Social Engineering in Japan
Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, “The default creds are probably printed on the back; […]
Red Team
PODCAST: RDP Logging Bypass and Azure Active Directory Recon
For this podcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
WEBCAST: RDP Logging Bypass and Azure Active Directory Recon
For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]
Cisco Smart Install Escalation and Update!
Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also […]
PODCAST: BHIS Sorta Top Used Tools of 2018
In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about Nessus, Nmap, […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
WEBCAST: BHIS Sorta Top Used Tools of 2018
John Strand// In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about […]
How To: C2 Over ICMP
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what […]
Pentesting Dropbox on Steroids
Joff Thyer// Many of you have probably already looked at Beau Bullock’s fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the […]
Cisco Smart Installs and Why They’re Not “Informational”
Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]