David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment. The configuration of the centralized infrastructure and the endpoint agents […]
David Fletcher // Recently, we had the opportunity to test a production Cylance environment. Obviously, each environment is going to be different and the efficacy of security controls relies largely […]
Sally Vandeven // All of the BHIS testers are pretty geeked about Hak5’s newest toy — the Bash Bunny. Last week, Jordan blogged about the USB Exfiltration payload. Today I […]
This is a cross-posted blog post written by A. Miller, from SWAMP – the Software Assurance Marketplace. BHIS recently did an engagement with them and you can read about the entire […]
John Strand // It’s odd, we try to push security forward through standards like NIST, the Critical Controls, and PCI, but most organizations strive to meet the bare minimum required […]
Jordan Drysdale // This is a super quick write-up on the first very useful payload we tested and confirmed as 100% reliable on all Windows systems (XP-SP3+) with PowerShell enabled. […]
Carrie Roberts // A fun story from an adventure in social engineering not too long ago. Thought I’d pass on some things I learned and ways to be more prepared in the […]
Carrie Roberts // Unauthenticated Remote Code Execution? A hacker’s best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit […]
Jordan Drysdale // The Wi-Fi travel kit part one was popular enough that, back by demand, here are the specific parts, part numbers and links. Pretty much everything on the list […]
