❌

Normal view

Why You Got Hacked – 2025 Super Edition

By: BHIS
19 November 2025 at 18:50

This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.

The post Why You Got Hacked – 2025 Super Edition appeared first on Black Hills Information Security, Inc..

Proxying Your Way to Code Execution – A Different Take on DLL HijackingΒ 

By: BHIS
26 September 2024 at 17:00

While DLL hijacking attacks can take on many different forms, this blog post will explore a specific type of attack called DLL proxying, providing insights into how it works, the potential risks it poses, and briefly the methodology for discovering these vulnerable DLLs, which led to the discovery of several zero-day vulnerable DLLs that Microsoft has acknowledged but opted to not fix at this time.

The post Proxying Your Way to Code Execution – A Different Take on DLL HijackingΒ  appeared first on Black Hills Information Security, Inc..

Persistence – Visual Studio Code Extensions

4 March 2024 at 07:19
It is not uncommon developers or users responsible to write code (i.e. detection engineers using Sigma) to utilize Visual Studio Code as their code editor.…

Continue reading β†’ Persistence – Visual Studio CodeΒ Extensions

Persistence – Disk Clean-up

29 January 2024 at 06:59
Disk Clean-up is a utility which is part of Windows operating systems and can free up hard drive disk space by deleting mainly cache and…

Continue reading β†’ Persistence – DiskΒ Clean-up

Rogue RDP – Revisiting Initial Access Methods

Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

The post Rogue RDP – Revisiting Initial Access Methods appeared first on Black Hills Information Security, Inc..

Getting PowerShell Empire Past Windows Defender

By: BHIS
15 February 2019 at 23:03

Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]

The post Getting PowerShell Empire Past Windows Defender appeared first on Black Hills Information Security, Inc..

SSHazam: Hide Your C2 Inside of SSH

By: BHIS
8 January 2019 at 17:04

Carrie Roberts //* SSHazam is a method of running any C2 tool of your choice inside a standard SSH tunnel to avoid network detections. The examples here involve running PowerShell […]

The post SSHazam: Hide Your C2 Inside of SSH appeared first on Black Hills Information Security, Inc..

How To: C2 Over ICMP

By: BHIS
30 November 2018 at 16:32

Darin Roberts // In previous blogs, I have shown how to get various C2 sessions.Β  In this blog, I will be showing how to do C2 over ICMP. First, what […]

The post How To: C2 Over ICMP appeared first on Black Hills Information Security, Inc..

Command and Control with WebSockets WSC2

Craig Vincent// This all started with a conversation I was having with a few other BHIS testers. At the time, I was testing a web application that used WebSockets. The […]

The post Command and Control with WebSockets WSC2 appeared first on Black Hills Information Security, Inc..

PODCAST: Lee Kagan & Beau Bullock talk C2

Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How […]

The post PODCAST: Lee Kagan & Beau Bullock talk C2 appeared first on Black Hills Information Security, Inc..

πŸ’Ύ

❌