Attacking Exchange with MailSniper
Beau Bullock // I’ve added in a few modules to MailSniper that will assist in remote attacks against organizations that are hosting an externally facing Exchange server (OWA or EWS). Specifically, […]
Many Thanks to BHIS
Kali Regenold // My time here at Black Hills Information Security has been short so far, but I believe it’s been the most important four months of my computer science […]
Ten years later… Memories from Pentesting Past
John Strand // So, I have passed the timeframe where I have been actively penetration testing for over a decade…. I have a large number of pretty strongly held beliefs […]
John’s Talk from DerbyCon 2016
John Strand //
Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]
Turning a Raspberry Pi 3 Into a Cloaking Device With goSecure VPN
Jordan Drysdale // This article, like the IADGov link here has three major steps. First, acquire a Raspberry Pi and a VPS running CentOS 6.8. Second, configure the server and Raspberry […]
Adding Egress Brute Force to PowerShell Payloads
Guest post* by Robert Schwass // We’ve all been there. You craft the perfect phishing email, register a great domain name, your multi handler is set up ever so perfectly. And […]
Mining Mary’s Social Media Antics for Social Engineering
Christine Sorensen // Let’s talk about Mary. Mary Watson is a girl in her twenties and just graduated from Midtown University with her bachelors in Fashion Merchandising. Mary is now […]
Downloading an Address Book from an Outlook Web App (OWA) Portal
Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]