Author

Ben Bowman, How-To, Informational, Red Team, Red Team Tools Forensics, Memory Forensics, Volatility

Offline Memory Forensics With Volatility

Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.

Read the entire post here

Brian Fehrman, How-To AI, AI Hacking, Artificial Intelligence, Hacking Classifiers, Machine Learning

Getting Started with AI Hacking: Part 1

You may have read some of our previous blog posts on Artificial Intelligence (AI). We discussed things like using PyRIT to help automate attacks. We also covered the dangers of […]

Read the entire post here

Ben Bowman, Blue Team, Blue Team Tools, External/Internal, Web App Cyber Deception, Deceptive Tooling, Go-Spoof

Go-Spoof: A Tool for Cyber Deception

Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.

Read the entire post here

How-To, Michael Allen, Webcast Wrap-Up Adversary-in-the-Middle, MFA, Multi-Factor Authentication

How to Test Adversary-in-the-Middle Without Hacking Tools

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, Jack Hyland, Web App cross-site scripting, xsscanary

Canary in the Code: Alert()-ing on XSS Exploits

I’ve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem […]

Read the entire post here

Ben Bowman, How-To, Informational, John Strand, Red Team Tools, Webcast Wrap-Up Joseph Boyd, Wi-Fi Forge

How to Hack Wi-Fi with No Wi-Fi

In this video, John Strand and his team discuss the challenges of setting up and running wireless labs, particularly focusing on the issues faced during Wild West Hackin’ Fest events. They highlight the development of an open-source project aimed at virtualizing wireless labs, which allows learners to practice wireless hacking techniques without needing physical hardware.

Read the entire post here

Corey Ham, External/Internal, GRC, Red Team, Webcast Wrap-Up Kelli Tarala, penetration testing, pentest

Why Your Org Needs a Penetration Test Program

This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]

Read the entire post here

Ben Bowman, Hardware Hacking, Informational, Wireless wi-fi, Wi-Fi Forge

Wi-Fi Forge: Practice Wi-Fi Security Without Hardware

In the world of cybersecurity, it’s important to understand what attack surfaces exist. The best way to understand something is by first doing it. Whether you’re an aspiring penetration tester, […]

Read the entire post here