Author, Blue Team, External/Internal, Finding, Jordan Drysdale, Red Team BlueTeam, Cisco, External Pentest, internal pentest, Inventory, Jordan Drysdale, Nessus, RedTeam, SIET

Cisco Smart Installs and Why They’re Not “Informational”

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

Read the entire post here

Fun & Games, Informational

Wild West Hackin’ Fest 2018

Bronwen Aker* // For those of you not fortunate enough to attend, this year’s Wild West Hackin’ Fest (WWHF) was phenomenal, featuring speakers from diverse aspects of information security, workshops, […]

Read the entire post here

Author, Jordan Drysdale, Phishing, Red Team, Wireless brief how-to’s, eaphammer, hacking, hostapd-wpe, Jordan Drysdale, Python, rogue.py, Wireless, wireless phishing

Wireless Hack Packages Update

Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I […]

Read the entire post here

Author, Joff Thyer, Mobile, Red Team Android, Android APK, meterpreter, mobile apps, pentest, Red Team

Embedding Meterpreter in Android APK

Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the […]

Read the entire post here

Author, John Strand, Webcasts Malware, testing malware, webcast, webcasts

WEBCAST: Creating and Keeping a Malware Zoo

John Strand// Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is […]

Read the entire post here

How-To, Password Cracking, Red Team Cleartext, Password Cracker, Password cracking, Red Team, Reversible Encryption

How I Cracked a 128-bit Password

Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG,  can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying […]

Read the entire post here

Informational, InfoSec 101 career path in infosec, FAQ, getting in to infosec, information security, infosec, infosec 101

A Career in Information Security: FAQ (Part 2)

Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that […]

Read the entire post here

Informational, InfoSec 101 career path, college, FAQ, Getting into Infosec, getting started, infosec 101

A Career in Information Security: FAQ (Part 1)

Staff// We recently received an email from someone working on their degree who had some questions for whichever tester we could round up. They were great questions and since we […]

Read the entire post here

Author, How-To, Informational, InfoSec 101, John Strand, Webcasts career change, Getting into Infosec, getting started, How to get into infosec, starting your career

Webcast: John Strand’s 5 Year Plan into InfoSec, Part 2

John Strand talks about his own journey into information security and shares his suggestions for those wanting to get started from scratch or who are looking to change career tracks. […]

Read the entire post here