Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]
Derrick Rauch and Kent Ickler // (Updated 3/22/2019) First, to see what our build looks like, look here: https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next? Time for System Rebuild! First, you need to decide whether you […]
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” […]
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username […]
Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]
David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]
John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. […]
Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]
John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with […]
