Weaponizing Princess Toys: Crafting Wi-Fi Attack Kits
Jordan Drysdale // … Alternate Title: “Why I Love BHIS” So, I was gifted this cute little princessy-toy thing recently. My first thought was that my daughters will love this thing. […]
Author
Bugging Microsoft Files: Part 2 – Xlsx Files using Microsoft Excel
Ethan Robish // As promised in my previous post, part 1, this post shows how to place a tracking bug in a native .xlsx file. Full credit for this method […]
Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word
Ethan Robish // If you’re familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. […]
Bypassing Two-Factor Authentication on OWA & Office365 Portals
Beau Bullock // Full Disclosure: Black Hills Information Security believes in responsible disclosure of vulnerabilities. This vulnerability was reported to Microsoft on September 28th, 2016. As of the publication date of […]
Certificate Transparency Means What, Again?
Brian King // News from Google this week says that Chrome will start enforcing Certificate Transparency a year from now. https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/78N3SMcqUGw This means that when Chrome contacts a website, if […]
Red + Blue = Purple
David Fletcher & Sally Vandeven // We gave a presentation at the GrrCon hacker conference in Grand Rapids, MI on October 6, 2016. The presentation was a dialogue meant to illustrate the […]
How to Not Suck at Reporting (or How to Write Great Pentesting Reports)
David Fletcher // Reporting is a penetration testing topic that doesn’t have a whole lot of popularity. People have a hard time being inspired to write about the technical details of […]
How a No-Name, Nobody-Ever-Heard-Of, Kid* Like Me Got Hired by BHIS from a Craigslist Ad
Jordan Drysdale // Step 1: Craigslist Step 2: Magic Time Step 3: Profit $$$$$$ I traveled to Scottsdale last year to enjoy some Citrus fruit around my uncle’s pool after […]
How to Take Advantage of Weak NTFS Permissions
David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]