Black Hills Information Security
Penetration testing for Fortune 50 companies since 2008.
RSS
  • About Us
    • Testers
    • Admin
    • SOC Team
    • HTOC Team
    • Partners
    • Interns
  • Contact
    • Contact Us
    • Email Sign-Up
  • Services
    • Active SOC
    • Blockchain Security
    • Blue Team Services
    • Cyber Range
    • Hunt Teaming (HTOC)
    • Incident Response
    • Penetration Testing
  • Projects/Tools
    • All Tools
    • RITA
    • Backdoors & Breaches
    • Books
    • REKCAH
  • Learn
    • Blog
    • Conference
    • Podcasts
    • PROMPT# Zine
    • Training
    • Webcasts
  • Community
    • Discord
    • LinkedIn
    • T-Shirts & Hoodies
    • Twitter
    • YouTube
00559_09202021_WebcastGettingStartedBlockchain

How-To, Informational, Webcasts

Webcast: Getting Started in Blockchain Security and Smart Contract Auditing

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00556_08252021_UnderstandingZigbee

Hardware Hacking, How-To, Informational, Wireless

Understanding Zigbee and Wireless Mesh Networking

Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology interconnects with the internet of things (IoT’s) and to determine just how secure this platform really is. I was already somewhat familiar with home automation […]

Read the entire post here

00549_08122021_CenterforInternetSecurity

General InfoSec Tips & Tricks, Informational, InfoSec 101

Center for Internet Security (CIS) v8 – Why You Should Care

Dale Hobbs // The Center for Internet Security (CIS) Controls are a recommended set of highly effective defensive actions for cyber defense that provide specific and actionable methods to prevent the most dangerous and pervasive cyber-attacks. They were initially developed by the SANS Institute and were originally known as the SANS Critical Security Controls. They are the combined knowledge of a variety of industry experts from every market into what is effectively […]

Read the entire post here

00551_08042021_AdminsNightmare

Blue Team, How-To, Informational, InfoSec 101

Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit

Steve Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address.   In June, @Harmj0y and @tifkin_ released some excellent research and a whitepaper discussing some potential attack paths with Active Directory Certificate Services (“AD CS”) (https://posts.specterops.io/certified-pre-owned-d95910965cd2). This was followed by a modified version of impacket (https://github.com/SecureAuthCorp/impacket/pull/1101) which provides […]

Read the entire post here

00550_072822021_WhatToKnowAboutMicrosoftsRegistryHiveFlaw

General InfoSec Tips & Tricks, Informational, InfoSec 101

What To Know About Microsoft’s Registry Hive Flaw: #SeriousSAM

#hivenightmare / #lolwut Jeff McJunkin* // What is it? tl;dr — Unpatched privilege escalation in Windows 10 in nearly all supported builds. The vulnerability (CVE-2021–36934) allows an attacker with limited user code execution on Windows 10 (or 11) to gain administrative privileges locally, allowing any of the following follow-on attacks: Stealing credential material for any […]

Read the entire post here

c1

How-To, Informational, InfoSec 101, Phishing, Red Team

How to Phish for User Passwords with PowerShell

tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication protocols in Windows environments. Adversaries will abuse functionalities built into Windows and PowerShell to invoke credential popups to acquire user passwords.  As defined by the MITRE […]

Read the entire post here

00546_07232021_WebcastNoSpanPort

General InfoSec Tips & Tricks, InfoSec 101, Webcasts

Webcast: No SPAN Port? No Tap? No Problem!

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools. Sure, one could buy another router that has those features. But it is far easier to not […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00544_07132021_WebcastHowToBuildPhishingEngagement

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Phishing, Webcasts

Webcast: How to Build a Phishing Engagement – Coding TTP’s

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00542_07082021_PushingYourWayIn-1

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team, Red Team Tools

Pushing Your Way In

David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon DBIR under top threat action varieties.  Use of stolen credentials sits right behind phishing as the second most utilized threat action in disclosed breaches. Malware variants […]

Read the entire post here

«‹ 2 3 4 5 ›»

Follow Us

Looking For Something?

Browse by category

Recent Posts

  • thumbnail_BLOG_chalkboard_00592Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel 
    Jordan Drysdale // Summary! There are tons of security
  • How to Use Backdoors & Breaches to do Tabletop Exercises and Learn Cybersecurity
    Have you heard of Backdoors & Breaches, or even
  • Talkin’ About Infosec News – 4/25/2022
    ORIGINALLY AIRED ON APRIL 18, 2022 Articles discussed

Browse by topic

Active Directory ADHD anti-virus Attack Tactics AV Blue Team bypassing AV C2 command and control encryption hacking hardware hacking Hashcat infosec john strand Jordan Drysdale Kent Ickler Linux LLMNR MailSniper Microsoft Nessus Password cracking password policy passwords password spraying pen-testing penetration testing pentest Pentesting phishing podcast Podcasts PowerShell Python Raymond Felch Red Team red teaming RITA social engineering Sysmon tools webcast webcasts Windows

Archives

Back to top
Black Hills Information Security

115 W. Hudson St. Spearfish, SD 57783 | 701-484-BHIS
© 2008

Links
Search the site