Blog - Page 3 of 57 - Black Hills Information Security

00559_09202021_WebcastGettingStartedBlockchain

Webcast: Getting Started in Blockchain Security and Smart Contract Auditing

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

Hardware Hacking, How-To, Informational, Wireless

Understanding Zigbee and Wireless Mesh Networking

Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology interconnects with the internet of things (IoT’s) and to determine just how secure this platform really is. I was already somewhat familiar with home automation […]

Read the entire post here

00549_08122021_CenterforInternetSecurity

General InfoSec Tips & Tricks, Informational, InfoSec 101

Center for Internet Security (CIS) v8 – Why You Should Care

Dale Hobbs // The Center for Internet Security (CIS) Controls are a recommended set of highly effective defensive actions for cyber defense that provide specific and actionable methods to prevent the most dangerous and pervasive cyber-attacks. They were initially developed by the SANS Institute and were originally known as the SANS Critical Security Controls. They are the combined knowledge of a variety of industry experts from every market into what is effectively […]

Read the entire post here

Blue Team, How-To, Informational, InfoSec 101

Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit

Steve Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address. In June, @Harmj0y and @tifkin_ released some excellent research and a whitepaper discussing some potential attack paths with Active Directory Certificate Services (“AD CS”) (https://posts.specterops.io/certified-pre-owned-d95910965cd2). This was followed by a modified version of impacket (https://github.com/SecureAuthCorp/impacket/pull/1101) which provides […]

Read the entire post here

00550_072822021_WhatToKnowAboutMicrosoftsRegistryHiveFlaw

General InfoSec Tips & Tricks, Informational, InfoSec 101

What To Know About Microsoft’s Registry Hive Flaw: #SeriousSAM

#hivenightmare / #lolwut Jeff McJunkin* // What is it? tl;dr — Unpatched privilege escalation in Windows 10 in nearly all supported builds. The vulnerability (CVE-2021–36934) allows an attacker with limited user code execution on Windows 10 (or 11) to gain administrative privileges locally, allowing any of the following follow-on attacks: Stealing credential material for any […]

Read the entire post here

How-To, Informational, InfoSec 101, Phishing, Red Team

How to Phish for User Passwords with PowerShell

tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication protocols in Windows environments. Adversaries will abuse functionalities built into Windows and PowerShell to invoke credential popups to acquire user passwords. As defined by the MITRE […]

Read the entire post here

General InfoSec Tips & Tricks, InfoSec 101, Webcasts

Webcast: No SPAN Port? No Tap? No Problem!

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools. Sure, one could buy another router that has those features. But it is far easier to not […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

00544_07132021_WebcastHowToBuildPhishingEngagement

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Phishing, Webcasts

Webcast: How to Build a Phishing Engagement – Coding TTP’s

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it […]

Podcast: Play in new window | Download

Subscribe: RSS

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Red Team, Red Team Tools

Pushing Your Way In

David Fletcher // Over the past several years, attackers have gained significant traction in targeted environments by using various forms of password guessing. This situation was reflected in the 2020 Verizon DBIR under top threat action varieties. Use of stolen credentials sits right behind phishing as the second most utilized threat action in disclosed breaches. Malware variants […]

Read the entire post here

«‹ 2 3 4 5 ›»