Jordan Drysdale//* In this blog, we are assuming that we have obtained an access key, a secret key and maybe a .pem key from a network user who left these things lying around. What services do they have access to? How far can we get? Here we stand again, on the shoulders of giants with […]
Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The app was giving me headaches, and I was venting my frustration. Penetration testers, red teams, and baddies are always looking for new ways to sneak […]
Matthew Toussain//* Wouldn’t you like to START your pentests knowing every username for all individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with no statute of limitations. In this blog we explore an exploitation workflow using new features of the MailSniper toolkit. […]
John Strand// For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it’s becoming more and more common for new companies to have everything in the “cloud” and everything BYOD. This is also a great case-study on how to access […]
David Fletcher & Sally Vandeven// Join David “Fletch” and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and that they use on a daily basis to hack their customers. Slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/6973715/
Kent Ickler// TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal in your area. Use in the wild at your own risk. Discuss with your peeps before implementing. BHIS @Krelkci are not liable for your actions. Background: In our […]
Derrick Rauch and Kent Ickler// First, to see what our build looks like, look here: https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next? Time for System Rebuild! First you need to decide whether you need encryption, LVM, RAID, multipath, network vlans, or network interface bonding during the installation; if you need to reuse existing partitions on your installation disks. The reason I […]
Dakota Nelson// Cross Origin Request Sharing (CORS) is complicated, and that complexity creates a lot of places where security vulnerabilities can sneak in. This article will give you a “lite” overview of CORS, with a focus on security vulnerabilities that we see most frequently on tests. This isn’t intended to be a full CORS primer […]
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with […]
