Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for […]
John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how […]
Podcast: Play in new window | Download
Ray Felch // INTRODUCTION Recently I was afforded the opportunity to research the findings of a well-known security firm (F-Secure), who had discovered a vulnerability in the Guardtec KeyWe Smart Lock. The F-Secure people found that due to a design flaw, an attacker could intercept and decrypt traffic coming from a legitimate owner of the […]
Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing a Python tool with apt-get and another with pip? Notice how some things don’t work anymore? Ever wondered if there was an easier way to […]
Podcast: Play in new window | Download
CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, over the years. Topics Covered: Selecting the type of test Selecting the company to test When to test Issues around conducting a test This webcast […]
Podcast: Play in new window | Download
Kent Ickler // TL;DR Want a quick fix? Almost every marketing platform we’ve seen has decent tutorials on authorizing outbound email with SPF and DKIM authorization. Salesforce: https://help.salesforce.com/articleView?id=000315520&language=en_US SendGrid: https://sendgrid.com/docs/glossary/spf/ MailChimp: https://mailchimp.com/help/set-up-custom-domain-authentication-dkim-and-spf/ MailGun: https://mxtoolbox.com/c/outboundemailsources?public=Mailgun Amazon SES: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-spf.html Constant Contact: https://knowledgebase.constantcontact.com/articles/KnowledgeBase/34717-SPF-Self-Publishing-for-Email-Authentication?lang=en_US If you’re a marketing arm of your organization or are a mass marketing company and […]
Are you tired of spinning up an entire OS in a VM just to run a tool? Have you ever struggled to install a program you needed? When was the last time you spent hours troubleshooting a complex install process or resolving dependency conflicts? We’ve certainly experienced each of these problems ourselves. But since we […]
Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been diligently following along – three webcasts now, a four-hour intro training session on a Saturday, our students who have attended the virtual courses – it […]
Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble […]
Podcast: Play in new window | Download
