Darin Roberts// If you have been in the security field for any length of time at all you have heard the term C2. You might have heard it also called C&C or Command and Control. I will refer to it as C2 as here at BHIS, that is what we do. Some of you might […]
Rick Wisser// Comparing Apples to Oranges (Bus Pirate vs Shikra) this a Hardware Hacking 101 webcast follow up blog post. I recently did a hardware hacking webcast on hacking a router with the Bus Pirate. The webcast can be found at https://www.blackhillsinfosec.com/webcast-hardware-hacking-101/. In the webcast I made a comment on how long it took to dump the firmware […]
Kent Ickler// TLDR: We use a custom dictionary to crack Microsoft Office document encryption. Then we use a custom dictionary for pwnage in LinkedIn hash database. Background: I recently got a couple of questions about a better way to crack encrypted Excel files. The question came from BHIS’s extended community who is using commercial password-recovery […]
Jordan Drysdale// tl;dr Vulnerability management is a part of doing business and operating on the public internet these days. Include training as part of this Critical Control. Users should be aware that attacks will continue to evolve and clicking links isn’t the only way to get infected these days. Hire a managed services provider worth […]
Rick Wisser// In this webcast Rick gives an introduction to hardware hacking. Including: tools utilized, reconnaissance of a device, brief overview of methods used along with a demo. So put on your ESD straps, grab your data sheets and join the party while he demonstrates dumping the contents of a SPI chip for a wireless […]
John Strand// Using threat intelligence feeds for good….instead of wasting time and money. John’s intense hatred for threat intelligence feeds is pretty well known. Trying to defend your network against specific attacks from specific actors is a waste of time and effort. But, maybe there is a way we can do this better! Could we […]
Beau Bullock// Overview This blog post is meant to serve as a basic introduction to the world of cryptocurrencies. With cryptocurrencies making their way into mainstream news outlets I am getting asked more and more about it. People that I had mentioned Bitcoin to back in 2013 are coming out of the woodwork to ask about […]
Lee Kagan* // Expanding upon the previous post in this series, I decided to rewrite C2K (find it here) to change its behavior and options for the user. In this post we will walk through the changes to C2K as well as re-deploy a demo C2 infrastructure with all the new features. It is worth […]
Jordan Drysdale// Blurb: A few of us have discussed the stress that small and medium business proprietors and operators feel these days. We want to help stress you out even more. Not really, but if you aren’t worrying about IT security, you are probably doing it wrong. This series will run through some of the […]
