Author, InfoSec 101, John Strand, Webcasts general infosec, new to infosec, starting infosec, webcast

WEBCAST: Your 5 Year Plan into InfoSec

John Strand // New to InfoSec? Mentoring someone new to the industry? Here’s John’s advice if he had to do it all over again. Sierra is on replying to your […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler Defending, Defending Websites, Distributed Fail2Ban, Fail2Ban, IPtables, Kent Ickler, Pirates, Website Defense

How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence

Kent Ickler // How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence Fail2Ban is a system that monitors logs and triggers actions based on those logs. While actions can be […]

Read the entire post here

Author, David Fletcher, Phishing, Red Team Empire, Macro, macro malware, OSX, PowerShell, Windows

How To: Empire’s Cross Platform Office Macro

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler bro, Bro 2.51, Bro Install, ESXi, ESXi 6.5, Kent Ickler, Network monitoring, network traffic, Ubuntu, Ubuntu 16.04.2

How to Monitor Network Traffic with Virtualized Bro 2.51 on Ubuntu 16.04.2 on ESXi 6.5

Kent Ickler //  You’ve heard us before talk about Bro, an IDS for network monitoring and analysis.  We’ve had several installs of Bro over time here at BHIS.  It’s about […]

Read the entire post here

Red Team, Red Team Tools Amazon, cloud, Cloud Cracking, GPU Acceleration, Kali 2017, Kali GPU, Kali Linux, Password cracking

How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)

Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts

WEBCAST: Your Active Directory Active Defense (ADAD) Primer

John Strand // In this webcast John covers how to set up Active Directory Active Defense (ADAD) using tools in Active Defense Harbinger Distribution (ADHD) and talks about potential active […]

Read the entire post here

InfoSec 101 Career in Infosec, Dreams, How to get into infosec

How to Get into Information Security

Dear BHIS, So I’m a big fan of you guys! I took John’s SANS504 OnDemand class and I saw the light. Now what? I want to get into security, (maybe […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, How-To, Kent Ickler How to fix a referrer policy, Kent Ickler, Referrer Policy, Scott Helme, Security Headers

How To Fix a Missing Referrer-Policy on a Website

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

Read the entire post here