Finding the Right Penetration Testing Company
![]()
This blog is for anyone who is interested in finding a good penetration testing company.
The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..
![]()
This blog is for anyone who is interested in finding a good penetration testing company.
The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..

![]()
In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.
The post Augmenting Penetration Testing Methodology with Artificial Intelligence β Part 3: Arcanum Cyber Security Bot appeared first on Black Hills Information Security, Inc..

![]()
A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.
The post Augmenting Penetration Testing Methodology with Artificial Intelligence β Part 2: Copilot appeared first on Black Hills Information Security, Inc..

![]()
Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.
The post Augmenting Penetration Testing Methodology with Artificial Intelligence β Part 1: Burpference appeared first on Black Hills Information Security, Inc..
![]()
This webcast originally aired on February 27, 2025. Join us for a very special free one-hour Black Hills Information Security webcast with Corey Ham & Kelli Tarala on why your [β¦]
The post Why Your Org Needs a Penetration Test Program appeared first on Black Hills Information Security, Inc..
![]()
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.
The post 5 Things We Are Going to Continue to Ignore in 2025 appeared first on Black Hills Information Security, Inc..
![]()
In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security
The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..
![]()
In this video, experts delve into the intricacies of desktop application penetration testing methodologies.
The post Intro to Desktop Application Testing Methodology appeared first on Black Hills Information Security, Inc..
![]()
In todayβs world, security is more important than ever. As organizations increasingly rely on technology to drive business, digital threats are becoming more sophisticated, varied, and difficult to defend against. [β¦]
The post What Is Penetration Testing? appeared first on Black Hills Information Security, Inc..
![]()
By Ray Van Hoose, Wade Wells, and Edna Jonsson || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec [β¦]
The post Pentesting, Threat Hunting, and SOC: An Overview appeared first on Black Hills Information Security, Inc..
![]()
Tom Smith // At Black Hills Information Security (BHIS), we deal with all manner of clients, public and private. Until a month or two ago, though, weβd never dealt with [β¦]
The post Why Do Car Dealers Need Cybersecurity Services?Β appeared first on Black Hills Information Security, Inc..
![]()
Jeff Barbi // *Guest Post Background Unless youβre pentesting mobile apps consistently, itβs easy for your methodologies to fall out of date. Each new version of Android brings with it [β¦]
The post Start to Finish: Configuring an Android Phone for Pentesting appeared first on Black Hills Information Security, Inc..
![]()
John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, βWhy do these endpoint security bypass techniques still work? Why?β The goal of [β¦]
The post Webcast: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..
![]()
Jordan Drysdale// Physical Pentest Upcoming? Bring a Badgy. While badge reproduction may not be the intended use of this product, if you are a physical tester and you donβt own [β¦]
The post Performing a Physical Pentest? Bring This! appeared first on Black Hills Information Security, Inc..
![]()
Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, [β¦]
The post Digging Deeper into Vulnerable Windows Services appeared first on Black Hills Information Security, Inc..
![]()
Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From [β¦]
The post A Morning with Cobalt Strike & Symantec appeared first on Black Hills Information Security, Inc..
![]()
Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then [β¦]
The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..

![]()
Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain [β¦]
The post How to Build a C2 Infrastructure with Digital Ocean β Part 1 appeared first on Black Hills Information Security, Inc..
![]()
Carrie Roberts // EyeWitnessΒ is a handy tool developed by Chris Truncer for grabbing web browser screenshots from a list of URLs. Especially handy for pen-testers is its ability to create [β¦]
The post Web Server Screenshots with a Single Command appeared first on Black Hills Information Security, Inc..
![]()
Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the [β¦]
The post How to Bypass Web-Proxy Filtering appeared first on Black Hills Information Security, Inc..