Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it […]
Podcast: Play in new window | Download
Subscribe: RSS
David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon DBIR under top threat action varieties. Use of stolen credentials sits right behind phishing as the second most utilized threat action in disclosed breaches. Malware variants […]
In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are […]
Podcast: Play in new window | Download
Subscribe: RSS
Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | […]
Podcast: Play in new window | Download
Subscribe: RSS
How to make sure your antivirus is working without any malware Michael Allen // Recently, a customer asked me if there was a way they could generate alerts from the new antivirus product they deployed without executing any actual malware on the system they were testing it on. The computer they wanted to test was an especially sensitive and business-critical system, so it was important that they perform […]
There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should […]
Podcast: Play in new window | Download
Subscribe: RSS
Ray Felch // Introduction Recently, I came across an interesting article on using software-defined radio (SDR) to create a Police, Fire, EMS, and Public Safety systems scanner. Viewing a few of these Trunk tracking scanners on Amazon, I quickly discovered that they are not cheap at all. You can spend several hundred dollars on a Trunked Radio tracking scanner; however, we […]
This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick […]
Podcast: Play in new window | Download
Subscribe: RSS
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our interception proxies, and I know a lot of us are huge fans of the great work that PortSwigger has done with Burp Suite over the years. Having said this, […]
