Offline Memory Forensics With Volatility
Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.
Red Team
Go-Spoof: A Tool for Cyber Deception
Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.
Canary in the Code: Alert()-ing on XSS Exploits
I’ve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem […]
How to Hack Wi-Fi with No Wi-Fi
In this video, John Strand and his team discuss the challenges of setting up and running wireless labs, particularly focusing on the issues faced during Wild West Hackin’ Fest events. They highlight the development of an open-source project aimed at virtualizing wireless labs, which allows learners to practice wireless hacking techniques without needing physical hardware.
Why Your Org Needs a Penetration Test Program
This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]
Burp Suite Extension: Copy For
If you’ve ever had to take a request from Burp and turn it into a command line, especially for jwt_tool.py, you know it can be painful—but no more! The “Copy For” extension is here to save valuable time.
Wi-Fi Forge: Practice Wi-Fi Security Without Hardware
In the world of cybersecurity, it’s important to understand what attack surfaces exist. The best way to understand something is by first doing it. Whether you’re an aspiring penetration tester, […]
Gone Phishing: Installing GoPhish and Creating a Campaign
GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign.
5 Things We Are Going to Continue to Ignore in 2025
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.