❌

Normal view

Received β€” 11 January 2026 ⏭ Black Hills Information Security, Inc.

How to Design and Execute Effective Social Engineering Attacks by Phone

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..

Indecent Exposure: Your Secrets are ShowingΒ 

By: BHIS
9 January 2025 at 15:09

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely.Β  This blog post details a true story of […]

The post Indecent Exposure: Your Secrets are ShowingΒ  appeared first on Black Hills Information Security, Inc..

The Detection Engineering Process

By: BHIS
18 November 2024 at 17:00

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

The post The Detection Engineering Process appeared first on Black Hills Information Security, Inc..

Red Teaming: A Story From the Trenches

By: BHIS
18 April 2024 at 19:08

This article originally featured in the very first issue of our PROMPT# zine β€” Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security, Inc..

Spamming Microsoft 365 Like It’s 1995Β 

I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, it […]

The post Spamming Microsoft 365 Like It’s 1995Β  appeared first on Black Hills Information Security, Inc..

Dynamic Device Code PhishingΒ 

rvrsh3ll //Β  IntroductionΒ  This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

The post Dynamic Device Code PhishingΒ  appeared first on Black Hills Information Security, Inc..

Phishing Made Easy(ish)

Hannah Cartier // Social engineering, especially phishing, is becoming increasingly prevalent in red team engagements as well as real-world attacks. As security awareness improves and systems become more locked down, […]

The post Phishing Made Easy(ish) appeared first on Black Hills Information Security, Inc..

How to Hack Hardware using UART

By: BHIS
3 September 2019 at 19:21

Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see β€œJTAG – Micro-Controller Debuggingβ€œ), and although I made considerable progress finding and identifying the […]

The post How to Hack Hardware using UART appeared first on Black Hills Information Security, Inc..

Social Engineering in Japan

By: BHIS
2 January 2019 at 16:28

Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, β€œThe default creds are probably printed on the back; […]

The post Social Engineering in Japan appeared first on Black Hills Information Security, Inc..

❌