Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been diligently following along – three webcasts now, a four-hour intro training session on a Saturday, our students who have attended the virtual courses – it […]
Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble […]
Podcast: Play in new window | Download
Moth & James Marrs // Introduction After a month of hard work, Python headaches, dependency hell, and a bit of tool necromancy, ADHD4 is here and we’re thrilled to share it with the community! This version features tools upgraded from Python 2 to Python 3, a fancy new applications menu, updated/reorganized documentation, and more. What’s […]
Derek Banks // I recently heard something on the news that caught my attention. I suppose that isn’t abnormal these days, but this in particular was the first time I had heard of anything like it. The US Government was considering banning a popular application in use on mobile devices. Not just on government devices, […]
John Strand // Hello all! I wanted to take a few moments and share what we have been up to in conjunction with MetaCTF. We have built a cyber range! https://www.blackhillsinfosec.com/services/cyber-range/ Yes, I know very well that this is not interesting. However, there are a couple of things that are pretty neat about it. First, […]
This is a joint webcast between Black Hills Information Security and the Wild West Hackin’ Fest conference. We hate ransomware. Like a lot. This is because we feel this is the future of cyber attacks. If you look at the recent cases and the newish versions that involve extortion, there is nothing to like. Well, […]
Podcast: Play in new window | Download
So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to webapp vulnerabilities than cross-site scripting and SQL injection. Take JWTs – JSON Web Tokens – for example. These are base64 encoded tokens that sometimes get […]
Podcast: Play in new window | Download
Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. Google reports that over 30% of their systems access comes via the IPv6 protocol coming into 2020. Many Internet Service Providers have no remaining choice […]
Podcast: Play in new window | Download
In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again… But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key because many intel feeds are nothing more than domains, hashes, and IP addresses. However, with durable threat intel, we see […]
Podcast: Play in new window | Download
