Pentesting

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless onsite, pen-testing, penetration testing, Pentesting, Wi-Fi travel kit, wireless kit

The Wi-Fi Travel Kits

Jordan Drysdale // Sally and I recently ventured to an on-site wireless engagement with a very security-mature customer. Long story short, the level of protection that WPA2 Enterprise with certificate validation provides […]

Read the entire post here

Author, John Strand, Red Team industry trends, Pentesting, pink teaming, red teaming

Pink Teaming: The Dilution of Pentesting

John Strand // There have been a few conversations at conferences and meet-ups over the past year or so about the validity of penetration testing. There are many things on […]

Read the entire post here

Author, Joff Thyer, Mobile, Red Team Android, Android Dev, mobile apps, Pentesting

Android Dev & Penetration Testing Setup – Part 2: Installing Android Studio

Joff Thyer // Editor’s Note:  This is part 2 of a 3 part series.  Part 1 discussed configuring your virtual machine engine and virtual hardware emulation.  Part 2 (this part) covers […]

Read the entire post here

Author, Joff Thyer, Mobile, Red Team Android, Android Dev, mobile apps, Pentesting, pentesting mobile apps

Android Dev & Penetration Testing Setup – Part 1

Joff Thyer // Editor’s Note:  This is part 1 of a 3 part series.  Part 1 will discuss configuring your virtual machine engine and virtual hardware emulation.  Part 2 covers installing […]

Read the entire post here

Phishing, Red Team con artistry, Marketing, pen-testing, penetration testing, Pentesting, phishing, social engineering

A Marketer’s Lessons in Con Artistry for Good & Learning

Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks.  I show up occasionally in webcasts, lurking again in the shadows, […]

Read the entire post here

Author, Ethan Robish, Red Team, Red Team Tools ADHD, Bugging Word Files, Microsoft, MS Word, Pentesting, Web Word Bugs, Word

Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word

Ethan Robish // If you’re familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. […]

Read the entire post here

Author, David Fletcher, Red Team pentest reporting, pentest reports, Pentesting, red team life, reporting, technical writing, writing

How to Not Suck at Reporting (or How to Write Great Pentesting Reports)

David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]

Read the entire post here