Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I met this dude at HackWest 2018 doing his thing. Full workshop, his time and effort free for the public. Brilliant kid, couldn’t have been nicer, […]
Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the days of thin clients. As the pendulum swings yet again, our thin client can be anything from a JavaScript browser framework to a mobile enabled […]
Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG, can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying to launch Hashcat, throw a bunch of hashes at it and watch the progress over minutes, which turns into hours and then days. It does […]
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that most networks (or their own network) block outbound SMB traffic. In my phishing payloads I always try to inject a UNC path: If macros are […]
Melisa Wachs// The first day of school starting soon for your school-age kiddos. What better time to run through some of our basic reporting guidelines with y’all? Here is a short list of points I’ve learned after ten years of reading and editing pen test reports here at Black Hills Information Security. DO: Set up […]
Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates an added level of security to the external perimeter, it also forces red teams and pentest organizations to innovate new techniques into capturing 2FA tokens […]
Jordan Drysdale//* In this blog, we are assuming that we have obtained an access key, a secret key and maybe a .pem key from a network user who left these things lying around. What services do they have access to? How far can we get? Here we stand again, on the shoulders of giants with […]
Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The app was giving me headaches, and I was venting my frustration. Penetration testers, red teams, and baddies are always looking for new ways to sneak […]
Matthew Toussain//* Wouldn’t you like to START your pentests knowing every username for all individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with no statute of limitations. In this blog we explore an exploitation workflow using new features of the MailSniper toolkit. […]
