Initial Access Operations Part 2: Offensive DevOps
The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]
Red Team
Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape
Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]
Hacking with Hydra
What is Hydra? Hydra is a tool that can be used for password spraying. Let’s begin by defining the term “password spray.” A password spray is where an attacker defines […]
Revisiting Insecure Direct Object Reference (IDOR)
The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […]
Bypass NTLM Message Integrity Check – Drop the MIC
In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […]
Testing TLS and Certificates
Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […]
Hunting for SSRF Bugs in PDF Generators
If you’ve been on a website and noticed one of the following features, there’s a good chance you’ve stumbled upon a hot spot for server-side request forgery (SSRF) bugs: Before […]
Spamming Microsoft 365 Like It’s 1995
I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, it […]
Abusing Active Directory Certificate Services (Part 3)
| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […]