Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.

The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

Keeping websites and applications secure starts with knowing which vulnerabilities exist, how severe they are, and whether they affect your stack. That’s exactly where the CVE program shines. Below, we’ll cover some CVE fundamentals, including what they are, how to search and understand the data, and how to translate this information into actionable steps.

Introduction to the CVE database
So, what is CVE?

CVE stands for Common Vulnerabilities and Exposures, a community-driven program that assigns unique identifiers to publicly known vulnerabilities.

Continue reading A Beginner’s Guide to the CVE Database at Sucuri Blog.

Imagine this: You’re an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that there’s no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.

The post GoSpoof – Turning Attacks into Intel  appeared first on Black Hills Information Security, Inc..

But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)! 

The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..

DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.

The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..

Remember the good ‘ol days of Zip drives, Winamp, the advent of “Office 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]

The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..

An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.

The post Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource appeared first on Black Hills Information Security, Inc..

DNS Triage is a reconnaissance tool that finds information about an organization's infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.

The post DNS Triage Cheatsheet appeared first on Black Hills Information Security, Inc..

GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!

The post GraphRunner Cheatsheet appeared first on Black Hills Information Security, Inc..

Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you're likely to use.

The post Burp Suite Cheatsheet appeared first on Black Hills Information Security, Inc..

Impacket is an extremely useful tool for post exploitation. It is a collection of Python scripts that provides low-level programmatic access to the packets and for some protocols, such as DCOM, Kerberos, SMB1, and MSRPC, the protocol implementation itself.

The post Impacket Cheatsheet appeared first on Black Hills Information Security, Inc..

Wireshark is an incredible tool used to read and analyze network traffic coming in and out of an endpoint. Additionally, it can load previously captured traffic to assist with troubleshooting network issues or analyze malicious traffic to help determine what a threat actor is doing on your network.

The post Wireshark Cheatsheet appeared first on Black Hills Information Security, Inc..

Hashcat is a powerful tool for recovering lost passwords, and, thanks to GPU acceleration, it’s one of the fastest. It works by rapidly trying different password guesses to determine the original password from its scrambled (hashed) version.

The post Hashcat Cheatsheet appeared first on Black Hills Information Security, Inc..

Offensive Purpose: Efficient way to gather info about web services & their hosting infrastructure. Automates taking screenshots for quick & easy review.

The post EyeWitness Cheatsheet appeared first on Black Hills Information Security, Inc..

Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.

The post Nmap Cheatsheet appeared first on Black Hills Information Security, Inc..

Netcat is a network utility tool that has earned the nickname "The Swiss Army Knife" of networking. It can be used for file transfers, chat/messaging between systems, port scanning, and much more.

The post Netcat (nc) Cheatsheet  appeared first on Black Hills Information Security, Inc..

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..

One tool that I can't live without when performing a penetration test in an Active Directory environment is called NetExec. Being able to efficiently authenticate against multiple systems in the network is crucial, and NetExec is an incredibly powerful tool that helps automate a lot of this activity.

The post Getting Started with NetExec: Streamlining Network Discovery and Access appeared first on Black Hills Information Security, Inc..

In my journey to explore how I can use artificial intelligence to assist in penetration testing, I experimented with a security-focused chat bot created by Jason Haddix called Arcanum Cyber Security Bot (available on https://chatgpt.com/gpts). Jason engineered this bot to leverage up-to-date technical information related to application security and penetration testing.

The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 3: Arcanum Cyber Security Bot appeared first on Black Hills Information Security, Inc..

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

The post Abusing S4U2Self for Active Directory Pivoting appeared first on Black Hills Information Security, Inc..