Blog - Page 10 of 81 - Black Hills Information Security, Inc.

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]

Read the entire post here

Dave Blandford, Web App, Webcast Wrap-Up Burp, Burp extensions, Burp Suite, extensions, Web Application Testing

Creating Burp Extensions: A Beginner’s Guide

In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

Read the entire post here

Brian Fehrman, How-To AI, Artificial Intelligence, LLMs, Machine Learning, PyRIT

Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs)

Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]

Read the entire post here

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024)

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here

Brian Ireland, Informational, InfoSec 201 B&B, Backdoors & Breaches, ICS/SCADA, Industrial Control Systems, Initial Compromise

ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches

This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.

Read the entire post here

Ethan Robish, Webcast Wrap-Up Data Analytics, DuckDB, SQL, Structured Query Language

Intro to Data Analytics Using SQL

In this video, Ethan Robish discusses the fundamentals and intricacies of data analytics using SQL.

Read the entire post here

Craig Vincent, Informational, Web App Access Control Vulnerability, Access Controls, Autorize, IDOR

Finding Access Control Vulnerabilities with Autorize

In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]

Read the entire post here

Hayden Covington, SOC Alerting, automation, detection engineering, detections, Security Operations Center

The Detection Engineering Process

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

Read the entire post here

GRC Compliance, Governance, Kelli Tarala, leadership, Risk, Risk Management

Cyber Risk Lessons We Can Learn From Hurricane Preparedness

Risk is real. To better understand cybersecurity risk, let’s compare cyber risks to risks in the natural world from hurricanes. We can learn lessons from hurricanes and unnamed storms in […]

Read the entire post here

«‹ 9 10 11 12 ›»