Phishing with PowerPoint
Carrie Roberts & Chevy Swanson // How do we make sure people open up our malicious files and execute them? We simply let Microsoft work for years and years to gain […]
Red Team
Advanced Msfvenom Payload Generation
Joff Thyer // It has been known for some time that an executable payload generated with msfvenom can leverage an alternative template EXE file, and be encoded to better evade […]
TestSSL.sh –Assessing SSL/TLS Configurations at Scale
David Fletcher // Have you ever looked at Nessus scan results to find the below in the output? Recently I was on engagement and encountered just this situation. I found […]
Internal Pivot, Network Enumeration, & Lateral Movement
Joff Thyer // Picture a scenario whereby you are involved in an internal network penetration test. Perhaps you have succeeded with a spear-phishing campaign and landed on an internal system, […]
How to Bypass Application Whitelisting & AV
Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool […]
Poking Holes in the Firewall: Egress Testing With AllPorts.Exposed
Beau Bullock // If you have been even remotely in touch with technology in the past thirty years you have probably heard of this thing called a “firewall”. If not, […]
Three Minutes with the HTTP TRACE Method
Brian King // All of our scanning tools tell us that we should disable the HTTP TRACE and TRACK methods. And we all think that’s because there’s something an attacker […]
Click to Enable Content
Sally Vandeven // Evading anti-virus scanners has become a bit of a sport around BHIS. When we do C2 testing for our customers we start with a host on the […]
TLS Certificates from EAP Network Traffic
Joff Thyer // A network can authenticate a client workstation using the 802.1X and Extensible Authentication Protocol (EAP) using multiple different methods. EAP is used both in a wired network […]