How-To Archives - Black Hills Information Security

Blue Team, How-To, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jugular, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale// BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. The podcast version is available here. Also, the slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7214618/ Preface Active Directory out of the box defaults aren’t enough to keep your network […]

Read the entire post here

How-To Socket.io, WebSockets

How to Hack WebSockets and Socket.io

Ethan Robish // WebSockets Overview WebSockets is a technology to allow browsers and servers to establish a single TCP connection and then asynchronously communicate in either direction. This is great for web apps as it allows real time updates without the browser needing to send hundreds of new HTTP polling requests in the background. It’s […]

Read the entire post here

Blue Team, Finding, General InfoSec Tips & Tricks, How-To, Informational after the pen test, how to deal with you penetration test results, What to do after a penetration test, what to do after a pentest

What to Expect After a Pen Test

Scott Worden* // So you and your company had a pen test…now what? What to do, how to plan, and good SQUIRREL! ways to stay on track. The 3 Stage of the Penetration Test The TESTER The TESTED Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, […]

Read the entire post here

Blue Team, How-To Amazon Web Services, AWS, Best Practices, Blue Team, Scout2

Scout2 Usage: AWS Infrastructure Security Best Practices

Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your AWS console as a user with privilege enough to create an “auditor” account (best practice tip #1: once your admin accounts are online and MFA […]

Read the entire post here

Blue Team, How-To, Phishing Anti-Phising, Best Practices, Blue Team, DKIM, DMARC, Email, Filtering, Incident Response, IR, Marketing, phishing, reconnaissance, RFC 4408, Sender Policy Framework, Spam, SPF

Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework

Kent Ickler// TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal in your area. Use in the wild at your own risk. Discuss with your peeps before implementing. BHIS @Krelkci are not liable for your actions. Background: In our […]

Read the entire post here

How-To, Password Cracking, Red Team Cracking, GPU, Hash, Hashcat, NVidia, password, Red Team, setup, Ubuntu

Running HashCat on Ubuntu 18.04 Server with 1080TI

Derrick Rauch and Kent Ickler// First, to see what our build looks like, look here: https://www.blackhillsinfosec.com/build-password-cracker-nvidia-gtx-1080ti-gtx-1070/ What’s next? Time for System Rebuild! First you need to decide whether you need encryption, LVM, RAID, multipath, network vlans, or network interface bonding during the installation; if you need to reuse existing partitions on your installation disks. The reason I […]

Read the entire post here

External/Internal, How-To, Informational, InfoSec 201, Password Cracking, Wireless Cheat Sheet, Cracking, dictionary, Hashcat, Hashing, Password cracking

Hashcat 4.10 Cheat Sheet v 1.2018.1

Kent R. Ickler// It seemed like we were always cross-referencing the Hashcat Wiki or help file when working with Hashcat. We needed things like specific flags, hash examples, or command syntax. We’ve generated a Hashcat Cheat Sheet for quick reference that may save you a bunch of time if you’re often reaching out to […]

Read the entire post here

Blue Team, How-To Active Directory, AD, AD Best Practices, Best Practices, Link Layer Multicast Name Resolution, LLMNR, network

How to Disable LLMNR & Why You Want To

Kent R. Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me and all the others say it many many times. LLMNR was (is) a protocol used that allowed name resolution without the requirement of a DNS server. It was (is) able to provide a […]

Read the entire post here

How-To, Red Team, Webcasts Attack Tacktics, Red Team, red teaming, webcast, webcasts

WEBCAST: Attack Tactics Part 1

John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack. […]

Read the entire post here