A Pentester’s Voyage – The First Few Hours
Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs […]
Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs […]
Do you know what your attackers know? There’s a good chance you know, but you might not be aware of just how much information can be found historically and in […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get […]
BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_OpenSourceExploitsinCloudsBigDataServices.pdf 4:18 Problem statement and exploitation timeline8:28 MapReduce and […]
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found […]
Timecode links take you to YouTube: 4:11 – Infrastructure & Background8:28 – Overview & Breakdown of Attack Methodology and Plans11:35 – Start of Attack (Gaining Access), Password Spraying Toolkit15:24 – […]