Go-Spoof: A Tool for Cyber Deception
Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.
External/Internal
Why Your Org Needs a Penetration Test Program
This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your […]
Gone Phishing: Installing GoPhish and Creating a Campaign
GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign.
The Top Ten List of Why You Got Hacked This Year (2023/2024)
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]
Proxying Your Way to Code Execution – A Different Take on DLL Hijacking
While DLL hijacking attacks can take on many different forms, this blog post will explore a specific type of attack called DLL proxying, providing insights into how it works, the potential risks it poses, and briefly the methodology for discovering these vulnerable DLLs, which led to the discovery of several zero-day vulnerable DLLs that Microsoft has acknowledged but opted to not fix at this time.
Auditing GitLab: Public Gitlab Projects on Internal Networks
A great place that can sometimes be overlooked on an internal penetration test are the secrets hidden in plain sight. That is, a place where no authentication is required in […]
Abusing Active Directory Certificate Services (Part 4)
Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will […]
Deploy an Active Directory Lab Within Minutes
Creating your own lab can sound like a daunting task. By the end of this blog post, you will be able to deploy your own Active Directory (AD) environment in […]
Wishing: Webhook Phishing in Teams
Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]