Search Results for: password

Author, Jordan Drysdale, Kent Ickler, Red Team, Red Team Tools Kon-Boot, thumb drive fun

Super Sweet Kon-Boot Demo in GIFs

Jordan Drysdale, victim // Kent Ickler, adversary // In this post, our victim locks their computer and heads out for a coffee refill. The adversary smashes through all system and […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team, Red Team Tools HostRecon, PowerShell, Situational Awareness, tool

HostRecon: A Situational Awareness Tool

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, AV bypass, bypassing AV, bypassing Cylance, Cylance, Ncat, netcat, Nishang, Nishang ICMP C2 Channel

Bypassing Cylance: Part 3 – Netcat & Nishang ICMP C2 Channel

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Red Team, Red Team Tools bash bunny, BashBunny, bashbunny-payloads, Hak5, Wi-Fi Creds, Wireless Credentials

How to Pull Wireless Credentials with the Bash Bunny

Sally Vandeven // All of the BHIS testers are pretty geeked about Hak5’s newest toy — the Bash Bunny. Last week, Jordan blogged about the USB Exfiltration payload. Today I […]

Read the entire post here

Red Team, Social Engineering fun fun fun, helpful help desk, IT Help Desk, maternity leave, password reset, social engineering, VM

Social Engineering – Sometimes It’s Too Easy

Carrie Roberts // A fun story from an adventure in social engineering not too long ago. Thought I’d pass on some things I learned and ways to be more prepared in the […]

Read the entire post here

InfoSec 101 Growing Pains, information security, Market Forces, Parents, Responsibility & Privilege, Supply & Demand

End-User Education: Getting the Parentals Onboard

Sierra Ward // We’re getting to that stage of life where we have to make some hard decisions regarding our parents.  How do we help them through sickness? When and […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

InfoSec 201, Red Team, Social Engineering Family Tree Now, genealogy, OSINT, phishing, social engineering

Phishing Family Tree Now: A Social Engineering Odyssey

Joe Gray* // You may have heard about a new genealogy tool called Family Tree Now. It is a (seemingly) 100% free tool (more on that later) that allows you to […]

Read the entire post here