Author, David Fletcher, Phishing, Red Team Empire, Macro, macro malware, OSX, PowerShell, Windows

How To: Empire’s Cross Platform Office Macro

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler bro, Bro 2.51, Bro Install, ESXi, ESXi 6.5, Kent Ickler, Network monitoring, network traffic, Ubuntu, Ubuntu 16.04.2

How to Monitor Network Traffic with Virtualized Bro 2.51 on Ubuntu 16.04.2 on ESXi 6.5

Kent Ickler //  You’ve heard us before talk about Bro, an IDS for network monitoring and analysis.  We’ve had several installs of Bro over time here at BHIS.  It’s about […]

Read the entire post here

Red Team, Red Team Tools Amazon, cloud, Cloud Cracking, GPU Acceleration, Kali 2017, Kali GPU, Kali Linux, Password cracking

How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)

Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts

WEBCAST: Your Active Directory Active Defense (ADAD) Primer

John Strand // In this webcast John covers how to set up Active Directory Active Defense (ADAD) using tools in Active Defense Harbinger Distribution (ADHD) and talks about potential active […]

Read the entire post here

InfoSec 101 Career in Infosec, Dreams, How to get into infosec

How to Get into Information Security

Dear BHIS, So I’m a big fan of you guys! I took John’s SANS504 OnDemand class and I saw the light. Now what? I want to get into security, (maybe […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, How-To, Kent Ickler How to fix a referrer policy, Kent Ickler, Referrer Policy, Scott Helme, Security Headers

How To Fix a Missing Referrer-Policy on a Website

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

Read the entire post here

Author, How-To, Kent Ickler Content Security Policy, Kent Ickler, Scott Helme, Security Headers, web page, web site, web site configuration

How To Fix a Missing Content-Security-Policy on a Website

Kent Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here