A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! […]
Podcast: Play in new window | Download
Subscribe: RSS
Originally aired on January 13, 2021 Articles discussed in this episode: https://www.theregister.com/2021/01/13/darkmarket_europol_shutdown/ https://www.theregister.com/2021/01/12/microsoft_linux_edr/ https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/ https://threatpost.com/hackers-leak-pfizer-covid-19-vaccine-data/163008/ https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/
Podcast: Play in new window | Download
Subscribe: RSS
Jordan Drysdale // tl;dr This blog is being provided to demonstrate the capabilities of Sysmon logging broken down by event ID. The IDs will be captured in context and matched to their sysmon-modular configuration section for tuning opportunities. Please allow me a shout out here to the author of the sysmon-modular repository on Github. Olaf […]
Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to […]
Podcast: Play in new window | Download
Subscribe: RSS
Originally aired on December 21, 2020 Articles discussed in this episode: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ https://theintercept.com/2020/12/17/russia-hack-austin-texas/
Podcast: Play in new window | Download
Subscribe: RSS
Ray Felch // Introduction While packing up my KeyWe Smart Lock accessories, and after wrapping up my research and two previous blogs “Reverse Engineering a Smart Lock” and “Machine-in-the-Middle BLE Attack”, I came across a couple of KeyWe RFID tags. Although I was somewhat already familiar with RFID (Radio Frequency ID) technology, I decided this […]
Originally aired on December 14, 2020 Articles discussed in this episode: https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680 https://www.solarwinds.com/solutions/orion
Podcast: Play in new window | Download
Subscribe: RSS
Originally aired on December 11, 2020 Articles discussed in this episode: https://www.nobandwidth.io/ https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/ https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/ https://capricocave.wordpress.com/2020/12/10/docker-botnets/ https://www.trustedsec.com/blog/4-free-easy-wins-that-make-red-teams-harder/ https://arstechnica.com/tech-policy/2020/12/florida-posted-the-password-to-a-key-disaster-system-on-its-website/
Podcast: Play in new window | Download
Subscribe: RSS
Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. It’s multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the installation… and the instructions in the original blog I wrote are no longer accurate. https://www.blackhillsinfosec.com/my-first-joyride-with-silenttrinity/ Also, please read the call to arms. Help and support […]
