penetration testing

Red Team, Red Team Tools how to hide payload in MS docs, Malware, Microsoft, MS Word, pen-testing, penetration testing, pentest, Pentesting, Pentesting tips and tricks, PowerShell, PowerShell Scripts, Word

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

External/Internal, Red Team, Red Team Tools EyeWitness, good to know, handy dandy, penetration testing, Pentesting, screenshots, tool

Web Server Screenshots with a Single Command

Carrie Roberts // EyeWitness is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools Bypassing Web-Proxy Filtering, C2 Channels, penetration testing, Pentesting, PowerShell, Web-Proxy Filtering

How to Bypass Web-Proxy Filtering

Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]

Read the entire post here

External/Internal, Red Team 2FA, ask and it will be given to you, bypassing 2fa, help desk, helpful help desk, MailSniper, OWA, password policy, passwords, pen-testing, penetration testing, pentest, Pentesting, two-factor, VPN

How to Bypass Two-Factor Authentication – One Step at a Time

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

Read the entire post here

InfoSec 201 easter eggs, low hanging fruit, pen-testing, penetration testing, Pentesting, the best parts of our job

Go Ahead, Make Our Day

Sally Vandeven & the BHIS Team // I was recently on an assessment where I was able to grab all the password hashes from the domain controller. When I extracted the hashes and […]

Read the entire post here

Author, Jordan Drysdale, Red Team, Wireless onsite, pen-testing, penetration testing, Pentesting, Wi-Fi travel kit, wireless kit

The Wi-Fi Travel Kits

Jordan Drysdale // Sally and I recently ventured to an on-site wireless engagement with a very security-mature customer. Long story short, the level of protection that WPA2 Enterprise with certificate validation provides […]

Read the entire post here

Phishing, Red Team con artistry, Marketing, pen-testing, penetration testing, Pentesting, phishing, social engineering

A Marketer’s Lessons in Con Artistry for Good & Learning

Sierra Ward* // Normally I am hidden in the back rooms at BHIS, chipping away at 10 million marketing tasks.  I show up occasionally in webcasts, lurking again in the shadows, […]

Read the entire post here

Author, Brian King, InfoSec 101, Red Team kitchen remodel, pen-testing, penetration testing, pentest, Pentesting, Red Team, red team your life, red teaming

Book Review: “Red Team – How to Succeed by Thinking Like the Enemy”

Brian B. King // Red Teaming is one of those terms popping up all over the place lately, and it seems to mean different things to different people. Is it […]

Read the entire post here