Blue Team

Author, Blue Team, Blue Team Tools, Derek Banks CredDefense, CredDefense Toolkid, End Point Log Consolidation, HoneyToken, kerberoasting, Pentesting, tool, WEF, Windows, Windows Event Forwarder

End-Point Log Consolidation with Windows Event Forwarder

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping […]

Read the entire post here

Author, Beau Bullock, Blue Team, Blue Team Tools, Brian Fehrman Cred Defense Tool Kit, CredDefense, CredDefense Toolkit, event log consolidation, hardening accounts, kerberoasting, password auditing, password spraying, Pentesting, ResponderGuard

The CredDefense Toolkit

Derek Banks, Beau Bullock, & Brian Fehrman // Our clients often ask how they could have detected and prevented the post-exploitation activities we used in their environment to gain elevated […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts Active DAD, Active Defense Harbinger Distribution, Active Directory Active Defense, ADAD, ADHD, honey accounts

WEBCAST: Active Domain Active Defense (Active DAD) Primer with John Strand

This is the in-studio version of our live in DC event from July. In this webcast, John covers how to set up Active Directory Active Defense (ADAD) using tools in […]

Read the entire post here

Blue Team, Hunt Teaming Bro IDS, dnscat2, How to, meterpreter, PowerShell Empire, RITA

Let’s Go Hunting! How to Hunt Command & Control Channels Using Bro IDS and RITA

Logan Lembke// Here at BHIS, we ♥ Bro IDS. Imagine… Bro IDS Everywhere! If you haven’t encountered Bro IDS before, checkout this webcast on John’s Youtube channel discussing the need for Bro […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler Defending, Defending Websites, Distributed Fail2Ban, Fail2Ban, IPtables, Kent Ickler, Pirates, Website Defense

How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence

Kent Ickler // How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence Fail2Ban is a system that monitors logs and triggers actions based on those logs. While actions can be […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler bro, Bro 2.51, Bro Install, ESXi, ESXi 6.5, Kent Ickler, Network monitoring, network traffic, Ubuntu, Ubuntu 16.04.2

How to Monitor Network Traffic with Virtualized Bro 2.51 on Ubuntu 16.04.2 on ESXi 6.5

Kent Ickler //  You’ve heard us before talk about Bro, an IDS for network monitoring and analysis.  We’ve had several installs of Bro over time here at BHIS.  It’s about […]

Read the entire post here

Author, Blue Team, Blue Team Tools, John Strand, Webcasts

WEBCAST: Your Active Directory Active Defense (ADAD) Primer

John Strand // In this webcast John covers how to set up Active Directory Active Defense (ADAD) using tools in Active Defense Harbinger Distribution (ADHD) and talks about potential active […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here