This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.
The post Why You Got Hacked β 2025 Super Edition appeared first on Black Hills Information Security, Inc..
In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security
The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities [β¦]
The post One Active Directory Account Can Be Your Best Early Warning appeared first on Black Hills Information Security, Inc..
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived [β¦]
The post The Top Ten List of Why You Got Hacked This Year (2023/2024)Β appeared first on Black Hills Information Security, Inc..
Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the answer: TrustedSec.Β So, credit where [β¦]
The post Enable Auditing of Changes to msDS-KeyCredentialLinkΒ appeared first on Black Hills Information Security, Inc..
tl;dr: Install Wifiphisher on Kali and run a basic attack.Β This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).Β Β Two [β¦]
The post How to Install and Perform Wi-Fi Attacks with WifiphisherΒ appeared first on Black Hills Information Security, Inc..
tl;drΒ Implement this ACL using whatever network gear, cloud ACL config, or uncomplicated firewall you use to protect your networks. Our IOT devices are on 10.99.99.0/24 for this example. Also, [β¦]
The post The Simplest and Last Internet-Only ACL Youβll Ever NeedΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft [β¦]
The post Parsing Sysmon Logs on Microsoft Sentinel appeared first on Black Hills Information Security, Inc..
Jordan DrysdaleΒ // Overview The following description of some of Impacketβs tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. [β¦]
The post Impacket Defense Basics With an Azure LabΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Overview The following description of some of Impacketβs tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the [β¦]
The post Impacket Offense Basics With an Azure Lab appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs [β¦]
The post Geopolitical Cyber-Detection Lures for Attribution with Microsoft SentinelΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its [β¦]
The post The Azure Sandbox β Purple EditionΒ appeared first on Black Hills Information Security, Inc..
Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: βGroup Policies That Kill Kill Chainsβ and βActive Directory Best Practices [β¦]
The post Webcast: The Quest for the Kill Chain Killer Continues appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // UPDATES! October 30, 2023Thereβs been an additional update for Sysmon! Event ID 29! Another Event ID (EID) was added to the Sysmon service. This event ID followed [β¦]
The post A Sysmon Event ID Breakdown β Updated to Include 29!! appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. Itβs multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the [β¦]
The post Joyriding with SILENTTRINITY β UPDATES appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr Sentinel is easy! Especially when using Azure Sentinel To-Go. So, letβs do some threat research by deploying Sentinel To-Go and executing a Cobalt Strike beacon. Link: [β¦]
The post Azure Sentinel Quick-Deploy with Cyb3rWard0gβs Sentinel To-Go β Letβs Catch Cobalt Strike! appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // TL;DR The problem with a pentesterβs perspective on defense, hunting, and security: Lab demographics versus scale.Β If it costs $15 bucks per month per server for me [β¦]
The post Azure Security Basics: Log Analytics, Security Center, and Sentinel appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain.Β https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been [β¦]
The post How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!) appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizationsβ information security human capital (Thatβs all you folks!). Organization Leadership and Security Practitioners can [β¦]
The post Webcast: Atomic Purple Team Framework and Life Cycle appeared first on Black Hills Information Security, Inc..
Login
