WEBCAST: BHIS Sorta Top Used Tools of 2018
John Strand// In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about […]
Red Team
How To: C2 Over ICMP
Darin Roberts // In previous blogs, I have shown how to get various C2 sessions. In this blog, I will be showing how to do C2 over ICMP. First, what […]
Pentesting Dropbox on Steroids
Joff Thyer// Many of you have probably already looked at Beau Bullock’s fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the […]
Cisco Smart Installs and Why They’re Not “Informational”
Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]
Wireless Hack Packages Update
Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I […]
Embedding Meterpreter in Android APK
Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the […]
How I Cracked a 128-bit Password
Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG, can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying […]
Red Teaming Microsoft: Part 1 – Active Directory Leaks via Azure
Mike Felch // With so many Microsoft technologies, services, integrations, applications, and configurations it can create a great deal of difficulty just to manage everything. Now imagine trying to secure […]
Having Fun with ActiveX Controls in Microsoft Word
Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]