Introduction to Zeek Log Analysis
In this video, Troy Wojewoda discusses the intricacies of Zeek log analysis, focusing on how this network security monitoring system can be used to understand traffic and analyze logs effectively.
Indecent Exposure: Your Secrets are ShowingĀ
by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]
Creating Burp Extensions: A Beginner’s Guide
In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.
Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs)Ā
Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]
The Top Ten List of Why You Got Hacked This Year (2023/2024)Ā
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]
ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches
This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.
Intro to Data Analytics Using SQL
In this video, Ethan Robish discusses the fundamentals and intricacies of data analytics using SQL.
Finding Access Control Vulnerabilities with Autorize
In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]
The Detection Engineering Process
This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]