Black Hills Information Security
106 FOLLOWERS
At Black Hills Information Security (BHIS), we strive to strengthen our customer's information security infrastructure and employees through penetration testing, consulting, and defensive security services. Since our founding in 2008, companies of all sizes, from small community banks to Fortune 100 companies, have entrusted us with their business.
Black Hills Information Security
2d ago
tl;dr: Install Wifiphisher on Kali and run a basic attack. This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024). Two […]
The post How to Install and Perform Wi-Fi Attacks with Wifiphisher appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1w ago
Human Trust Most people associated with information technology roles understand the application of technical controls like the use of firewalls, encryption, and security products for defenses against digital threats. Proper […]
The post The Human Element in Cybersecurity: Understanding Trust and Social Engineering appeared first on Black Hills Information Security ..read more
Black Hills Information Security
2w ago
While social engineering attacks such as phishing are a great way to gain a foothold in a target environment, direct attacks against externally exploitable services are continuing to make headlines. […]
The post In Through the Front Door – Protecting Your Perimeter appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1M ago
The WebSocket Protocol, standardized in 2011 with RFC 6455, enables full-duplex communication between clients and web servers over a single, persistent connection, resolving a longstanding limitation of HTTP that hindered […]
The post Can’t Stop, Won’t Stop Hijacking (CSWSH) WebSockets appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1M ago
Quick Jump: In the constantly evolving landscape of cybersecurity, it is common to see features designed for convenience lead to negative cybersecurity consequences. Microsoft Teams, an essential tool for corporate […]
The post Wishing: Webhook Phishing in Teams appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1M ago
Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]
The post OSINT for Incident Response (Part 2) appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1M ago
The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]
The post Initial Access Operations Part 2: Offensive DevOps appeared first on Black Hills Information Security ..read more
Black Hills Information Security
1M ago
Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]
The post Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape appeared first on Black Hills Information Security ..read more
Black Hills Information Security
2M ago
What is Hydra? Hydra is a tool that can be used for password spraying. Let’s begin by defining the term “password spray.” A password spray is where an attacker defines […]
The post Hacking with Hydra appeared first on Black Hills Information Security ..read more
Black Hills Information Security
2M ago
The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […]
The post Revisiting Insecure Direct Object Reference (IDOR) appeared first on Black Hills Information Security ..read more