So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to webapp vulnerabilities than cross-site scripting and SQL injection. Take JWTs – JSON Web Tokens – for example. These are base64 encoded tokens that sometimes get […]
Podcast: Play in new window | Download
Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. Google reports that over 30% of their systems access comes via the IPv6 protocol coming into 2020. Many Internet Service Providers have no remaining choice […]
Podcast: Play in new window | Download
In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again… But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key because many intel feeds are nothing more than domains, hashes, and IP addresses. However, with durable threat intel, we see […]
Podcast: Play in new window | Download
Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors and Forwarding (Handlers) + WinLogBeat + Elastic = The baseline configuration for producing endpoint optics that matter (for almost free). PART 1 – Building Your […]
One of our favorite BHIS guest presenters, Hal Pomeranz, returns for more of the Linux goodness. Roll up for a magical tour through the mysteries of Linux file systems! Relative atime updates, block groups, and allocation strategies, deleted directory entries, and even more will be revealed! This information will help you understand your Linux timelines […]
Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on pentests to identify flaws in Active Directory and general network design and implementation. You’ve probably heard of most of them, like BloodHound, ADExplorer, mimikatz…, wait, […]
Podcast: Play in new window | Download
Job hunting? Looking for a career change? Still in college and want to know how to get started now in your career? If you answered yes to any of these questions, this might be the BHIS webcast for you. This webcast is an update to Jason’s popular recorded DerbyCon 2016 talk — How to Social […]
Podcast: Play in new window | Download
Last month’s Linux webcast with Hal was a rousing success! He actually broke the record for the most live attendees on a Black Hills webcast. So, of course, we asked him to come back. The crowd in the Command Line Dojo was so large that some of the questions got lost in the shuffle. Sensei […]
Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of the tools and scripts I used (created by various authors and security research professionals). In particular, I was interested in creating my own software/hardware implementation […]
