Black Hills Information Security
Penetration testing for Fortune 50 companies since 2008.
  • About Us
    • Testers
    • Admin
    • Partners
    • Interns
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Penetration Testing
    • Active SOC
    • Blue Team Services
    • Hunt Team (HTOC)
    • Cyber Range
  • Projects/Tools
    • All Tools
    • RITA
    • Backdoors & Breaches
    • Books
  • Learn
    • Blog
    • Webcasts
    • Podcasts
    • Training
75fce7_64d0f839ad00414d94c8de7e559117e8

External/Internal, Password Spray, Red Team domain creds, exploiting passwords, gaining access to domain credentials, passwords, reusing passwords

Exploiting Password Reuse on Personal Accounts: How to Gain Access to Domain Credentials Without Being on a Target’s Network: Part 1

Beau Bullock // In this series of posts I am going to detail multiple ways to gain access to domain user credentials without ever being on a target organization’s network. The first method involves exploiting password reuse issues where a user might have reused the same password they used for their corporate domain account on […]

Read the entire post here

Warning: This Post Contains Macros

How-To, InfoSec 101 Average User, BlackEnergy, Education, macros, MS Office, Ukraine

Warning: This Post Contains Macros

Lisa Woody // On the 23rd of December, a cyber attack left hundreds of thousands of people in the Ukrainian region of Ivano-Frankivsk without power. This was the first confirmed incident of cyber attackers taking down a power grid. Various reports have since indicated that this was a coordinated, sophisticated effort which employed a trojan […]

Read the entire post here

Let’s Talk About Direct Object References

Red Team, Web App Direct Object References, HIPAA, HIPAA violations, user profiles, XKCD

Let’s Talk About Direct Object References

Kelsey Bellew // Maybe you don’t know what Direct Object References mean, if you Google it, you’d get this: This description uses the words “direct”, “object” and “reference” to describe a “direct object reference”. That’s never a good sign. Let’s approach this from a different angle. Say there’s a website. Say there are users on this […]

Read the entire post here

Beware Public Wi-Fi Insecurity – Part 1: Reviewing the Neighborhood

General InfoSec Tips & Tricks, InfoSec 101 free wifi, the dangers of public wifi, wifi

Beware Public Wi-Fi Insecurity – Part 1: Reviewing the Neighborhood

Jordan Drysdale // Our community’s downtown district is approximately a five block by four block area. There are art stores, toy shops, candy retailers, restaurants, bars and hotels. Significant investment has been made in revitalizing and adding an area called “Main Street Square.” Almost all of these businesses offer some form of public wireless network, […]

Read the entire post here

Hacking Like It’s 1999

Blue Team, How-To, Hunt Teaming hacking, old scripts, old stuff

Hacking Like It’s 1999

Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where there was a virtual terminal open: After looking I asked what the system did, he said it was just a GitLab server for a personal […]

Read the entire post here

Why The Hate for Threat Intelligence Feeds?

InfoSec 101

Why The Hate for Threat Intelligence Feeds?

John Strand // Recently on an episode of Security Weekly, I lost my mind on threat intelligence feeds.  I feel just a bit bad about it. Right Apollo? But…  I think I need to explain how I got to this point.  Through SANS and IANS I come into contact with a large number of companies […]

Read the entire post here

External/Internal, Phishing, Red Team email filters, empire macros, modifying empire macros

How To Modify Empire Macro to Bypass Mail Filters

Brian Fehrman //

Read the entire post here

Pentesting with Linked Clones

How-To, InfoSec 101 linked clones, Pentesting, virtual machine, VM

Pentesting with Linked Clones

Brian B. King // If working with several customers at once, or in succession, it would be easy to lose track of whose data you’re looking at, or to include one customer’s information in another’s report. That would be bad. Using a separate virtual machine for each customer can help you avoid those mistakes, but […]

Read the entire post here

75fce7_17bef76f115246d593e62f14d349b4ae

External/Internal, Red Team encryption, mimikatz, passwords

Your Password Is… wait for it… NOT Always Encrypted

Sally Vandeven // As pentesters we LOVE passwords – they come in all shapes and sizes. A good password has 16+ characters and a mix of case, digits and special characters so that a computer would require many years to brute force it.  Even though these passwords may be difficult to crack, it turns out […]

Read the entire post here

«‹ 54 55 56 57 58 ›

Follow Us

Looking For Something?

Subscribe to the BHIS blog

Don't get left in the dark! Enter your email address and every time a post goes live you'll get an instant notification! We'll also add you to our webcast list, so you won't miss our occasional emails about upcoming events! (We promise, we're not spammy!)

Browse by category

Recent Posts

  • Talkin’ About Infosec News – 3/3/2021
    Originally Aired on March 3, 2021 Articles discussed
  • Talkin’ About Infosec News – 3/1/2021
    Originally Aired on March 1, 2021 Articles discussed
  • Talkin’ About Infosec News – 2/24/2021
    Originally Aired on February 24, 2021 Articles

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Blue Team bypassing AV C2 cloud command and control hardware hacking Hashcat infosec john strand Jordan Drysdale Kent Ickler Linux LLMNR MailSniper Microsoft Nessus Nmap Password cracking password policy passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast Podcasts PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Black Hills Information Security

115 W. Hudson St. Spearfish, SD 57783 | 701-484-BHIS
© 2008

Links
Search the site