Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:36 Problem Statement and Executive Problem Statement 9:00 Short Sysmon review, introduction to ELK, what programs make up ELK, data type and its affect on elasticsearch, answering viewer questions 20:51 Touching on different types of logs, how logstash deals […]
Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see “JTAG – Micro-Controller Debugging“), and although I made considerable progress finding and identifying the JTAG (Joint Test Action Group) pins on my target board (Samsung S3C4510 CPU) Linksys BEFSR41 router, there were complications. I ran into a number of […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 5:03 Introduction, problem statement, and executive problem statement 8:19 What Sysmon is with a demo of how it works 24:54 Implementing Sysmon and how to have your computers automatically update and utilize Sysmon 29:05 Applocker, its uses, and […]
Raymond Felch // Being an embedded firmware engineer for most of my career, I quickly became fascinated when I learned about reverse engineering firmware using JTAG. I decided to take on this project as an opportunity to learn more about this somewhat obscure and often overlooked attack vector. excerpt from: https://en.wikipedia.org/wiki/JTAG JTAG (named after […]
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found two paths to ingress the customer’s virtual private cloud (VPC) through the elastic map reduce (EMR) application stacks. One of the vulns that gained us […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 0:54 Background behind this webcast, what and why 7:02 Creating resources in Active Directory, User accounts, Groups, and Dummy Computer accounts 18:54 Tools, ResponderGuard, General flow of attacks, reconnaissance, deception and planted credentials 38:12 Password Spraying, honey users, […]
Brian Fehrman // Many of you have likely heard of Domain Fronting. Domain Fronting is a technique that can allow your C2 traffic to blend in with a target’s traffic by making it appear that it is calling out to the domain owned by your target. This is a great technique for red teamers to […]
TJ Nicholls // *BHIS Guest Contributor TL;DR How many times have you had to parse the same output from a tool? Wouldn’t you like to get that time back? There is a lot of overlap in the tools we use and the workflows we perform as information security professionals. Let’s not reinvent the wheel every […]
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June, 2019. The fun part of pentesting is the hacking. But the part that makes it a viable career is the reporting. You can develop the most amazing exploit for the most surprising […]
