PowerShell DNS Command & Control with dnscat2-powershell
Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]
My Ransomware Post-Mortem
Cody Smith* // As information security professionals we’re not invincible to breaches. Even the most robust security system can’t make up for a lack of user education, which I was […]
WEBCAST: Sacred Cash Cow Tipping 2016
John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.
How to Bypass Anti-Virus to Run Mimikatz
Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script “Invoke-Mimikatz” from PowerSploit on my machine but it was […]
How to Phish for Geniuses
David Fletcher // Recently we were involved in an engagement where we expected to see a large number of Macs in the target environment. As an element of the engagement […]
Malicious Outlook Rule without an EXE
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]
A Marketer’s Lessons in Con Artistry for Good & Learning
Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]
WEBCAST: Demo of Domain Password Audit Tool
Check out Carrie’s demo of her DPAT, and if you missed her blog, check that out here.
Bite the Pages of an Ebook: Tiny People Need to See You Get Excited about Electronic Text
Gail Menius // We avoid tasks that are too hard. When we avoid them (consciously or unconsciously) the things we do instead are called “avoidance behaviors.” Adults and teachers alike […]