This blog is for anyone who is interested in finding a good penetration testing company.
The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..
This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. [β¦]
The post How to Perform and Combat Social Engineering appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors [β¦]
The post How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots appeared first on Black Hills Information Security, Inc..
Deceptive-Auditing is a tool that deploysΒ Active Directory honeypots and automatically enables auditing for those honeypots.
The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..
By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the clientβs [β¦]
The post The Curious Case of theΒ Comburglar appeared first on Black Hills Information Security, Inc..
Setting goals is a deceptively simple career skill we all know is important, but how do you set goals youβre actually excited to work towards?
The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..
What happens when you ditch the tiered ticket queues and replace them withΒ collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which isΒ where analystsΒ donβtΒ escalateΒ tickets,Β they solve them.
The post Inside the BHIS SOC: A Conversation with Hayden CovingtonΒ appeared first on Black Hills Information Security, Inc..
This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.
The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..
This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.
The post Why You Got Hacked β 2025 Super Edition appeared first on Black Hills Information Security, Inc..
This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.
The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..
In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years Iβve been learning Kerberos exploitation, Iβve noticed that Impacket doesnβt get nearly as much coverage as tools like Rubeus or Mimikatz.
The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..
Imagine this: Youβre an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that thereβs no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.
The post GoSpoofΒ β Turning Attacks into IntelΒ appeared first on Black Hills Information Security, Inc..
The Model Context Protocol (MCP) is a proposed open standard that provides a two-way connection for AI-LLM applications to interact directly with external data sources. It is developed by Anthropic and aims to simplify AI integrations by reducing the need for custom code for each new system.
The post Model Context Protocol (MCP) appeared first on Black Hills Information Security, Inc..
Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.
The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..
In Part 2, weβre diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer.
The post Getting Started with AI Hacking Part 2: Prompt Injection appeared first on Black Hills Information Security, Inc..
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, weβll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (βREIWβ)!Β
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..
DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.
The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..
In part 1 of this post, weβll discuss how Hayabusa and βSecurity Operations and Forensics ELKβ (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELKΒ (Part 1) appeared first on Black Hills Information Security, Inc..
The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy.Β
The post Microsoft Store and WinGet: Security Risks for Corporate Environments appeared first on Black Hills Information Security, Inc..
Whether it's forgotten temporary files, installation artifacts, READMEs, or even simple image files--default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.
The post Default Web Content appeared first on Black Hills Information Security, Inc..
Login
