In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are […]
Podcast: Play in new window | Download
Subscribe: RSS
Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | […]
Podcast: Play in new window | Download
Subscribe: RSS
How to make sure your antivirus is working without any malware Michael Allen // Recently, a customer asked me if there was a way they could generate alerts from the new antivirus product they deployed without executing any actual malware on the system they were testing it on. The computer they wanted to test was an especially sensitive and business-critical system, so it was important that they perform […]
There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should […]
Podcast: Play in new window | Download
Subscribe: RSS
Ray Felch // Introduction Recently, I came across an interesting article on using software-defined radio (SDR) to create a Police, Fire, EMS, and Public Safety systems scanner. Viewing a few of these Trunk tracking scanners on Amazon, I quickly discovered that they are not cheap at all. You can spend several hundred dollars on a Trunked Radio tracking scanner; however, we […]
This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick […]
Podcast: Play in new window | Download
Subscribe: RSS
Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years. We all love our interception proxies, and I know a lot of us are huge fans of the great work that PortSwigger has done with Burp Suite over the years. Having said this, […]
Ray Felch // Disclaimer When using an FM transmitter, do not modify the intended operation of the module by amplifying the transmitted signal. Also, be sure that attaching an FM high gain antenna will NOT be transmitting outside the legal range for RF emissions. When transmitting any data, be sure you do not accidentally break any laws by illegally […]
David Fletcher // Service Message Block (SMB) shares can represent a significant risk to an organization. Companies often lack a realistic understanding of the exposure that SMB shares represent. Effective management typically requires a sound information management program focused on identifying where critical information resides, actively controlling access to that information, and routinely auditing permissions and access patterns. Often, when organizations are asked about discovery of sensitive data, administrators […]
