Search Results for: password

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

InfoSec 201, Red Team, Social Engineering Family Tree Now, genealogy, OSINT, phishing, social engineering

Phishing Family Tree Now: A Social Engineering Odyssey

Joe Gray* // You may have heard about a new genealogy tool called Family Tree Now. It is a (seemingly) 100% free tool (more on that later) that allows you to […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools AV, AV bypass, AV vendors, ESET, Kaspersky, PowerOPS, PowerOPS Frameword, PowerShell, Tipping Cash Cows

Power Posing with PowerOPS

Brian Fehrman // As described in my last blog post, Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV (sheeesh…it’s been a bit!), we are seeing more environments in […]

Read the entire post here

C2, Red Team C2, DNS C2, dnscat2, PowerShell, tunneling

PowerShell DNS Command & Control with dnscat2-powershell

Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]

Read the entire post here

Blue Team backups, be prepared, breach, Christmas delivery phish, good times all around, Oh !@$# moments, Osiris ransomware, ransomware

My Ransomware Post-Mortem

Cody Smith* // As information security professionals we’re not invincible to breaches. Even the most robust security system can’t make up for a lack of user education, which I was […]

Read the entire post here

Red Team, Red Team Tools All the AVs, anti-virus, bypassing AV, Carrie Roberts, mimikatz, Windows Defender

How to Bypass Anti-Virus to Run Mimikatz

Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script “Invoke-Mimikatz” from PowerSploit on my machine but it was […]

Read the entire post here

Red Team, Red Team Tools password spraying, powershell domain user enumeration, tools

Domain User Enumeration

Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]

Read the entire post here

Red Team, Red Team Tools Digital Ocean, Outlook, OWA, webDAV

Deploying a WebDAV Server

Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as […]

Read the entire post here

Author, Beau Bullock, External/Internal, Red Team 2FA, Beau Bullock, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here