Social Engineering

Informational, Michael Allen, Social Engineering, Webcasts Adversary in the Middle, AitM, post-exploitation, Webcast Wrap-Up

Adversary in the Middle (AitM): Post-Exploitation

In this video, Michael Allen discusses adversary-in-the-middle post-exploitation techniques and processes.

Read the entire post here

Ashley Knowles, Informational, Phishing, Red Team, Social Engineering InfoSec Survival Guide

How to Perform and Combat Social Engineering

This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […]

Read the entire post here

Informational, Joff Thyer, Physical, Red Team, Social Engineering Pen Testing, PROMPT#

Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

Read the entire post here

Informational, Phishing, Physical, Red Team, Social Engineering

The Human Element in Cybersecurity: Understanding Trust and Social Engineering

Human Trust Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]

Read the entire post here

Phishing, Red Team, Social Engineering, Steve Borosh

Spamming Microsoft 365 Like It’s 1995

I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, it […]

Read the entire post here

Blue Team, Incident Response, Informational, InfoSec 301, Phishing, Red Team, Social Engineering, Steve Borosh Device Code, Microsoft

Dynamic Device Code Phishing

rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

Read the entire post here

How-To, Informational, InfoSec 101, Phishing, Red Team, Social Engineering ansible, automation, credential capture, ethical, hacking, html

Phishing Made Easy(ish)

Hannah Cartier // Social engineering, especially phishing, is becoming increasingly prevalent in red team engagements as well as real-world attacks. As security awareness improves and systems become more locked down, […]

Read the entire post here

00387_05112019_PODCAST_Weaponizing_Intel

Author, Beau Bullock, Mike Felch, Password Spray, Phishing, Podcasts, Recon, Red Team, Red Team Tools, Social Engineering Beau Bullock, Demos, FireProx, Mike Felch, PII, recon, Social Media, Social Trust Attack, tools

Podcast: Weaponizing Corporate Intel. This Time, It’s Personal!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here