How to Weaponize the Yubikey
Michael Allen // A couple of years ago, I had a YubiKey that was affected by a security vulnerability, and to fix the issue, Yubico sent me a brand new […]
Red Team
Webcast: Attack Tactics 5 – Zero to Hero Attack
Timecode links take you to YouTube: 4:11 – Infrastructure & Background8:28 – Overview & Breakdown of Attack Methodology and Plans11:35 – Start of Attack (Gaining Access), Password Spraying Toolkit15:24 – […]
An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit
Jordan Drysdale// This is basically a slight update and rip off of Marcello’s work out here: https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html /tl;dr – Zero to DA on an environment through an exposed Outlook Web […]
How To Rotate Your Source IP Address
Darin Roberts// IP-Go-Round – Source IP Rotation I was on an engagement recently that was blocking my password sprays based on my IP address. If I made 3 incorrect requests […]
BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem.
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
The RDP Through SSH Encyclopedia
Carrie Roberts //* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for […]
Webcast: Endpoint Security Got You Down? No PowerShell? No Problem.
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat […]
Getting PowerShell Empire Past Windows Defender
Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]
I Spy with InSpy v3.0
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A […]