Stealing 2FA Tokens on Red Teams with CredSniper
Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]
Search Results for: Active Directory
Let’s Go Hunting! How to Hunt Command & Control Channels Using Bro IDS and RITA
Logan Lembke// Here at BHIS, we ♥ Bro IDS. Imagine… Bro IDS Everywhere! If you haven’t encountered Bro IDS before, checkout this webcast on John’s Youtube channel discussing the need for Bro […]
How to Build a Soft Access Point in Ubuntu 16.04
David Fletcher// This blog post is going to illustrate setting up a software access point (AP) on Ubuntu 16.04. Having the ability to create a software AP can be very […]
Empire Bootstrapping v2 – How to Pre-Automate All the Things!
Kent Ickler // A robot wearing boots… with straps…. Have you been tasked with automation in the Command and Control (C2) world? If so your goal is to shorten the […]
Using Burp with ProxyCannon
Carrie Roberts // ProxyCannon is an amazing tool for automatically routing your traffic through multiple cloud servers to diversify the source IP addresses of your traffic. (Thank you #_shellIntel). As […]
Go Ahead, Make Our Day
Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]
Introducing MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
Beau Bullock // TL;DR MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It […]
The New Security Fundamentals – Kill Your AV
John Strand // AV is Dead Long Live Whitelisting. We have been discovering more and more of our tests bypass AV controls with ease. We have yet to see any iteration or […]