Vulnerabilities Archives - Black Hills Information Security

External/Internal, Red Team, Red Team Tools Gold Paper, Internal Pen Test, Pivot, Vulnerabilities, XML External Entity, XXE

XML External Entity – Beyond /etc/passwd (For Fun & Profit)

Robert Schwass*// Last week I was asked twice in one day if I knew what XML External Entity (XXE) Vulnerabilities were. Maybe they are making a comeback in mainstream security […]

Read the entire post here

External/Internal, Red Team, Red Team Tools, Webcasts Email, MS, OWA, Vulnerabilities

WEBCAST: Exchange and OWA attacks – Step by Step

Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.

Read the entire post here

External/Internal, Red Team 2FA, Email, EWS, MailSniper, Microsoft, Outlook, OWA, OWA portal, Vulnerabilities

Bypassing Two-Factor Authentication on OWA & Office365 Portals

Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]

Read the entire post here

Red Team, Web App Info2Ouch, Nessus, Vulnerabilities

Service Detection – Tomcat Manager, From “Info” to “Ouch”

Carrie Roberts // Continuing on the thread of highlighting Nessus vulnerability scan results that turned out to be more severe than reported . . . I always review the “Info” level “Service […]

Read the entire post here

External/Internal, Password Spray, Red Team Info2Ouch, Nessus, Vulnerabilities

Asterisk SIP Server, From “Info” to “Ouch”

Carrie Roberts // I learned some new stuff that will make me pay attention to “Asterisk Detection” Nessus informational findings in the future . . . On an external network […]

Read the entire post here