❌

Reading view

Having Fun with ActiveX Controls in Microsoft Word

Marcello Salvati// During Red Team and penetration tests, it’s always important and valuable to test assumptions. One major assumption I hear from Pentesters, Red teamers and clients alike is that […]

The post Having Fun with ActiveX Controls in Microsoft Word appeared first on Black Hills Information Security, Inc..

  •  

Running HashCat on Ubuntu 18.04 Server with 1080TI

Derrick Rauch and Kent Ickler // (Updated 3/22/2019) First, to see what our build looks like, look here:Β https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next?Β Time for System Rebuild! First, you need to decide whether you […]

The post Running HashCat on Ubuntu 18.04 Server with 1080TI appeared first on Black Hills Information Security, Inc..

  •  

Finding: Weak Password Policy

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

The post Finding: Weak Password Policy appeared first on Black Hills Information Security, Inc..

  •  

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

The post Hide Payload in MS Office Document Properties appeared first on Black Hills Information Security, Inc..

  •  

How to Crack Passwords for Password Protected MS Office Documents

Carrie Roberts*Β // (Updated, 2/11/2019) Trying to figure out the password for a password protected MS Office document? This free solution might do the trick. It attempts to guess the password […]

The post How to Crack Passwords for Password Protected MS Office Documents appeared first on Black Hills Information Security, Inc..

  •  

How to Build a Password Cracker with NVidia GTX 1080TI & GTX 1070

Kent Ickler // The Task Buy The Things: Total for new password cracking machine$5110 A Few Quick Lessons The CPU cooler doesn’t actually clear the case cover. This was OK […]

The post How to Build a Password Cracker with NVidia GTX 1080TI & GTX 1070 appeared first on Black Hills Information Security, Inc..

  •  

How to Get Malicious Macros Past Email Filters

Carrie Roberts // Β  Β  Β  A malicious macro in a Microsoft Word or Excel document is an effective hacking technique. These documents could be delivered in a variety of […]

The post How to Get Malicious Macros Past Email Filters appeared first on Black Hills Information Security, Inc..

  •  

Power Posing with PowerOPS

Brian FehrmanΒ // As described in my last blog post,Β Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AVΒ (sheeesh…it’s been a bit!), we are seeing more environments in […]

The post Power Posing with PowerOPS appeared first on Black Hills Information Security, Inc..

  •  

Bugging Microsoft Files: Part 3 – Clearing Metadata

Ethan Robish // In my last twoΒ postsΒ I showed how to insert tracking bugs in both .docx (Part 1) and .xlsx files (Part 2). Β But don’t let all that effort go […]

The post Bugging Microsoft Files: Part 3 – Clearing Metadata appeared first on Black Hills Information Security, Inc..

  •  

Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word

Ethan Robish // If you’re familiar with ADHD and Web Word Bugs, you likely already know the method to create web tracking software using .html files renamed as .doc files. […]

The post Bugging Microsoft Files: Part 1 – Docx Files using Microsoft Word appeared first on Black Hills Information Security, Inc..

  •  

Wide-Spread Local Admin Testing

Brian Fehrman // In our experience, we see many Windows environments in which the local Administrator password is the same for many machines. We refer to this as Wide-Spread Local […]

The post Wide-Spread Local Admin Testing appeared first on Black Hills Information Security, Inc..

  •  
❌