Dakota Nelson// For a lot of our customers, their first introduction to pentesting is a vulnerability scan from BHIS. This is after talking to the testers, of course, and setting up rules of engagement, sharing which hosts are within scope, and talking over how we, as testers here at BHIS, can best help secure their […]
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you don’t own one, you need to get one. https://www.badgy.com/products/badgy-200.html While stuffing this thing in my suitcase was the obvious choice, maybe in the future I’ll avoid the […]
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, dumping clear text credentials from memory, and installing persistent back doors on the system. Insecurely-configured Windows Services can be one avenue for privilege escalation. Windows […]
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From a command channel perspective, the work that Raphael Mudge has put into Cobalt Strike makes it an attractive platform for teamwork. Unlike traditional methods of […]
Beau Bullock, Brian Fehrman, & Derek Banks // Pentesting organizations as your day-to-day job quickly reveals commonalities among environments. Although each test is a bit unique, there’s a typical path to “winning” that present themselves over and over. Expensive, difficult to configure, and cumbersome to maintain tools exist to help prevent and alert on some […]
Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping events to a central location. Why do this? I wanted a Windows-based server with all of the event logs from the environment so that […]
Derek Banks, Beau Bullock & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated privileges and ultimately access sensitive data. Most of the time, this is achieved through credential abuse. As pentesters, the primary condition we take advantage […]
Brian King // On a recent webapp test, I got a little frustrated with all the extra HTTP requests showing up in my Burpsuite Proxy History from connections that Firefox was making on its own. I was having to scroll around way more than I used to while trying to make sense of the traffic. […]
