PODCAST

Informational Archives - Black Hills Information Security, Inc.

news tech news

All Episodes

Inside the BHIS SOC: A Conversation with Hayden...

Informational Archives - Black Hills Information... ·

2025/12/03

What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them. The post Inside the BHIS SOC: A Conversation with Hayden Covington appeared first on Black Hills Information Security, Inc..

en-US

Abusing Delegation with Impacket (Part 3):...

Informational Archives - Black Hills Information... ·

2025/11/26

This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation. The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..

en-US

Abusing Delegation with Impacket (Part 2):...

Informational Archives - Black Hills Information... ·

2025/11/12

This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..

en-US

Abusing Delegation with Impacket (Part 1):...

Informational Archives - Black Hills Information... ·

2025/11/05

In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..

en-US

Model Context Protocol (MCP)

Informational Archives - Black Hills Information... ·

2025/10/22

The Model Context Protocol (MCP) is a proposed open standard that provides a two-way connection for AI-LLM applications to interact directly with external data sources. It is developed by Anthropic and aims to simplify AI integrations by reducing the need for custom code for each new system. The post Model Context Protocol (MCP) appeared first on Black Hills Information Security, Inc..

en-US

Getting Started with AI Hacking Part 2: Prompt Injection

Informational Archives - Black Hills Information... ·

2025/10/08

In Part 2, we’re diving headfirst into one of the most critical attack surfaces in the LLM ecosystem - Prompt Injection: The AI version of talking your way past the bouncer.The post Getting Started with AI Hacking Part 2: Prompt Injection appeared first on Black Hills Information Security, Inc..

en-US

DomCat: A Domain Categorization Tool

Informational Archives - Black Hills Information... ·

2025/09/24

DomCat is a command-line tool written in Golang that helps the user find expired domains with desirable categorizations.The post DomCat: A Domain Categorization Tool appeared first on Black Hills Information Security, Inc..

en-US

Microsoft Store and WinGet: Security Risks for...

Informational Archives - Black Hills Information... ·

2025/09/10

The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy. The post Microsoft Store and WinGet: Security Risks for Corporate Environments appeared first on Black Hills Information

en-US

Default Web Content

Informational Archives - Black Hills Information... ·

2025/09/03

Whether it's forgotten temporary files, installation artifacts, READMEs, or even simple image files--default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation. The post Default Web Content appeared first on Black Hills Information Security, Inc..

en-US

MailFail

Informational Archives - Black Hills Information... ·

2025/09/02

MailFail is a Firefox browser extension that identifies and provides commands to exploit a large number of email-related misconfigurations for the current domain and subdomain. The extension's UI popup highlights any misconfigurations in red and links to the supporting documentation. The post MailFail appeared first on Black Hills Information Security, Inc..

en-US

Bypassing CSP with JSONP: Introducing JSONPeek and...

Informational Archives - Black Hills Information... ·

2025/08/13

A Content Security Policy (CSP) is a security mechanism implemented by web servers and enforced by browsers to prevent various types of attacks, primarily cross-site scripting (XSS). CSP works by restricting resources (scripts, stylesheets, images, etc.) on a webpage to only execute if they come from approved sources. However, like most things in security, CSP isn't bulletproof.The post Bypassing CSP with JSONP: Introducing JSONPeek and CSP B Gone appeared first on Black Hills Information

en-US

Detecting ADCS Privilege Escalation

Informational Archives - Black Hills Information... ·

2025/07/23

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..

en-US

How to Design and Execute Effective Social...

Informational Archives - Black Hills Information... ·

2025/06/18

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.The post How to Design and Execute Effective Social Engineering Attacks by Phone appeared first on Black Hills Information Security, Inc..

en-US

Abusing S4U2Self for Active Directory Pivoting

Informational Archives - Black Hills Information... ·

2025/06/11

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!The post Abusing S4U2Self for Active Directory Pivoting appeared first on Black Hills Information Security, Inc..

en-US

Augmenting Penetration Testing Methodology with...

Informational Archives - Black Hills Information... ·

2025/05/14

A common use case for LLMs is rapid software development. One of the first ways I used AI in my penetration testing methodology was for payload generation.The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 2: Copilot appeared first on Black Hills Information Security, Inc..

en-US

Augmenting Penetration Testing Methodology with...

Informational Archives - Black Hills Information... ·

2025/05/07

Burpference is a Burp Suite plugin that takes requests and responses to and from in-scope web applications and sends them off to an LLM for inference. In the context of artificial intelligence, inference is taking a trained model, providing it with new information, and asking it to analyze this new information based on its training.The post Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference appeared first on Black Hills Information Security,

en-US

Intercepting Traffic for Mobile Applications that...

Informational Archives - Black Hills Information... ·

2025/04/30

This is a foolproof guide to intercepting traffic from mobile applications built on Flutter, which historically have been especially challenging to intercept.The post Intercepting Traffic for Mobile Applications that Bypass the System Proxy appeared first on Black Hills Information Security, Inc..

en-US

Introducing Orbit

Informational Archives - Black Hills Information... ·

2025/03/13

When I set out to build Orbit, I knew that the interface had to be intuitive and accessible, but more importantly, the application had to solve a real problem. And here’s the challenge we faced... The post Introducing Orbit appeared first on Black Hills Information Security.

en-US

AI Large Language Models and Supervised Fine Tuning

Informational Archives - Black Hills Information... ·

2025/01/23

This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]The post AI Large Language Models and Supervised Fine Tuning appeared first on Black Hills Information Security.

en-US

Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent &...

Informational Archives - Black Hills Information... ·

2025/01/20

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security.

en-US

52 results

Informational Archives - Black Hills Information Security, Inc.

All Episodes

Similar Podcasts

Expres Ráno

Expres FM

PBS News Hour - Full Show

PBS News

CD Voice

China Daily

Israel Today: Ongoing War Report

Noa Levi

Jeffrey Epstein: The Coverup Chronicles

Bobby Capucci