A Practical Guide to BloodHound Data Collection
This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.
Blue Team
Cloud Security: Tips and Resources for Securing the Cloud
This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.
When the SOC Goes to Deadwood: A Night to Remember
Hear a tale about the time the BHIS SOC team conducted a 14-hour overnight incident response… from the Wild West Hackin’ Fest conference in Deadwood, South Dakota.
Deceptive-Auditing: An Active Directory Honeypots Tool
Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.
The Curious Case of the Comburglar
By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the client’s […]
Inside the BHIS SOC: A Conversation with Hayden Covington
What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them.
GoSpoof – Turning Attacks into Intel
Imagine this: You’re an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that there’s no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2)
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!
Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1)
In part 1 of this post, we’ll discuss how Hayabusa and “Security Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!