Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He also talks through the challenges of detecting beacons, and some tricks you can use. Slides from the full webcast can be found here: www.activecountermeasures.com/threat-hunting-beacon-analysis-september-11-2018/
Podcast: Play in new window | Download
Join John Strand as he continues his Attack Tactic series this time with the defense ideas for the attacks mentioned in episode 3 (see more here) To see the entire webcast visit the Active Countermeasures YouTube channel Blogs mentioned in this episode: Mike Felch’s Stealing 2FA Tokens on Red Teams with CredSniper Carrie Roberts’ Gathering […]
Podcast: Play in new window | Download
Kent Ickler & Jordan Drysdale// BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. The podcast version is available here. Also, the slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7214618/ Preface Active Directory out of the box defaults aren’t enough to keep your network […]
Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 Stage of the Penetration Test The TESTER The TESTED Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, […]
Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your AWS console as a user with privilege enough to create an “auditor” account (best practice tip #1: once your admin accounts are online and MFA […]
Kent Ickler// TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal in your area. Use in the wild at your own risk. Discuss with your peeps before implementing. BHIS @Krelkci are not liable for your actions. Background: In our […]
John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/
Podcast: Play in new window | Download
John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step […]
Kent R. Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me and all the others say it many many times. LLMNR was (is) a protocol used that allowed name resolution without the requirement of a DNS server. It was (is) able to provide a […]
