❌

Reading view

How to Design and Execute Effective Social Engineering Attacks by Phone

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..

  •  

Gone Phishing: Installing GoPhish and Creating a Campaign

GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign.Β 

The post Gone Phishing: Installing GoPhish and Creating a Campaign appeared first on Black Hills Information Security, Inc..

  •  

Indecent Exposure: Your Secrets are ShowingΒ 

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely.Β  This blog post details a true story of […]

The post Indecent Exposure: Your Secrets are ShowingΒ  appeared first on Black Hills Information Security, Inc..

  •  

The Detection Engineering Process

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

The post The Detection Engineering Process appeared first on Black Hills Information Security, Inc..

  •  
  •  

Enable Auditing of Changes to msDS-KeyCredentialLinkΒ 

Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the answer: TrustedSec.Β  So, credit where […]

The post Enable Auditing of Changes to msDS-KeyCredentialLinkΒ  appeared first on Black Hills Information Security, Inc..

  •  

Red Teaming: A Story From the Trenches

This article originally featured in the very first issue of our PROMPT# zine β€” Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security, Inc..

  •  

The Human Element in Cybersecurity: Understanding Trust and Social EngineeringΒ 

Human TrustΒ  Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]

The post The Human Element in Cybersecurity: Understanding Trust and Social EngineeringΒ  appeared first on Black Hills Information Security, Inc..

  •  

Spamming Microsoft 365 Like It’s 1995Β 

I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, it […]

The post Spamming Microsoft 365 Like It’s 1995Β  appeared first on Black Hills Information Security, Inc..

  •  

Dynamic Device Code PhishingΒ 

rvrsh3ll //Β  IntroductionΒ  This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

The post Dynamic Device Code PhishingΒ  appeared first on Black Hills Information Security, Inc..

  •  

Field Guide to the Android Manifest File

Every Android application has a β€œmanifest.xml” file located in the root directory of the APK. (Remember APKs are just zip files.) The manifest file is like a guide to the application.

The post Field Guide to the Android Manifest File appeared first on Black Hills Information Security, Inc..

  •  

Phishing Made Easy(ish)

Hannah Cartier // Social engineering, especially phishing, is becoming increasingly prevalent in red team engagements as well as real-world attacks. As security awareness improves and systems become more locked down, […]

The post Phishing Made Easy(ish) appeared first on Black Hills Information Security, Inc..

  •  
  •  

How to Hack Hardware using UART

Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see β€œJTAG – Micro-Controller Debuggingβ€œ), and although I made considerable progress finding and identifying the […]

The post How to Hack Hardware using UART appeared first on Black Hills Information Security, Inc..

  •  

Podcast: Weaponizing Corporate Intel. This Time, It’s Personal!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

The post Podcast: Weaponizing Corporate Intel. This Time, It’s Personal! appeared first on Black Hills Information Security, Inc..

πŸ’Ύ

  •  

Webcast: Weaponizing Corporate Intel. This Time, It’s Personal!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

The post Webcast: Weaponizing Corporate Intel. This Time, It’s Personal! appeared first on Black Hills Information Security, Inc..

  •  

Social Engineering in Japan

Kelsey Bellew//* It’s an occupational hazard to see vulnerabilities everywhere. When I see a router sitting in plain sight I think, β€œThe default creds are probably printed on the back; […]

The post Social Engineering in Japan appeared first on Black Hills Information Security, Inc..

  •  

Social Engineering – Sometimes It’s Too Easy

Carrie Roberts // A fun story from an adventure in social engineering not too long ago. Thought I’d pass on some things I learnedΒ and waysΒ to be more prepared in the […]

The post Social Engineering – Sometimes It’s Too Easy appeared first on Black Hills Information Security, Inc..

  •  

Phishing Family Tree Now: A Social Engineering Odyssey

Joe Gray* // You may have heard about a new genealogy tool calledΒ Family Tree Now. It is a (seemingly) 100% free tool (more on that later) that allows you to […]

The post Phishing Family Tree Now: A Social Engineering Odyssey appeared first on Black Hills Information Security, Inc..

  •  
❌