Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional “AA” meeting on November 8, 2018. We met and discussed things that seem to be painfully slow to take hold in our organizations; patching, regular scanning, even just finding time to manage our inventory. Slides available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7945173/ Five Things (That Seriously […]
Jordan Drysdale// tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty came along, but wait….this isn’t Critical or High. Let’s just ignore it. What can we do with this thing? Download config Upload config Execute commands […]
Bronwen Aker* // For those of you not fortunate enough to attend, this year’s Wild West Hackin’ Fest (WWHF) was phenomenal, featuring speakers from diverse aspects of information security, workshops, labs, and a killer CTF, all taking place at the Deadwood Mountain Grand, a Holiday Inn Resort Hotel, Casino, Spa and Event Center. In spite […]
Jordan Drysdale// With Wild West Hackin’ Fest 2018 coming up (!!!), here’s a preview of some things you might see in the wireless labs. First, s0lst1c3’s eaphammer. @relkci and I met this dude at HackWest 2018 doing his thing. Full workshop, his time and effort free for the public. Brilliant kid, couldn’t have been nicer, […]
Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the days of thin clients. As the pendulum swings yet again, our thin client can be anything from a JavaScript browser framework to a mobile enabled […]
Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is important because vendors tend to over-hype their capabilities. He’ll cross reference some different malware specimens with the MITRE ATT&CK framework and cover how you can use these […]
Podcast: Play in new window | Download
John Strand// Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is important because vendors tend to over-hype their capabilities. He’ll cross reference some different malware specimens with the MITRE ATT&CK framework and cover how you can […]
Sally Vandeven// TL;DR – Passwords stored using reversible encryption, even if they are VERY LONG, can be trivially reversed by an attacker. Password cracking is quite enjoyable. It is very satisfying to launch Hashcat, throw a bunch of hashes at it and watch the progress over minutes, which turns into hours and then days. It does […]
Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that you took that had a lasting impact on your career? Courses in Human Capital Management had the most lasting impacting on my career. But, I […]
