5 Things We Are Going to Continue to Ignore in 2025
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.
Search Results for: password
Introducing ORBIT, Scan Targets and Clients at Scale
This webcast originally aired on January 23, 2025. In this video, Ralph May discusses Orbit, a tool he developed for enhanced vulnerability scanning and continuous pen testing. The video delves […]
GRC for Security Managers: From Checklists to Influence
This webcast was originally aired on January 16, 2025. In this video, Kelli K. Tarala and CJ Cox discuss the challenges and strategies for improving governance, risk, and compliance (GRC) […]
Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan
In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security
One Active Directory Account Can Be Your Best Early Warning
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities […]
Indecent Exposure: Your Secrets are Showing
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
Creating Burp Extensions: A Beginner’s Guide
In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.
Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs)
Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]
The Top Ten List of Why You Got Hacked This Year (2023/2024)
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]