Adversary in the Middle (AitM): Post-Exploitation
In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes.
Red Team
DLL Hijacking – A New Spin on Proxying your Shellcode
This webcast was originally published on October 4, 2024. In this video, experts delve into the intricacies of DLL hijacking and new techniques for malicious code proxying, featuring a comprehensive […]
Blue Team, Red Team, and Purple Team: An Overview
By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]
Reconnaissance: Azure Cloud w/ Kevin Klingbile
This webcast was originally published on September 26, 2024. In this video, Kevin Klingbile from Black Hills Information Security discusses the intricacies of Azure Cloud services and M365, focusing on […]
Proxying Your Way to Code Execution ā A Different Take on DLL HijackingĀ
While DLL hijacking attacks can take on many different forms, this blog post will explore a specific type of attack called DLL proxying, providing insights into how it works, the potential risks it poses, and briefly the methodology for discovering these vulnerable DLLs, which led to the discovery of several zero-day vulnerable DLLs that Microsoft has acknowledged but opted to not fix at this time.
How to Perform and Combat Social Engineering
This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […]
Ghost in the Wireless: An introduction to Airspace Analysis with KismetĀ
This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […]
WifiForge – WiFi Exploitation for the Classroom
by William Oldert // BHIS Intern BHIS had a problem. We needed an environment for students to learn WiFi hacking safely. Our original solution used interconnected physical network gear […]
Auditing GitLab: Public Gitlab Projects on Internal Networks
A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […]