Want to learn HOW TO do something? This is a great place to start!
Guest Post at TripWire
Carrie Roberts is one of our super awesome testers. Want to see what pen testing tools she’s added to her toolbox this year? Check out her blog over at TripWire today!
Honeyports & ADHD!!!
John Strand // Lets take a look at how to use HoneyPorts on the new Active Defense Harbinger Distribution. For those of you who do not know, this is a really cool script which dynamically blocks an IP address which makes a full established TCP connection. This is cool because it makes spoofing very hard […]
We Have Built a Cyber Range!
John Strand // Hello all! I wanted to take a few moments and share what we have been up to in conjunction with MetaCTF. We have built a cyber range! https://www.blackhillsinfosec.com/services/cyber-range/ Yes, I know very well that this is not interesting. However, there are a couple of things that are pretty neat about it. First, […]
504 VSAgent Usage Instructions
Jordan Drysdale// HERE IT IS! Finally! For the vsagent from SANS SEC504 (only the finest InfoSec course the world has ever seen!): this is a Q&D deployment guide for the HTTP view state agent demonstrated in the SANS SEC504 labs. The README.md file in the repo has everything you need to get vsagent running for […]
How to Build a 404 page not found C2
A Guest blog by Matthew Pawelski // A C2, or command-and-control, is used by attackers to control compromised systems. Most of these C2s are in control of large botnets, yet some are simply used by an attacker to have access to a system so they can pivot to another device or to steal credentials and […]
How to Build a Better Relationship With Your C-level Regarding Information Security
Josh Thomas // Editor’s Note: Recently on Twitter, we asked our followers “What’s the hardest thing to get your C-level to understand regarding security?” The answers came in like a roaring flood! Hopefully, this helps you towards a path that helps improve your relationship with your c-level and in return alleviate some of those frustrations. One […]
Webcast: Getting Started in Cyber Deception
Ever wanted to get started in cyber deception? Ever wanted to do it for free? In this BHIS webcast, we will cover some basic, legal, and easy tools/techniques to get you started in working with low interaction honeypots to serve as an early warning of attacks. We will also be sharing a recipe for making […]
Podcast: Play in new window | Download
When Infosec and Weed Collide: Handling Administrative Actions Safely
BB King//* The state of Ohio recently validated a webapp pentest finding that sometimes goes overlooked. It relates to the details of administrative functions, how they can be abused, and how just the potential for abuse can call all of your data into question. Here’s what they found: COLUMBUS, Ohio — A “critical flaw” in […]
How to Build a Password Cracker with NVidia GTX 1080TI & GTX 1070
Kent R. Ickler // The Task Update our in-house password cracking/hashing capabilities Purchase a new cracking machine Update the old cracking system Stay within budget Buy The Things: ASUS X99-E WS/USB 3.1 LGA 2011-v3 Intel X99 SATA 6Gb/s USB 3.1 USB 3.0 CEB Intel MotherboardQTY 1: $515https://www.newegg.com/Product/Product.aspx?Item=N82E16813182968 EVGA GeForce GTX 1080 Ti FE DirectX 12 […]
