Hacking Unifi Controller Passwords for Fun and WIFI
Kent Ickler // Because, you know—that should be a thing. TL;DR: Don’t run the Unifi Controller on a laptop in the closet. BACKGROUND Ubiquiti’s Unifi controller is a network device, or software […]
How-To
Webcast: Shellcode Execution with GoLang
In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Getting Started in Blockchain Security and Smart Contract Auditing
Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Understanding Zigbee and Wireless Mesh Networking
Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology […]
Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit
Stephan Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address. In June, @Harmj0y and @tifkin_ […]
How to Phish for User Passwords with PowerShell
tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication […]
Webcast: How to Build a Phishing Engagement – Coding TTP’s
Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Pushing Your Way In
David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon […]
Webcast: Getting Started in Pentesting The Cloud: Azure
In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS