This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are. Consider this to […]
Podcast: Play in new window | Download
Subscribe: RSS
Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join […]
Podcast: Play in new window | Download
Subscribe: RSS
At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their explanations. For their story of the environment as it appears to an attacker. The scanning and testing and exploiting (and failing at those things) is […]
Podcast: Play in new window | Download
Subscribe: RSS
Information takes many forms. Some of these forms are easy to understand and others less so. Some are hardly even recognizable. How do you know when you’ve found something interesting? When is that string of random-looking gibberish actually random gibberish and when is it something you can pick apart and make use of? What about […]
Kent Ickler // Background BHIS uses several tools for monitoring infrastructure. One of the most important tools for us that helps monitor systems health is Zabbix. It’s been a while since I went about creating Zabbix (https://www.zabbix.com/) monitoring templates. Long story short, I took a backseat role to Systems Administration a couple years ago when […]
Ray Felch // This write-up is the first of a multi-part series, providing an introduction to LoRa wireless technology and the LoRaWAN, low-power wide-area network (LPWAN). Interestingly, I came across this technology while researching a GPS tracking project that I was working on and quickly determined that this technology might be a viable alternative to […]
Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser how it should behave on certain security considerations. Oh, how times have changed. Here at Black Hills Information Security (BHIS), we’ve actually migrated webservers, hosting […]
Podcast: Play in new window | Download
Subscribe: RSS
Kyle Avery // Introduction Setting up the C2 infrastructure for red team engagements has become more and more of a hassle in recent years. This is a win for the security community because it means that vendors and professionals have learned from previously successful techniques and implemented effective mitigations in their networks. DNS over HTTPS […]
Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay in contact with each other. In some cases, even entire social events (like conferences and club meetings) were ported to platforms such as Discord and Slack to increase biological security, while […]
