Black Hills Information Security, Inc.
RSS
  • All Services
    • Penetration Testing
    • Continuous Penetration Testing
    • Web Application Testing
    • Active SOC
    • Fusion PenTest
    • AI Security Assessments
    • Incident Response
    • Blue Team Services
    • Blockchain Security
    • High-Profile Risk Assessments
    • Complete Service Guide
  • Contact Us
    • Contact Us
    • Email Sign-Up
  • About Us
    • Security Consultants
    • Admin Team
    • Active SOC Team
    • Antisyphon Training
    • BHIS Tribe of Companies
  • Free Resources
    • Blogs
    • Free Cybersecurity Tools
    • Free Cybersecurity Webcasts
    • Podcasts
    • RITA
  • Training
    • BHIS & Antisyphon Training
    • WWHF Conference
  • Community
    • Discord
    • LinkedIn
    • YouTube
    • Bluesky
    • Twitter/X
    • Upcoming Events
  • Fun Stuff
    • Backdoors & Breaches
    • Merch, Zines & More
    • PROMPT# Zine
    • REKCAH
    • Books
Proxy execution via WebView2 banner

C2, How-To, Matthew Eidelberg, Red Team DLL sideloading, initial access

Signed, Trusted, and Abused: Proxy Execution via WebView2

An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.

Read the entire post here
Getting Started in Pentesting

Informational, InfoSec 101, Red Team career advice, getting started, Pentesting, Red Team

Getting Started In Pentesting – Advice From The BHIS Pentest Lead

Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.

Read the entire post here
Tips and Resources for Securing the Cloud

Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, Informational, InfoSec 101, Kevin Klingbile Blue Team, Cloud Security, Green Book, Infosec for Beginners, InfoSec Survival Guide, Resources

Cloud Security: Tips and Resources for Securing the Cloud

This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.

Read the entire post here
Lessons from a chatbot incident

Informational, Jeremiah Fowler

Lessons From A Chatbot Incident

Real-world account of how insecure databases and an AI chatbot left customer data exposed and how it could have been prevented.

Read the entire post here
How To Lead Effective Cybersecurity Tabletops

Backdoors & Breaches, Fun & Games, Guest Author, How-To Backdoors & Breaches, How to, Infosec for Beginners, InfoSec Survival Guide, Tips and Tricks

How to Lead Effective Tabletops

Learn how to transform boring, meeting-style security tabletop exercises into engaging real-world scenario simulations.

Read the entire post here
grc_header (1)

GRC, Guest Author, Informational, InfoSec 101 Green Book, Infosec for Beginners, InfoSec Survival Guide

Understanding GRC: How to Navigate Risks and Compliance Standards

“GRC” isn’t all witchcraft and administrative nonsense — it’s the core that drives security initiatives, connects security spend to business outcomes, and powers a well-functioning security team.

Read the entire post here
Linux Persistence For Pentesters

Ben Bowman, Linux, Red Team, Red Team Tools

The “P” in PAM is for Persistence: Linux Persistence Technique

Learn about a pentesting tool using the Pluggable Authentication Module for privilege escalation, lateral movement, and persistence in Linux.

Read the entire post here
malanalysis_header

Informational, InfoSec 101 Green Book, Infosec for Beginners, InfoSec Survival Guide, John Hammond, Malware, Malware Analysis

Malware Analysis: How to Analyze and Understand Malware

Malware analysis is an amazing field that can be interesting, fun, and useful for your cybersecurity career. If you’re wondering WHY anyone would want to dig into malware, it’s all for a better understanding of cybersecurity!

Read the entire post here
OSINT_header

Guest Author, How-To, Informational, InfoSec 101 Infosec for Beginners, InfoSec Survival Guide, Leonardo Núñez, OSINT

OSINT: How to Find, Use, and Control Open-Source Intelligence

OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).

Read the entire post here
‹ 1 2 3 4›»

Looking For Something?

Browse by category

Recent Posts

  • egress_headerInsufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
    Insufficient egress filtering is a commonly identified
  • _aipentest_headerEveryone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
    What we built, Fusion AI, runs at about a third the
  • badge_headerThe Art of the Badge: A Hard Truth About Physical Security
    He walked into the lobby with a fake badge clipped to

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team C2 Carrie Roberts cloud Cyber Deception hacking infosec Infosec for Beginners InfoSec Survival Guide Joff Thyer john strand Jordan Drysdale Kent Ickler Kerberos Linux MailSniper Malware Microsoft Nessus Nmap passwords password spraying pen-testing penetration testing pentest Pentesting phishing PowerShell Python Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
  • YouTube
  • LinkedIn
  • Bluesky
  • Discord
  • X
  • iTunes
Search the site