One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

In this video, Michael Allen discusses how to test Adversary-in-the-Middle attacks without using hacking tools. He delves into the intricacies of credential harvesting, the evolution of multi-factor authentication (MFA), and how attackers adapt their strategies to bypass security measures.

The post How to Test Adversary-in-the-Middle Without Hacking Tools appeared first on Black Hills Information Security, Inc..

BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and […]

The post When Infosec and Weed Collide: Handling Administrative Actions Safely appeared first on Black Hills Information Security, Inc..

Carrie Roberts // Answer: Enough to make it worth it! Penetration testers love to perform password spraying attacks against publicly available email portals as described here in this great post by Beau Bullock. […]

The post Question:  What Can I Learn from Password Spraying a 2FA Microsoft Web App Portal? appeared first on Black Hills Information Security, Inc..

Logan Lembke // Kerberos authentication can be daunting but is an important protocol to understand for any IT professional, and especially important in the field of information security. While you […]

The post What’s trust among schoolchildren: Kerberos Authentication Explained appeared first on Black Hills Information Security, Inc..