Carrie & Darin Roberts // If you would like to install the Mitre CALDERA server on your own, the CALDERA GitHub page has installation instructions on their ReadMe here. Detailed steps are provided below for installing CALDERA on Ubuntu and configure it to use your SSL certification. Clone the Repository git clone https://github.com/mitre/caldera.git –recursive –branch […]
They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be […]
Podcast: Play in new window | Download
Beau Bullock // Overview On offensive engagements, such as penetration tests and red team assessments, I have been seeing inconsistencies in how MFA is applied to the various Microsoft services. Across Microsoft 365 and Azure, there are multiple endpoints. These endpoints can all be configured under different Conditional Access policy settings, which sometimes lead to […]
Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for […]
Podcast: Play in new window | Download
John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how […]
Podcast: Play in new window | Download
Ray Felch // INTRODUCTION Recently I was afforded the opportunity to research the findings of a well-known security firm (F-Secure), who had discovered a vulnerability in the Guardtec KeyWe Smart Lock. The F-Secure people found that due to a design flaw, an attacker could intercept and decrypt traffic coming from a legitimate owner of the […]
Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing a Python tool with apt-get and another with pip? Notice how some things don’t work anymore? Ever wondered if there was an easier way to […]
Podcast: Play in new window | Download
CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, over the years. Topics Covered: Selecting the type of test Selecting the company to test When to test Issues around conducting a test This webcast […]
Podcast: Play in new window | Download
Kent Ickler // TL;DR Want a quick fix? Almost every marketing platform we’ve seen has decent tutorials on authorizing outbound email with SPF and DKIM authorization. Salesforce: https://help.salesforce.com/articleView?id=000315520&language=en_US SendGrid: https://sendgrid.com/docs/glossary/spf/ MailChimp: https://mailchimp.com/help/set-up-custom-domain-authentication-dkim-and-spf/ MailGun: https://mxtoolbox.com/c/outboundemailsources?public=Mailgun Amazon SES: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html Constant Contact: https://knowledgebase.constantcontact.com/articles/KnowledgeBase/34717-SPF-Self-Publishing-for-Email-Authentication?lang=en_US If you’re a marketing arm of your organization or are a mass marketing company and […]
