❌

Normal view

Received β€” 14 January 2026 ⏭ Black Hills Information Security, Inc.

How to Perform and Combat Social Engineering

By: BHIS
23 August 2024 at 05:00

This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […]

The post How to Perform and Combat Social Engineering appeared first on Black Hills Information Security, Inc..

Received β€” 11 January 2026 ⏭ Black Hills Information Security, Inc.

How to Design and Execute Effective Social Engineering Attacks by Phone

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..

Wishing: Webhook Phishing in Teams

By: BHIS
14 March 2024 at 14:10

Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]

The post Wishing: Webhook Phishing in Teams appeared first on Black Hills Information Security, Inc..

Spamming Microsoft 365 Like It’s 1995Β 

I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, it […]

The post Spamming Microsoft 365 Like It’s 1995Β  appeared first on Black Hills Information Security, Inc..

Dynamic Device Code PhishingΒ 

rvrsh3ll //Β  IntroductionΒ  This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

The post Dynamic Device Code PhishingΒ  appeared first on Black Hills Information Security, Inc..

Phishing Made Easy(ish)

Hannah Cartier // Social engineering, especially phishing, is becoming increasingly prevalent in red team engagements as well as real-world attacks. As security awareness improves and systems become more locked down, […]

The post Phishing Made Easy(ish) appeared first on Black Hills Information Security, Inc..

How to Not Get Scammed on Discord

By: BHIS
8 November 2021 at 23:02

Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing,Β the demand forΒ online messagingΒ saw a huge spike in an effort for people to stay […]

The post How to Not Get Scammed on Discord appeared first on Black Hills Information Security, Inc..

How to Phish for User Passwords with PowerShell

tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication […]

The post How to Phish for User Passwords with PowerShell appeared first on Black Hills Information Security, Inc..

❌