Jordan Drysdale// tl;dr Both Cisco and Nessus have escalated the Smart Install Client Service feature/vulnerability. Nessus is now reporting the Smart Install RCE as critical. High five!!! Cisco has also […]
Jordan Drysdale // tl;dr Cisco Smart Install is awesome (on by default)…for hackers… not sysadmins. So, you Nessus too? Criticals and highs are all that matter! Right??? Until this beauty […]
Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He […]
Podcast: Play in new window | Download
Subscribe: RSS
Join John Strand as he continues his Attack Tactic series this time with the defense ideas for the attacks mentioned in episode 3 (see more here) To see the entire […]
Podcast: Play in new window | Download
Subscribe: RSS
Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]
Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 […]
Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your […]
Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]
John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/
Podcast: Play in new window | Download
Subscribe: RSS
