WEBCAST: Sacred Cash Cow Tipping 2016
John Strand with BHIS testers // Yes, we did this in 2017, but it’s reflecting work done in 2016.
Red Team
How to Bypass Anti-Virus to Run Mimikatz
Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script “Invoke-Mimikatz” from PowerSploit on my machine but it was […]
How to Phish for Geniuses
David Fletcher // Recently we were involved in an engagement where we expected to see a large number of Macs in the target environment. As an element of the engagement […]
Malicious Outlook Rule without an EXE
Carrie Roberts // My current favorite exploit is creating malicious outlook rules as described here. The rule is configured to download an executable file with an EXE extension (.exe) when an […]
A Marketer’s Lessons in Con Artistry for Good & Learning
Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]
Domain User Enumeration
Chevy Swanson // Everyone loves being able to speed up their work with custom tools, but the clear problem is that computers are a bit too fussy about everything being perfect […]
Domain Password Audit Tool
Carrie Roberts // A tool to generate password usage statics in a Windows domain based on hashes dumped from a domain controller. The Domain Password Audit Tool (DPAT) is a […]
WEBCAST: Exchange and OWA attacks – Step by Step
Here’s our webcast with Beau Bullock, Brian Fehrman & Carrie Roberts from Tuesday, November 29.
Malicious Outlook Rules in Action
Carrie Roberts // Getting a shell using a malicious Outlook rule is an awesome tool during a pentest and great fun! Nick Landers had a great post including enough information to make […]