Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on pentests to identify flaws in Active Directory and general network design and implementation. You’ve probably heard of most of them, like BloodHound, ADExplorer, mimikatz…, wait, […]
Podcast: Play in new window | Download
Job hunting? Looking for a career change? Still in college and want to know how to get started now in your career? If you answered yes to any of these questions, this might be the BHIS webcast for you. This webcast is an update to Jason’s popular recorded DerbyCon 2016 talk — How to Social […]
Podcast: Play in new window | Download
Last month’s Linux webcast with Hal was a rousing success! He actually broke the record for the most live attendees on a Black Hills webcast. So, of course, we asked him to come back. The crowd in the Command Line Dojo was so large that some of the questions got lost in the shuffle. Sensei […]
Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of the tools and scripts I used (created by various authors and security research professionals). In particular, I was interested in creating my own software/hardware implementation […]
Join the BHIS Discord discussion server: https://discord.gg/aHHh3u5 We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast on Kerberos & Attacks 101. Tim is the creator of Kerberoasting. Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? […]
Podcast: Play in new window | Download
Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs from an assumed compromise or pivot in that the tester walks into the network fully armed. requirements.txt Nmap: https://nmap.org/ Responder: https://github.com/lgandx/Responder Impacket: https://github.com/SecureAuthCorp/Impacket CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec […]
Joff Thyer // Introduction If there is anything that the start of 2020 has taught us, it is that Internetworking services are in higher demand than ever before. IPv4 is exhausted, and by that I mean there is none, it is tired, worn out, overused, abused, and beyond its end of life. Besides our heroic […]
I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. You don’t need a big ol’ lab before you can play with them. You can run them in a single tiny VM or even tiny-er Docker image on your laptop. […]
Podcast: Play in new window | Download
Hello and welcome. My name is John Strand and in this video, we’re going to be talking about some very basic Google searches. Now we’ve got to take a couple of steps back and talk about what Google actually does. Google goes through and it indexes all the different texts and images and things they […]
