Melissa Bruno // So you have an Internet-facing DNS server. Maybe you decided to set one up at home for fun, or your company has one that works with other services. Either way, you probably have a group of people in mind who should be using it. But are you sure that they’re the only […]
John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take is to try and implement full application whitelisting on every single application across their entire environment. While this goal is fun and seems like a […]
Darin Roberts // I recently had to install a new gold image as my Kali Linux testing virtual machine. Almost on every test I do, I clone the gold image and use the fresh install to start from. On this image I install as many of the scripts and tools as I can so when […]
John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just plain awful) logging in Windows. Basically, trying to get information from standard Windows logs is a lot like playing tennis against curtains. Sure, you can […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:36 Problem Statement and Executive Problem Statement 9:00 Short Sysmon review, introduction to ELK, what programs make up ELK, data type and its affect on elasticsearch, answering viewer questions 20:51 Touching on different types of logs, how logstash deals […]
Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see “JTAG – Micro-Controller Debugging“), and although I made considerable progress finding and identifying the JTAG (Joint Test Action Group) pins on my target board (Samsung S3C4510 CPU) Linksys BEFSR41 router, there were complications. I ran into a number of […]
Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 5:03 Introduction, problem statement, and executive problem statement 8:19 What Sysmon is with a demo of how it works 24:54 Implementing Sysmon and how to have your computers automatically update and utilize Sysmon 29:05 Applocker, its uses, and […]
Raymond Felch // Being an embedded firmware engineer for most of my career, I quickly became fascinated when I learned about reverse engineering firmware using JTAG. I decided to take on this project as an opportunity to learn more about this somewhat obscure and often overlooked attack vector. excerpt from: https://en.wikipedia.org/wiki/JTAG JTAG (named after […]
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found two paths to ingress the customer’s virtual private cloud (VPC) through the elastic map reduce (EMR) application stacks. One of the vulns that gained us […]
