David Fletcher

Pushing Your Way In
David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon […]

Finding Buried Treasure in Server Message Block (SMB)
David Fletcher // Service Message Block (SMB) shares can represent a significant risk to an organization. Companies often lack a realistic understanding of the exposure that SMB shares represent. Effective management typically requires a sound information management […]

Backdoors & Breaches: Logon Scripts
David Fletcher // This blog post discusses the relevance and techniques involved in logon script abuse. While the Backdoors & Breaches card is featured for this topic, the post will […]

Check Your Perimeter
David Fletcher // With so many organizations transitioning to remote work in order to stem the tide of COVID-19 infections, we wanted to cover some of the configuration elements you […]

Webcast: Weaponizing Active Directory
Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WeaponizingActiveDirectory.pdf 0:54 Background behind this webcast, what and […]

Finding: Server Supports Weak Transport Layer Security (SSL/TLS)
David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

Finding: Weak Password Policy
David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]