Your Reporting Matters: How to Improve Pen Test Reporting
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June 2019. The fun part of pentesting is […]
Informational
Webcast: Attack Tactics 7 – The Logs You Are Looking For
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics7LogsYouAreLookingFor.pdf So we went through an attack in the BHIS Webcast, “Attack Tactics 5! Zero to Hero Attack.” Then we went through […]
Webcast: How to attack when LLMNR, mDNS, and WPAD attacks fail – eavesarp (Tool Overview)
Click on the timecodes to jump to that part of the video (on YouTube) 2:26 Introduction, background history covering LaBrea Tar Pits and ARP Cache Poisoning and how they relate […]
Analyzing ARP to Discover & Exploit Stale Network Address Configurations
Justin Angel// Introduction In penetration testing, ARP is most commonly discussed in terms of poisoning attacks where an attacker achieves a man-in-the-middle (MITM) position between victim nodes by contaminating the […]
Check-LocalAdminHash & Exfiltrating All PowerShell History
Beau Bullock // TL;DR Check-LocalAdminHash is a new PowerShell script that can check a password hash against multiple hosts to determine if it’s a valid administrative credential. It also has […]
Tap Into Your Valuable DNS Data
Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]
Podcast: Attack Tactics 6! Return of the Blue Team
Download slides: https://www.activecountermeasures.com/presentations In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!! Originally recorded […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Attack Tactics 6! Return of the Blue Team
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics6ReturnofBlueTeam.pdf In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed […]
How to Weaponize the Yubikey
Michael Allen // A couple of years ago, I had a YubiKey that was affected by a security vulnerability, and to fix the issue, Yubico sent me a brand new […]