Black Hills Information Security
RSS
  • About Us
    • Testers
    • Admin
    • SOC/HTOC Team
    • Partners
    • Interns
    • BHIS Tribe of Companies
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Active SOC
    • Blockchain Security
    • Blue Team Services
    • High-Profile Risk Assessments
    • Hunt Teaming (HTOC)
    • Incident Response
    • Penetration Testing
  • Projects/Tools
    • All Tools
    • RITA
    • Books
    • REKCAH
  • Learn
    • Backdoors & Breaches
    • Blog
    • Conference
    • Podcasts
    • PROMPT# Zine
    • Upcoming Events
    • Webcasts
  • Community
    • Discord
    • LinkedIn
    • T-Shirts & Hoodies
    • Twitter
    • YouTube
  • Training
Got Enough Monitors

Carrie Roberts, General InfoSec Tips & Tricks, Informational

Got Enough Monitors?

Carrie Roberts // Guest Blog OK, I admit it: I might have a problem. But seriously, can you ever really have enough screen space? In this blog post, I’ll describe […]

Read the entire post here

BLOG_chalkboard_00621

Blue Team, C2, Derek Banks, Hunt Teaming, Incident Response, Informational

Ssh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network

Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […]

Read the entire post here

Your Browser is Not a Safe Space

Blue Team, Corey Ham, Informational, Red Team Browser Security, Data Breaches, Malware, Password Managers, Stealer Logs

Your Browser is Not a Safe Space

Corey Ham // Tl;dr   Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items.   Personal security: Do not save anything sensitive in […]

Read the entire post here

Parsing Sysmon Logs on Microsoft Sentinel

Blue Team, Blue Team Tools, How-To, Informational, Jordan Drysdale

Parsing Sysmon Logs on Microsoft Sentinel

Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]

Read the entire post here

Hit the Ground Running with Prototype Pollution  

Finding, How-To, Informational, Isaac Burton, Web App Prototype Pollution, Web API

Hit the Ground Running with Prototype Pollution  

Isaac Burton // For as long as we have known about prototype pollution vulnerabilities, there has been confusion on what they are and how they can be exploited. We’re going […]

Read the entire post here

BLOG_chalkboard_00617

Fernando Panizza, General InfoSec Tips & Tricks, How-To, Informational

Forwarding Traffic Through SSH

Fernando Panizza // This was meant to be an OpenSSH how-to blog, but since I had time, I decided to read the man pages (manual pages that you can access […]

Read the entire post here

BLOG_chalkboard_00615

How-To, Joseph Kingstone, Physical

Tales From the Pick: Intro to Physical Security Tools

Joseph Kingstone // Looking to get into physical security? Not sure what you need to get started? Look no further.  What are Physical Security Assessments?   Physical security assessments evaluate an […]

Read the entire post here

BLOG_chalkboard_00616

Alyssa Snow, External/Internal, General InfoSec Tips & Tricks, How-To, Informational, Recon, Web App

Gowitness, a Tester’s Time Saver

Alyssa Snow // During an external or internal network penetration test, it can be challenging to comb through each web server in scope to find the juicy stuff. During a […]

Read the entire post here

MITM6 Strikes Again: The Dark Side of IPv6  

Dale Hobbs, External/Internal, How-To, Informational, InfoSec 201 IPv6, Machine-in-the-Middle, MITM6, ntlmrelayx, Replication-Get-Changes-All

MITM6 Strikes Again: The Dark Side of IPv6  

Dale Hobbs // As the world becomes increasingly connected through the internet, cyber attacks have become more sophisticated and prevalent. One type of attack that you may not have heard […]

Read the entire post here

‹ 1 2 3 4›»

Follow Us

Looking For Something?

Browse by category

Recent Posts

  • Talkin’ About Infosec News – 6/9/2023
  • Why Do Car Dealers Need Cybersecurity Services? 
    Tom Smith // At Black Hills Information Security
  • BLOG_chalkboard_00630Shenetworks Recommends: Using Nmap Like a Pro 
    shenetworks // One day at work I received a case

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Beau Bullock Blue Team bypassing AV C2 Carrie Roberts command and control hacking hardware hacking Hashcat infosec Joff Thyer john strand Jordan Drysdale Kent Ickler Linux MailSniper Malware Microsoft Nessus password policy passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security

890 Lazelle Street, Sturgis, SD 57785-1611 | 701-484-BHIS (2447)
© 2008-2023


About Us | BHIS Tribe of Companies | Privacy Policy | Contact

Links
Search the site