New Toy Alert: A Quick Review of Keysy
Rick Wisser// Here at BHIS we are always on the lookout for new toys. Especially if we can use them during a pentest. As a pentester, we all have a […]
Red Team
The Non-Attrib Starterpack!
Jordan Drysdale // Let’s start this post at Walmart. Yes, the visit may be attributable against the purchaser via security camera footage retrieved by warrant, so hand your wife/husband/confidant/whomever a […]
How to Build a Command & Control Infrastructure with Digital Ocean: C2K Revamped
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this […]
WEBCAST: Tweets, Beats, and Sheets: C2 over Social Media
Dakota Nelson// The modern internet’s got a lot of places to hide. In this webcast, join Dakota as he shows how you can establish C2 channels and issue commands to […]
When Infosec and Weed Collide: Handling Administrative Actions Safely
BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]
How to Scan Millions of IPv4 Addresses for Vulnerabilities
Jordan Drysdale// Some days are not like others. Some days, you might get tasked with scanning a million IP addresses. Here’s how I did it: Let’s go through some finer […]
Gathering Proximity Card Credentials: The Wiegotcha
David Fletcher// There are a number of items that I watch on eBay. Included in that group are long-range proximity card readers. As it turns out, I was recently able […]
Are You Spying on me? Detecting SSL Man-in-the-Middle
Carrie Roberts//* Is your employer reading all your sensitive information when you browse the internet from your work computer? Probably. But how can you be sure? It is common for […]
I Spy with InSpy
Darin Roberts// Do you ever find yourself on an engagement and need just a few more names with which to conduct a password spray? Everyone knows the more emails you have, […]