Author

00317_07102018_WEBCAST_AttackTacticsPart3

Author, John Strand, Red Team, Webcasts Attack Tactics, Red Team, webcast, webcasts

WEBCAST: Attack Tactics 3

John Strand// For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it’s becoming more […]

Read the entire post here

Author, Blue Team, How-To, Kent Ickler, Phishing Anti-Phising, Best Practices, Blue Team, DKIM, DMARC, Email, Filtering, Incident Response, IR, Kent Ickler, Marketing, phishing, reconnaissance, RFC 4408, Sender Policy Framework, Spam, SPF

Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework

Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]

Read the entire post here

Author, Derrick Rauch, How-To, Kent Ickler, Password Cracking, Red Team Cracking, GPU, Hash, Hashcat, NVidia, password, Red Team, setup, Ubuntu

Running HashCat on Ubuntu 18.04 Server with 1080TI

Derrick Rauch and Kent Ickler // (Updated 3/22/2019) First, to see what our build looks like, look here: https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next? Time for System Rebuild! First, you need to decide whether you […]

Read the entire post here

Author, External/Internal, How-To, Informational, InfoSec 201, Kent Ickler, Password Cracking, Wireless Cheat Sheet, Cracking, dictionary, Hashcat, Hashing, Jordan Drysdale, Password cracking

Hashcat 4.10 Cheat Sheet v 1.2018.1

Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]

Read the entire post here

Author, David Fletcher, Finding encryption, Secure Sockets Layer, SSL, TLS, Transport Layer Security, Web

Finding: Server Supports Weak Transport Layer Security (SSL/TLS)

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports. The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

Read the entire post here

Author, Blue Team, John Strand, Podcasts Attack Tactics, Blue Team, Defending Networks, Tools for the blue team, webcast

PODCAST: Attack Tactics Part 2

John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Blue Team, How-To, Kent Ickler Active Directory, AD, AD Best Practices, Best Practices, Kent Ickler, Link Layer Multicast Name Resolution, LLMNR, network

How To Disable LLMNR & Why You Want To

Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]

Read the entire post here

Author, David Fletcher, Finding, Informational bad passwords, password, password policy, weak password

Finding: Weak Password Policy

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

Read the entire post here

00299_05102018_CrackOfficePasswordsWithDictionary

Author, External/Internal, How-To, Kent Ickler, Password Cracking AES, CeWL, decrypt, dictionary, encryption, Exce, Hashcat, John the Ripper, JTR, Kent Ickler, LinkedIn, microsoft office, Office, SHA, wordlist

How to Crack Office Passwords with a Dictionary

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

Read the entire post here

«‹ 41 42 43 44 ›»