Author

Author, External/Internal, How-To, Informational, InfoSec 201, Kent Ickler, Password Cracking, Wireless Cheat Sheet, Cracking, dictionary, Hashcat, Hashing, Jordan Drysdale, Password cracking

Hashcat 4.10 Cheat Sheet v 1.2018.1

Kent Ickler // It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command […]

Read the entire post here

Author, David Fletcher, Finding encryption, Secure Sockets Layer, SSL, TLS, Transport Layer Security, Web

Finding: Server Supports Weak Transport Layer Security (SSL/TLS)

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports.  The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

Read the entire post here

Author, Blue Team, John Strand, Podcasts Attack Tactics, Blue Team, Defending Networks, Tools for the blue team, webcast

PODCAST: Attack Tactics Part 2

John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Blue Team, How-To, Kent Ickler Active Directory, AD, AD Best Practices, Best Practices, Kent Ickler, Link Layer Multicast Name Resolution, LLMNR, network

How To Disable LLMNR & Why You Want To

Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]

Read the entire post here

Author, David Fletcher, Finding, Informational bad passwords, password, password policy, weak password

Finding: Weak Password Policy

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

Read the entire post here

Author, External/Internal, How-To, Kent Ickler, Password Cracking AES, CeWL, decrypt, dictionary, encryption, Exce, Hashcat, John the Ripper, JTR, Kent Ickler, LinkedIn, microsoft office, Office, SHA, wordlist

How to Crack Office Passwords with a Dictionary

Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption.  Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got […]

Read the entire post here

Author, Brian King, Web App, Webcasts Web App, Web App Assessment, Web Apps, webcast, webcasts

WEBCAST: Web App Assessments for Non-Majors

BB King // BB King looks at testing modern web apps in that “enterprise environment” so many of us inhabit. Taking the perspective of the Lonely Application Security Person in […]

Read the entire post here

Author, Joff Thyer, Red Team, Red Team Tools Crack Hashes, Joff Thyer

Got Privs? Crack Those Hashes!

Joff Thyer // Black Hills Information Security loves performing both internal penetration tests, as well as command and control testing for our customers. Thanks to the efforts of many great […]

Read the entire post here

Author, CJ Cox, Informational, Webcasts GDPR, General Data Protection Regulation, webcast, webcasts

WEBCAST: GDPR – Spring Storm Warning

CJ Cox// Spring storms are often more dangerous and unpredictable than winter storms. The GDPR looks to be no exception. The General Data Protection Regulation is a universal law brought […]

Read the entire post here