Jordan Drysdale// tl;dr Inventory management and personnel management are critical to making this work. Often, the difference between your company becoming a statistic and catching someone with a foothold in your network is limiting the privilege of users on your systems. If my first check after infecting your systems is whether or not I am […]
Carrie Roberts//* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell Empire, which connects to a localhost port on the victim. The local port is forwarded to the remote Empire server through an SSH connection so that […]
Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, “The default creds are probably printed on the back; I wonder if those were ever changed?” When I see an unattended locked door propped open by a shoe or a box, it’s “Why would […]
Carrie Roberts*// I’m a red teamer, I love my job but I spend way too much time at a desk in front of a computer. This year I wanted to find a way to continue spending a lot of time at the computer without letting my physical health decline. This article will describe my journey […]
Joff Thyer// Many of you have probably already looked at Beau Bullock’s fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the base dropbox platform using different platforms. In this case, I selected the ODroid-C2 platform running KALI (ARM) edition and am going to extend upon that […]
Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional “AA” meeting on November 8, 2018. We met and discussed things that seem to be painfully slow to take hold in our organizations; patching, regular scanning, even just finding time to manage our inventory. Slides available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7945173/ Five Things (That Seriously […]
Bronwen Aker* // For those of you not fortunate enough to attend, this year’s Wild West Hackin’ Fest (WWHF) was phenomenal, featuring speakers from diverse aspects of information security, workshops, labs, and a killer CTF, all taking place at the Deadwood Mountain Grand, a Holiday Inn Resort Hotel, Casino, Spa and Event Center. In spite […]
Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that you took that had a lasting impact on your career? Courses in Human Capital Management had the most lasting impacting on my career. But, I […]
Staff// We recently received an email from someone working on their degree who had some questions for whichever tester we could round up. They were great questions and since we get asked similar things quite frequently we decided to create a 2-part blog post answering them with the help of several testers. See what they […]
