Jordan Drysdale // tl;dr This blog is being provided to demonstrate the capabilities of Sysmon logging broken down by event ID. The IDs will be captured in context and matched to their sysmon-modular configuration section for tuning opportunities. Please allow me a shout out here to the author of the sysmon-modular repository on Github. Olaf […]
Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to […]
Podcast: Play in new window | Download
Subscribe: RSS
Originally aired on December 21, 2020 Articles discussed in this episode: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ https://theintercept.com/2020/12/17/russia-hack-austin-texas/
Podcast: Play in new window | Download
Subscribe: RSS
Ray Felch // Introduction While packing up my KeyWe Smart Lock accessories, and after wrapping up my research and two previous blogs “Reverse Engineering a Smart Lock” and “Machine-in-the-Middle BLE Attack”, I came across a couple of KeyWe RFID tags. Although I was somewhat already familiar with RFID (Radio Frequency ID) technology, I decided this […]
Originally aired on December 14, 2020 Articles discussed in this episode: https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680 https://www.solarwinds.com/solutions/orion
Podcast: Play in new window | Download
Subscribe: RSS
Originally aired on December 11, 2020 Articles discussed in this episode: https://www.nobandwidth.io/ https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/ https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/ https://capricocave.wordpress.com/2020/12/10/docker-botnets/ https://www.trustedsec.com/blog/4-free-easy-wins-that-make-red-teams-harder/ https://arstechnica.com/tech-policy/2020/12/florida-posted-the-password-to-a-key-disaster-system-on-its-website/
Podcast: Play in new window | Download
Subscribe: RSS
Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the installation… and the instructions in the original blog I wrote are no longer accurate. https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/ Also, please read the call to arms. Help and support […]
Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple […]
Podcast: Play in new window | Download
Subscribe: RSS
Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in […]
Podcast: Play in new window | Download
Subscribe: RSS
