Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A few months ago, a co-worker mentioned to me that InSpy was now requiring an API key. I found out that the updated version did in […]
Jordan Drysdale// tl;dr Inventory management and personnel management are critical to making this work. Often, the difference between your company becoming a statistic and catching someone with a foothold in your network is limiting the privilege of users on your systems. If my first check after infecting your systems is whether or not I am […]
Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security in 2018. Unfortunately, these webcasts still seem to be needed because there […]
Podcast: Play in new window | Download
John Strand// Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security in 2018. Unfortunately, these webcasts still seem to be needed […]
Carrie Roberts//* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell Empire, which connects to a localhost port on the victim. The local port is forwarded to the remote Empire server through an SSH connection so that […]
Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, “The default creds are probably printed on the back; I wonder if those were ever changed?” When I see an unattended locked door propped open by a shoe or a box, it’s “Why would […]
For this podcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate what RDP logs record with launching password spraying attacks. This has implications for UBEA. It is… kind of cool. Second, we cover how to do […]
Podcast: Play in new window | Download
For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate what RDP logs record with launching password spraying attacks. This has implications for UBEA. It is… kind of cool. Second, we cover how to do […]
Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also packaged up a couple of associated bugs, one of which requires a firmware update. The first is seen below: Reference to this advisory is listed […]
