Search Results for: password

Author, Blue Team, External/Internal, Finding, Jordan Drysdale, Red Team BlueTeam, Cisco, External Pentest, internal pentest, Inventory, Jordan Drysdale, Nessus, RedTeam, SIET

Cisco Smart Installs and Why They’re Not “Informational”

Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]

Read the entire post here

Author, Jordan Drysdale, Phishing, Red Team, Wireless brief how-to’s, eaphammer, hacking, hostapd-wpe, Jordan Drysdale, Python, rogue.py, Wireless, wireless phishing

Wireless Hack Packages Update

Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I […]

Read the entire post here

Informational, InfoSec 101 career path in infosec, FAQ, getting in to infosec, information security, infosec, infosec 101

A Career in Information Security: FAQ (Part 2)

Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that […]

Read the entire post here

Author, Mike Felch, Phishing, Red Team 2FA, multi-factor, phishing, Red Team

Stealing 2FA Tokens on Red Teams with CredSniper

Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale, Kent Ickler, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jordan Drysdale, Jugular, Kent Ickler, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

Read the entire post here

Blue Team, Finding, General InfoSec Tips & Tricks, How-To, Informational after the pen test, how to deal with you penetration test results, What to do after a penetration test, what to do after a pentest

What to Expect After a Pen Test

Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track.   The 3 […]

Read the entire post here

Author, CJ Cox, Informational, InfoSec 101, Podcasts Policy, Security Policy, Why Security Policy Matters

PODCAST: Security Policy: Fact Fiction or Implement the Marquis de Management

CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

C2, Craig Vincent, Red Team C2, command and control, Red Team, WebSockets, WSC2

Command and Control with WebSockets WSC2

Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The […]

Read the entire post here

Red Team G Suite, gmail

G Suite is the Soft Underbelly of Your Environment

Matthew Toussain//* Wouldn’t you like to START your pentests knowing every username for all individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A […]

Read the entire post here