable and outdated software components are one of
  • egress_headerInsufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
    Insufficient egress filtering is a commonly identified
  • _aipentest_headerEveryone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
    What we built, Fusion AI, runs at about a third the

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team C2 Carrie Roberts cloud Cyber Deception hacking infosec Infosec for Beginners InfoSec Survival Guide Joff Thyer john strand Jordan Drysdale Kent Ickler Kerberos Linux MailSniper Malware Microsoft Nessus Nmap passwords password spraying pen-testing penetration testing pentest Pentesting phishing PowerShell Python Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
  • YouTube
  • LinkedIn
  • Bluesky
  • Discord
  • X
  • iTunes
Search the site