Originally aired on October 26, 2020.
Ray Felch // Introduction Continuing with my ongoing Smart Lock attack research (see blog Reverse Engineering a Smart Lock), I decided to move my focus to a different type of attack technique, namely a relay attack. The relay attack is a form of MitM attack, not to be confused with the more well-known replay attack. […]
Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through […]
Carrie & Darin Roberts // If you would like to install the Mitre CALDERA server on your own, the CALDERA GitHub page has installation instructions on their ReadMe here. Detailed steps are provided below for installing CALDERA on Ubuntu and configuring it to use your SSL certification. Clone the Repository git clone https://github.com/mitre/caldera.git –recursive –branch […]
They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be […]
Beau Bullock // Overview On offensive engagements, such as penetration tests and red team assessments, I have been seeing inconsistencies in how MFA is applied to the various Microsoft services. Across Microsoft 365 and Azure, there are multiple endpoints. These endpoints can all be configured under different Conditional Access policy settings, which sometimes lead to […]
Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for […]
John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how […]