Black Hills Information Security, Inc.
RSS
  • All Services
    • Penetration Testing
    • Continuous Penetration Testing
    • Web Application Testing
    • Active SOC
    • Fusion PenTest
    • AI Security Assessments
    • Incident Response
    • Blue Team Services
    • Blockchain Security
    • High-Profile Risk Assessments
    • Complete Service Guide
  • Contact Us
    • Contact Us
    • Email Sign-Up
  • About Us
    • Security Consultants
    • Admin Team
    • Active SOC Team
    • Antisyphon Training
    • BHIS Tribe of Companies
  • Free Resources
    • Blogs
    • Free Cybersecurity Tools
    • Free Cybersecurity Webcasts
    • Podcasts
    • RITA
  • Training
    • BHIS & Antisyphon Training
    • WWHF Conference
  • Community
    • Discord
    • LinkedIn
    • YouTube
    • Bluesky
    • Twitter/X
    • Upcoming Events
  • Fun Stuff
    • Backdoors & Breaches
    • Merch, Zines & More
    • PROMPT# Zine
    • REKCAH
    • Books
WC_wrap-up_W0013

Webcast Wrap-Up, Webcasts log analysis, Netowrk Security, network traffic, Zeek, Zeek Logs

Introduction to Zeek Log Analysis

In this video, Troy Wojewoda discusses the intricacies of Zeek log analysis, focusing on how this network security monitoring system can be used to understand traffic and analyze logs effectively.

Read the entire post here
Secrets_header

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing 

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely.  This blog post details a true story of […]

Read the entire post here
WC_wrap-up_W0012

Dave Blandford, Web App, Webcast Wrap-Up Burp, Burp extensions, Burp Suite, extensions, Web Application Testing

Creating Burp Extensions: A Beginner’s Guide

In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

Read the entire post here
BLOG_chalkboard_00702

Brian Fehrman, How-To AI, Artificial Intelligence, LLMs, Machine Learning, PyRIT

Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) 

Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]

Read the entire post here
BLOG_chalkboard_00701 (1)

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024) 

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here
BLOG_chalkboard_00700

Brian Ireland, Informational, InfoSec 201 B&B, Backdoors & Breaches, ICS/SCADA, Industrial Control Systems, Initial Compromise

ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches

This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.

Read the entire post here
WC_wrap-up_W0011

Ethan Robish, Webcast Wrap-Up Data Analytics, DuckDB, SQL, Structured Query Language

Intro to Data Analytics Using SQL

In this video, Ethan Robish discusses the fundamentals and intricacies of data analytics using SQL.

Read the entire post here
BLOG_chalkboard_00699

Craig Vincent, Informational, Web App Access Control Vulnerability, Access Controls, Autorize, IDOR

Finding Access Control Vulnerabilities with Autorize

In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]

Read the entire post here
WC_wrap-up_W0010

Hayden Covington, SOC Alerting, automation, detection engineering, detections, Security Operations Center

The Detection Engineering Process

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

Read the entire post here
«‹ 10 11 12 13›»

Looking For Something?

Browse by category

Recent Posts

  • webapp_headerFinding and Addressing Vulnerable and Outdated Web Application Components
    Vulnerable and outdated software components are one of
  • egress_headerInsufficient Egress Filtering: How Weak Outbound Controls Enable Attacks
    Insufficient egress filtering is a commonly identified
  • _aipentest_headerEveryone’s Selling AI That Kills Pentesting. We Built One That Doesn’t.
    What we built, Fusion AI, runs at about a third the

Browse by topic

Active Directory ADHD AI anti-virus Attack Tactics AV Beau Bullock BHIS Blue Team C2 Carrie Roberts cloud Cyber Deception hacking infosec Infosec for Beginners InfoSec Survival Guide Joff Thyer john strand Jordan Drysdale Kent Ickler Kerberos Linux MailSniper Malware Microsoft Nessus Nmap passwords password spraying pen-testing penetration testing pentest Pentesting phishing PowerShell Python Red Team red teaming RITA Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security, Inc.

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
  • YouTube
  • LinkedIn
  • Bluesky
  • Discord
  • X
  • iTunes
Search the site