Pentesting

Red Team, Red Team Tools BurpSuite, cloud traffic, IP addresses, password spray, penetration testing, Pentesting, ProxyCannon, tools, traffic

Using Burp with ProxyCannon

Carrie Roberts // ProxyCannon is an amazing tool for automatically routing your traffic through multiple cloud servers to diversify the source IP addresses of your traffic. (Thank you #_shellIntel). As […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, Cylance, Cylance Bypass, dnscat2, Pentesting

Bypassing Cylance: Part 2 – Using DNSCat2

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment. The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless onsite, pen-testing, penetration testing, Pentesting, Wi-Fi travel kit, wireless kit

The Wi-Fi Travel Kits

Jordan Drysdale // Sally and I recently ventured to an on-site wireless engagement with a very security-mature customer. Long story short, the level of protection that WPA2 Enterprise with certificate validation provides […]

Read the entire post here

Author, John Strand, Red Team industry trends, Pentesting, pink teaming, red teaming

Pink Teaming: The Dilution of Pentesting

John Strand // There have been a few conversations at conferences and meet-ups over the past year or so about the validity of penetration testing. There are many things on […]

Read the entire post here

00162_01202017_AndroidDevPenetrationTestingSetup2

Author, Joff Thyer, Mobile, Red Team Android, Android Dev, mobile apps, Pentesting

Android Dev & Penetration Testing Setup – Part 2: Installing Android Studio

Joff Thyer // Editor’s Note: This is part 2 of a 3 part series. Part 1 discussed configuring your virtual machine engine and virtual hardware emulation. Part 2 (this part) covers […]

Read the entire post here

00161_01172017_AndroidDevPenetrationTestingSetup1

Author, Joff Thyer, Mobile, Red Team Android, Android Dev, mobile apps, Pentesting, pentesting mobile apps

Android Dev & Penetration Testing Setup – Part 1

Joff Thyer // Editor’s Note: This is part 1 of a 3 part series. Part 1 will discuss configuring your virtual machine engine and virtual hardware emulation. Part 2 covers installing […]

Read the entire post here

Phishing, Red Team con artistry, Marketing, pen-testing, penetration testing, Pentesting, phishing, social engineering

A Marketer’s Lessons in Con Artistry for Good & Learning

Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]

Read the entire post here

«‹ 2 3 4 5 ›