Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called C&C or Command and Control. I will refer to it as C2 as here at BHIS, that is what we do. Some of you might […]
Brian Fehrman // You’ve sent your phishing ruse, the target has run the Meterpreter payload, and you have shell on their system. Now what? If you follow our blogs, you probably have quite a few ideas! One thing that I don’t typically do is port scan other systems on the network. There are a few reasons […]
Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I knew shellz were in my future, but it was not as easy as I expected. Here was my journey and some things I learned. First, […]
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, or perhaps you have been placed there to begin with. Being the l33t ninja penetration tester that you are, you lead with some low n’ […]
