pen-testing

Author, Blue Team, Blue Team Tools, John Strand, Webcasts black hoody required, C2, C2 Channels, command and control, covert c2 channels, hacking, pen-testing

WEBCAST: Two Covert C2 Channels

John Strand // In this webcast, we walk through different tools to establish and test your Command and Control (C2) detection capabilities. Why does this matter? Almost all organizations we […]

Read the entire post here

Red Team, Web App All the Shellz, hacking, metasploit, msfvenom, netcat, OS Command Injection, pen-testing, Python, Real Life Hacking, Waiting

OS Command Injection; The Pain, The Gain

Carrie Roberts // OS Command Injection is fun. I recently found this vulnerability on a web application I was testing (thanks to Burp Suite scanner). I was excited because I […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless onsite, pen-testing, penetration testing, Pentesting, Wi-Fi travel kit, wireless kit

Jordan Drysdale // Sally and I recently ventured to an on-site wireless engagement with a very security-mature customer. Long story short, the level of protection that WPA2 Enterprise with certificate validation provides […]

Read the entire post here

Phishing, Red Team con artistry, Marketing, pen-testing, penetration testing, Pentesting, phishing, social engineering

A Marketer’s Lessons in Con Artistry for Good & Learning

Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks. I show up occasionally in webcasts, lurking again in the shadows, […]

Read the entire post here

Author, David Fletcher, External/Internal, Red Team NTFS Permissions, pen-testing, Pentesting

How to Take Advantage of Weak NTFS Permissions

David Fletcher // Weak NTFS permissions can allow a number of different attacks within a target environment. This can include: Access to sensitive information Modification of system binaries and configuration […]

Read the entire post here

External/Internal, Red Team Burp, Duct Tape, Mechanical Engineering, password spraying, pen-testing

Downloading an Address Book from an Outlook Web App (OWA) Portal

Carrie Roberts // Update 10/03/16: Want to download the address book automatically with PowerShell? Check out Beau Bullocks latest additions to MailSniper As part of a penetration test, you’ve gained access […]

Read the entire post here

Author, Beau Bullock, Red Team, Red Team Tools Beau Bullock, build your own, hardware hacking, pen-testing, red teaming

How to Build Your Own Penetration Testing Drop Box

Beau Bullock // TL;DR I compared three single-board computers (SBC) against each other with a specific goal of finding which one would serve best as a “penetration testing dropbox”, and […]

Read the entire post here

1 2 3