Author, Informational, Joff Thyer, Red Team Dropbox, Man-in-the-Middle, MITM, penetration tester, pentest, pentesting dropbox

Pentesting Dropbox on Steroids

Joff Thyer// Many of you have probably already looked at Beau Bullock’s fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the […]

Read the entire post here

Author, Informational, Jordan Drysdale, Kent Ickler, Webcasts Blue Team, Networking, Nmap, password policy, Patching, Sysadmins, webcast, webcasts

WEBCAST: Blue Team-Apalooza

Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional “AA” meeting on November 8, 2018. We met and discussed things that seem to be painfully […]

Read the entire post here

Author, Blue Team, External/Internal, Finding, Jordan Drysdale, Red Team BlueTeam, Cisco, External Pentest, internal pentest, Inventory, Jordan Drysdale, Nessus, RedTeam, SIET

Cisco Smart Installs and Why They’re Not “Informational”

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

Read the entire post here

Fun & Games, Informational

Wild West Hackin’ Fest 2018

Bronwen Aker* // For those of you not fortunate enough to attend, this year’s Wild West Hackin’ Fest (WWHF) was phenomenal, featuring speakers from diverse aspects of information security, workshops, […]

Read the entire post here

Author, Jordan Drysdale, Phishing, Red Team, Wireless brief how-to’s, eaphammer, hacking, hostapd-wpe, Jordan Drysdale, Python, rogue.py, Wireless, wireless phishing

Wireless Hack Packages Update

Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I […]

Read the entire post here

Author, Joff Thyer, Mobile, Red Team Android, Android APK, meterpreter, mobile apps, pentest, Red Team

Embedding Meterpreter in Android APK

Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the […]

Read the entire post here

Author, John Strand, Webcasts Malware, testing malware, webcast, webcasts

WEBCAST: Creating and Keeping a Malware Zoo

John Strand// Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is […]

Read the entire post here

How-To, Password Cracking, Red Team Cleartext, Password Cracker, Password cracking, Red Team, Reversible Encryption

How I Cracked a 128-bit Password

Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG,  can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying […]

Read the entire post here

Informational, InfoSec 101 career path in infosec, FAQ, getting in to infosec, information security, infosec, infosec 101

A Career in Information Security: FAQ (Part 2)

Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that […]

Read the entire post here