Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?

The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..

Hear a tale about the time the BHIS SOC team conducted a 14-hour overnight incident response... from the Wild West Hackin' Fest conference in Deadwood, South Dakota.

The post When the SOC Goes to Deadwood: A Night to Remember  appeared first on Black Hills Information Security, Inc..

In today’s interconnected digital world, information security has become a critical concern for individuals, businesses, and governments alike. Cyber threats, which encompass a wide range of malicious activities targeting information systems, pose significant risks to the confidentiality, integrity, and availability of data.

The post Common Cyber Threats appeared first on Black Hills Information Security, Inc..

This blog is for anyone who is interested in finding a good penetration testing company.

The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..

This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical copy on the Spearphish General Store. […]

The post How to Perform and Combat Social Engineering appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors […]

The post How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots appeared first on Black Hills Information Security, Inc..

Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.

The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the client’s […]

The post The Curious Case of the Comburglar appeared first on Black Hills Information Security, Inc..

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..

What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them.

The post Inside the BHIS SOC: A Conversation with Hayden Covington  appeared first on Black Hills Information Security, Inc..

This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.

The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..

This article was written to provide readers with an overview of a selection of our pentest results from the last 15 months. This data was gathered toward the end of September 2025. Shockingly, the data does not differ much from our prior analyses conducted at the end of 2022 or 2023.

The post Why You Got Hacked – 2025 Super Edition appeared first on Black Hills Information Security, Inc..

This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.

The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..

In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.

The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..

Imagine this: You’re an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that there’s no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.

The post GoSpoof – Turning Attacks into Intel  appeared first on Black Hills Information Security, Inc..

The Model Context Protocol (MCP) is a proposed open standard that provides a two-way connection for AI-LLM applications to interact directly with external data sources. It is developed by Anthropic and aims to simplify AI integrations by reducing the need for custom code for each new system.

The post Model Context Protocol (MCP) appeared first on Black Hills Information Security, Inc..

Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer.

The post Getting Started with AI Hacking Part 2: Prompt Injection appeared first on Black Hills Information Security, Inc..

But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)! 

The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..

DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.

The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..