Black Hills Information Security
Penetration testing for Fortune 50 companies since 2008.
  • About Us
    • Testers
    • Admin
    • Partners
    • Interns
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Penetration Testing
    • Active SOC
    • Blue Team Services
    • Hunt Team (HTOC)
    • Cyber Range
  • Projects/Tools
    • All Tools
    • RITA
    • Backdoors & Breaches
    • Books
  • Learn
    • Blog
    • Webcasts
    • Podcasts
    • Training
00036_03042016_HowToCreateSOHORouter2

How-To soho router, ubuntu linux

How to create a SOHO router using Ubuntu Linux

Joff Thyer // This post is cross-posted from Packet Header on 3/1/16. __________   On Security Weekly Episode 452, I presented a technical segment on how to build your own small office/home office wired router. This blog post will list of the essential components, and expand upon the technical segment. Our goal is to build […]

Read the entire post here

More on Threat Intelligence Feeds

InfoSec 101 Purple Team, threat intelligence feeds

More on Threat Intelligence Feeds

Derek Banks // John’s hating on threat intelligence feeds post got me thinking.  As a former blue team member that is now solidly purple team, I do not hate threat intelligence (sorry, John).  But, I am not going to disagree with John’s take (and not just because he signs my paychecks), because he’s right. ​​   […]

Read the entire post here

75fce7_603ace2f9ba84193b866ed42c4ce27de

InfoSec 101 pen-testing, penetration testing, pentest, Pentesting, Vulnerability Assessment

Wedgies & Penetration Testing

Carrie Roberts // In information security, what is the difference between a vulnerability assessment and a penetration test? A penetration test is a vulnerability assessment with the addition of exploitation attempts and manual investigation. A penetration test is not a subset of a vulnerability test, it is an addition to it and has the following […]

Read the entire post here

Check\ Your\ Tools

Password Spray, Red Team bad passwords, password, passwords

Check\ Your\ Tools

Brian King // There’s a one-liner password spray script that a lot of folks use to see if anyone on a domain is using a bad password like LetMeIn! or Winter2015. It reads a list of users from a file, a list of passwords (or just one password, if you’ve got a healthy streak of […]

Read the entire post here

Check Your Image

How-To Image, Linux, Linux Mint, Vulnerabilites

Check Your Image

Lawrence Hoffman // Today I’ll walk through the process I use to verify ISO images before I install them. If you downloaded Linux Mint 17.3 Cinnamon on February 20th there’s some chance that you obtained an ISO with malware installed. The Linux Mint team posted notification on their blog on February 21st at around 2:00 […]

Read the entire post here

EyeWitness and Why It Rocks

External/Internal, Red Team EyeWitness, Pentesting, vulnerability scans

EyeWitness and Why It Rocks

Brian Fehrman // External and Internal vulnerability scans are often part of any penetration test. Automated scanning tools, however, can’t always find the “good stuff.” Many times, some of the worst things that we find are in the results marked as Low-Severity or Informational in nature. It can be as easy as just visiting a […]

Read the entire post here

00030_02182016_HowToTestForOpenMailRelays(2)

External/Internal, Red Team external network assessment, mail relays, mail servers, pen-testing, penetration testing, Pentesting, testing for open mail relays

How to Test for Open Mail Relays

Carrie Roberts // *Guest Blog It is important to ensure that your external mail servers are properly configured to not support open relaying of mail. An open mail relay can be abused by spammers, eating up your resources and landing you on a blacklist. It is not too common to find completely open mail relays […]

Read the entire post here

00029_02172016_PasswordSpraying2

Recon, Red Team domain credentials, domain creds, password spraying, passwords

Password Spraying Outlook Web Access – How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 2

Beau Bullock // This is part two of a series of posts (See part 1 here) where I am detailing multiple ways to gain access to domain user credentials without ever being on a target organization’s network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for […]

Read the entire post here

75fce7_64d0f839ad00414d94c8de7e559117e8

External/Internal, Password Spray, Red Team domain creds, exploiting passwords, gaining access to domain credentials, passwords, reusing passwords

Exploiting Password Reuse on Personal Accounts: How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 1

Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on […]

Read the entire post here

«‹ 53 54 55 56 57 ›»

Follow Us

Looking For Something?

Subscribe to the BHIS blog

Don't get left in the dark! Enter your email address and every time a post goes live you'll get an instant notification! We'll also add you to our webcast list, so you won't miss our occasional emails about upcoming events! (We promise, we're not spammy!)

Browse by category

Recent Posts

  • Talkin’ About Infosec News – 3/1/2021
    Originally Aired on March 1, 2021 Articles discussed
  • Talkin’ About Infosec News – 2/24/2021
    Originally Aired on February 24, 2021 Articles
  • Talkin’ About Infosec News – 2/22/2021
    Originally Aired on February 22, 2021 Articles

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Blue Team bypassing AV C2 cloud command and control hardware hacking Hashcat infosec john strand Jordan Drysdale Kent Ickler Linux LLMNR MailSniper Microsoft Nessus Nmap Password cracking password policy passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast Podcasts PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Black Hills Information Security

115 W. Hudson St. Spearfish, SD 57783 | 701-484-BHIS
© 2008

Links
Search the site