Jordan Drysdale // Sacred Cash Cow Tipping Webcast 2018 follow-up The great Kaspersky Internet Security 2017 antivirus product lived up to and met all of my expectations in testing, so [β¦]
The post Treating Antivirus as βThe Gold Standardβ appeared first on Black Hills Information Security, Inc..
John Strand// Itβs time for our annual anti virus bypass extravaganza. See why AV canβt be the end all be all solution to your security framework in 2018! And if [β¦]
The post WEBCAST: Sacred Cash Cow Tipping 2018 appeared first on Black Hills Information Security, Inc..
John Strand// We just finished up a walk through of how we bypassed Cylance in a previous engagement. To conclude this exciting week, I want to share a few comments [β¦]
The post Bypassing Cylance: Part 5 β Looking Forward appeared first on Black Hills Information Security, Inc..
David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment. Β The configuration of the centralized infrastructure and the endpoint agents [β¦]
The post Bypassing Cylance: Part 4 β Metasploit Meterpreter & PowerShell Empire Agent appeared first on Black Hills Information Security, Inc..
David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment. Β The configuration of the centralized infrastructure and the endpoint agents [β¦]
The post Bypassing Cylance: Part 3 β Netcat & Nishang ICMP C2 Channel appeared first on Black Hills Information Security, Inc..
David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.Β The configuration of the centralized infrastructure and the endpoint agents [β¦]
The post Bypassing Cylance: Part 2 β Using DNSCat2 appeared first on Black Hills Information Security, Inc..
David Fletcher // Recently, we had the opportunity to test a production Cylance environment. Obviously, each environment is going to be different and the efficacy of security controls relies largely [β¦]
The post Bypassing Cylance: Part 1 β Using VSAgent.exe appeared first on Black Hills Information Security, Inc..
Brian FehrmanΒ // As described in my last blog post,Β Powershell Without Powershell β How To Bypass Application Whitelisting, Environment Restrictions & AVΒ (sheeeshβ¦itβs been a bit!), we are seeing more environments in [β¦]
The post Power Posing with PowerOPS appeared first on Black Hills Information Security, Inc..
John Strand with BHIS testers // Yes, we did this in 2017, but itβs reflecting work done in 2016.
The post WEBCAST: Sacred Cash Cow Tipping 2016 appeared first on Black Hills Information Security, Inc..
Carrie Roberts // * Would you like to run Mimikatz without Anti-Virus (AV) detecting it? Recently I attempted running the PowerShell script βInvoke-Mimikatzβ from PowerSploitΒ on my machine but it was [β¦]
The post How to Bypass Anti-Virus to Run Mimikatz appeared first on Black Hills Information Security, Inc..
Carrie Roberts // There are various reasons why having a webDAV server comes in handy. The main reason I created one was to execute a malicious Outlook rule attack as [β¦]
The post Deploying a WebDAV Server appeared first on Black Hills Information Security, Inc..
Brian FehrmanΒ (With shout outs to:Β Kelsey Bellew, Beau Bullock)Β // In a previous blog post, we talked about bypassing AV and Application Whitelisting by using a method developed by Casey Smith. In [β¦]
The post Powershell Without Powershell β How To Bypass Application Whitelisting, Environment Restrictions & AV appeared first on Black Hills Information Security, Inc..
Logan Lembke // Antivirus has been a key component in defending computer systems since the 1990s. Over the years, antivirus began to dominate the discussion of PC security with other [β¦]
The post Three Simple Disguises for Evading Antivirus appeared first on Black Hills Information Security, Inc..
Brian Fehrman // There are numerous methods that have been published to bypass Anti-Virus products. As a result, many companies are beginning to realize that application whitelisting is another tool [β¦]
The post How to Bypass Application Whitelisting & AV appeared first on Black Hills Information Security, Inc..
Sally Vandeven // Evading anti-virus scanners has become a bit of a sport around BHIS. Β When we do C2 testing for our customers we start with a host on the [β¦]
The post Click to Enable Content appeared first on Black Hills Information Security, Inc..
John StrandΒ // AV is Dead Long Live Whitelisting. We have been discovering more and more of our tests bypass AV controls with ease.Β Β We have yet to see any iteration or [β¦]
The post The New Security Fundamentals β Kill Your AV appeared first on Black Hills Information Security, Inc..
Joff Thyer // Β When performing a penetration of test of organizations with Windows desktops, many testers will now resort to using tools like Veilβs Powershell Empire in order to [β¦]
The post Modifying Metasploit x64 template for AV evasion appeared first on Black Hills Information Security, Inc..
Login
