Red Team

Blue Team, Red Team DeepSec16, encryption, enter key, enter sesame, Linux, LUKS

Two Button PWNage

Logan Lembke // Step One: Power. Step Two: Enter. Step Three: ???? Step Four: Profit. In the security industry, we love our encryption. However sometimes, the complexity introduced by encryption […]

Read the entire post here

Author, Fun & Games, Jordan Drysdale, Red Team, Wireless Hand Crafted, hardware hacking, More Fun Projects, Princess Computer, Weaponizing Kids' Toys, Wi-Fi Attack Kits

Weaponizing Princess Toys: Crafting Wi-Fi Attack Kits

Jordan Drysdale // … Alternate Title: “Why I Love BHIS” So, I was gifted this cute little princessy-toy thing recently. My first thought was that my daughters will love this thing. […]

Read the entire post here

Author, Ethan Robish, Red Team, Red Team Tools Bugging Excel files, Bugging xlsx files, Colin Edwards, Excel, Microsoft Excel, microsoft office

Bugging Microsoft Files: Part 2 – Xlsx Files using Microsoft Excel

Ethan Robish // As promised in my previous post, part 1, this post shows how to place a tracking bug in a native .xlsx file. Full credit for this method […]

Read the entire post here

Red Team, Red Team Tools Digital Ocean, Outlook, OWA, webDAV

Deploying a WebDAV Server

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

Read the entire post here

Author, Ethan Robish, Red Team, Red Team Tools ADHD, Bugging Word Files, Microsoft, MS Word, Pentesting, Web Word Bugs, Word

Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word

Ethan Robish // If you’re familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here

Author, Blue Team, David Fletcher, Red Team Blue Team, Conference Talk, GrrCon, Purple Team, Red Team, Red Team vs. Blue Team

Red + Blue = Purple

David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]

Read the entire post here

Author, David Fletcher, Red Team pentest reporting, pentest reports, Pentesting, red team life, reporting, technical writing, writing

How to Not Suck at Reporting (or How to Write Great Pentesting Reports)

David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team NTFS Permissions, pen-testing, Pentesting

How to Take Advantage of Weak NTFS Permissions

David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]

Read the entire post here

«‹ 30 31 32 33 ›»