Blue Team Archives - Black Hills Information Security

Blue Team, How-To, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jugular, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale// BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. The podcast version is available here. Also, the slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7214618/ Preface Active Directory out of the box defaults aren’t enough to keep your network […]

Read the entire post here

Blue Team, Finding, General InfoSec Tips & Tricks, How-To, Informational after the pen test, how to deal with you penetration test results, What to do after a penetration test, what to do after a pentest

What to Expect After a Pen Test

Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 Stage of the Penetration Test The TESTER The TESTED Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, […]

Read the entire post here

Blue Team, How-To Amazon Web Services, AWS, Best Practices, Blue Team, Scout2

Scout2 Usage: AWS Infrastructure Security Best Practices

Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your AWS console as a user with privilege enough to create an “auditor” account (best practice tip #1: once your admin accounts are online and MFA […]

Read the entire post here

Blue Team, How-To, Phishing Anti-Phising, Best Practices, Blue Team, DKIM, DMARC, Email, Filtering, Incident Response, IR, Marketing, phishing, reconnaissance, RFC 4408, Sender Policy Framework, Spam, SPF

Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework

Kent Ickler// TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal in your area. Use in the wild at your own risk. Discuss with your peeps before implementing. BHIS @Krelkci are not liable for your actions. Background: In our […]

Read the entire post here

Blue Team, Podcasts Attack Tactics, Blue Team, Defending Networks, Tools for the blue team, webcast

PODCAST: Attack Tactics Part 2

John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/

Podcast: Play in new window | Download

Read the entire post here

Blue Team, Webcasts Attack Tactics, Blue Team, blue teaming, webcast, webcasts

WEBCAST: Attack Tactics Part 2

John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step […]

Read the entire post here

Blue Team, How-To Active Directory, AD, AD Best Practices, Best Practices, Link Layer Multicast Name Resolution, LLMNR, network

How to Disable LLMNR & Why You Want To

Kent R. Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me and all the others say it many many times. LLMNR was (is) a protocol used that allowed name resolution without the requirement of a DNS server. It was (is) able to provide a […]

Read the entire post here

Blue Team, How-To, Phishing Best Practices, Blue Team, DKIM, DMARC, Email, Filtering, Marketing, phishing, Sender Policy Framework, Spam, SPF

How to Configure SPFv1: Explained for the Masses

Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, now: “ Email “forging” exists in the web today, thanks @ustayready. Sender Policy Framework (SPF) was created with origins back in 2005 (RFC 4408) with more […]

Read the entire post here

Blue Team, How-To, Informational, InfoSec 101 Critical Controls, Medium Business, Security Stratigies, Small Business, Vulnerability Management

Small and Medium Business Security Strategies Part 4: CSC 3 – Vulnerability Management

Jordan Drysdale// tl;dr Vulnerability management is a part of doing business and operating on the public internet these days. Include training as part of this Critical Control. Users should be aware that attacks will continue to evolve and clicking links isn’t the only way to get infected these days. Hire a managed services provider worth […]

Read the entire post here