Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Turns out, by harnessing the powah of C# and the .NET framework you […]
Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques. Note: Windows […]
Darin Roberts// Early in 2018 I wrote a blog about InSpy. InSpy is a great reconnaissance tool that gathers usernames from LinkedIn. My first blog can be found here. A few months ago, a co-worker mentioned to me that InSpy was now requiring an API key. I found out that the updated version did in […]
For this webcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate what RDP logs record with launching password spraying attacks. This has implications for UBEA. It is… kind of cool. Second, we cover how to do […]
In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new (and older) tools we use that fall outside of the standard tools you see in […]
Podcast: Play in new window | Download
John Strand// In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about Nessus, Nmap, or Metasploit. Why? Because there are a ton of new (and older) tools we use that fall outside of the standard tools you […]
Jordan Drysdale//* In this blog, we are assuming that we have obtained an access key, a secret key and maybe a .pem key from a network user who left these things lying around. What services do they have access to? How far can we get? Here we stand again, on the shoulders of giants with […]
David Fletcher & Sally Vandeven// Join David “Fletch” and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and that they use on a daily basis to hack their customers. Slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/6973715/
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with […]
