WEBCAST: Sacred Cash Cow Tipping 2016
John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.
How to Bypass Anti-Virus to Run Mimikatz
Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script “Invoke-Mimikatz” from PowerSploit on my machine but it was […]
How to Phish for Geniuses
David Fletcher // Recently we were involved in an engagement where we expected to see a large number of Macs in the target environment. As an element of the engagement […]
Malicious Outlook Rule without an EXE
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]
A Marketer’s Lessons in Con Artistry for Good & Learning
Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]
WEBCAST: Demo of Domain Password Audit Tool
Check out Carrie’s demo of her DPAT, and if you missed her blog, check that out here.
Bite the Pages of an Ebook: Tiny People Need to See You Get Excited about Electronic Text
Gail Menius // We avoid tasks that are too hard. When we avoid them (consciously or unconsciously) the things we do instead are called “avoidance behaviors.” Adults and teachers alike […]
PowerShell Logging for the Blue Team
Joff Thyer // It is no secret that PowerShell is increasingly being used as an offensive tool for attack purposes by both Red Teamers and Criminals alike. Thanks to […]
BHIS’s Annual Infosecker’s* Gift-List
Sierra Ward & Staff // Buying gifts can be tough, especially for your family members who are totally mystified by your profession. “Don’t you hack the stuff with the things?” […]