Red Team

External/Internal, How-To, Informational, Nick Caswell, Phishing, Red Team, Red Team Tools, Social Engineering GoPhish, Mail Security, Phishing Campaign

Gone Phishing: Installing GoPhish and Creating a Campaign

GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign. 

Read the entire post here

Blue Team, Incident Response, John Strand, Red Team, Webcast Wrap-Up AI, cloud, penetration testing

5 Things We Are Going to Continue to Ignore in 2025

In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.

Read the entire post here

Informational, Jordan Drysdale, Kent Ickler, Red Team Active Directory, AD, penetration testing, Pentesting, Shadow Credentials

Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

Read the entire post here

Dave Blandford, Web App, Webcast Wrap-Up Burp, Burp extensions, Burp Suite, extensions, Web Application Testing

Creating Burp Extensions: A Beginner’s Guide

In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

Read the entire post here

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024) 

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here

Craig Vincent, Informational, Web App Access Control Vulnerability, Access Controls, Autorize, IDOR

Finding Access Control Vulnerabilities with Autorize

In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]

Read the entire post here

Informational, Michael Allen, Social Engineering, Webcasts Adversary in the Middle, AitM, post-exploitation, Webcast Wrap-Up

Adversary in the Middle (AitM): Post-Exploitation

In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes.

Read the entire post here

Informational, Matthew Eidelberg, Red Team, Red Team Tools, Webcasts DLL, DLL Hijacking, Webcast Wrap-Up

DLL Hijacking – A New Spin on Proxying your Shellcode

This webcast was originally published on October 4, 2024. In this video, experts delve into the intricacies of DLL hijacking and new techniques for malicious code proxying, featuring a comprehensive […]

Read the entire post here

Blue Team, Blue Team Tools, Guest Author, Informational, InfoSec 101, Red Team, Red Team Tools Infosec for Beginners, InfoSec Survival Guide, Purple Team

Blue Team, Red Team, and Purple Team: An Overview

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]

Read the entire post here