Black Hills Information Security
Penetration testing for Fortune 50 companies since 2008.
RSS
  • About Us
    • Testers
    • Admin
    • SOC Team
    • HTOC Team
    • Partners
    • Interns
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Active SOC
    • Blockchain Security
    • Blue Team Services
    • Cyber Range
    • Hunt Teaming (HTOC)
    • Incident Response
    • Penetration Testing
  • Projects/Tools
    • All Tools
    • RITA
    • Backdoors & Breaches
    • Books
    • REKCAH
  • Learn
    • Blog
    • Conference
    • Podcasts
    • PROMPT# Zine
    • Training
    • Webcasts
  • Community
    • Discord
    • LinkedIn
    • T-Shirts & Hoodies
    • Twitter
    • YouTube
BLOG_chalkboard_00593

General InfoSec Tips & Tricks, Informational, Red Team Microsoft 365, Spoofing

Spoofing Microsoft 365 Like It’s 1995

Steve Borosh // Why Phishing? Those of us on the offensive side of security often find ourselves in the position to test our clients’ resilience to phishing attacks. According to the Verizon 2021 Data Breach Investigations Report,1 phishing comprises 25% of all breaches. Phishing remains one of the top ways adversaries enter networks. Defense-in-Depth The […]

Read the entire post here

thumbnail_BLOG_chalkboard_00592

Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, How-To, Hunt Teaming, Informational, InfoSec 101 ARM Templates, Attribution, Detection, Engineering, Geopolitics, hunting, Microsoft Sentinel

Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel 

Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs are inexpensive to retain, the platform is powerful, and even massive data queries are insanely responsive.   Attribution is fun, and scary too! Have you ever […]

Read the entire post here

Backdoors & Breaches, Blue Team, Blue Team Tools, Fun & Games, How-To, Informational, Webcasts

How to Use Backdoors & Breaches to do Tabletop Exercises and Learn Cybersecurity

Have you heard of Backdoors & Breaches, or even have a deck of your own, and yet… still don’t know how to use it? We created an incident response card game that helps you and your organization conduct engaging and effective tabletop exercises. Watch us demo the game and play through the free online version […]

Read the entire post here

BLOG_chalkboard_00591

C2, General InfoSec Tips & Tricks, Red Team initial access, RDP, remote desktop

Rogue RDP – Revisiting Initial Access Methods

Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red teams that will inevitably make initial access a bit more difficult to achieve. Over the last year, I have invested some research time in pursuing […]

Read the entire post here

BLOG_chalkboard_00590 (1)

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 301 DNS Security

The DNS over HTTPS (DoH) Mess

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought also emanated from watching many discussions and participating in conversations with Paul Vixie at Wild West Hackin’ Fest in Reno, Nevada 2021.) To put this […]

Read the entire post here

00589_02072022_AzureSandbox

Blue Team, Blue Team Tools, General InfoSec Tips & Tricks, Hunt Teaming, Informational

The Azure Sandbox – Purple Edition 

Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its security posture, and in my opinion, gone above and beyond to root out threats at its core. While AWS was the innovator and maintains that […]

Read the entire post here

Blue Team, Informational, InfoSec 101, Webcasts

Webcast: New Wave of Ransomware Attacks: How did this happen?

This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand.  In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are. Consider this to […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

Informational, Webcasts

Webcast: Intro to Ransomware and Industrial Control Systems (ICS)

Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

General InfoSec Tips & Tricks, InfoSec 101, Webcasts

Webcast: Hack for Show, Report For Dough: Part 2

At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their explanations. For their story of the environment as it appears to an attacker. The scanning and testing and exploiting (and failing at those things) is […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

1 2 3 4 ›»

Follow Us

Looking For Something?

Browse by category

Recent Posts

  • Talkin’ About Infosec News – 4/25/2022
    ORIGINALLY AIRED ON APRIL 25, 2022 Articles discussed
  • BLOG_chalkboard_00593Spoofing Microsoft 365 Like It’s 1995
    Steve Borosh // Why Phishing? Those of us on the
  • thumbnail_BLOG_chalkboard_00592Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel 
    Jordan Drysdale // Summary! There are tons of security

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Blue Team bypassing AV C2 command and control encryption hacking hardware hacking Hashcat infosec john strand Jordan Drysdale Kent Ickler Linux LLMNR MailSniper Microsoft Nessus Password cracking password policy passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast Podcasts PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security

115 W. Hudson St. Spearfish, SD 57783 | 701-484-BHIS
© 2008

Links
Search the site