How to Not Get Scammed on Discord
Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay […]
How-To
Webcast: How to Share Your Knowledge with Others
Have you ever seen a call for papers for a conference and thought to yourself that you’d like to submit a talk and then immediately thought, oh never mind? Have […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Hacking Unifi Controller Passwords for Fun and WIFI
Kent Ickler // Because, you know—that should be a thing. TL;DR: Don’t run the Unifi Controller on a laptop in the closet. BACKGROUND Ubiquiti’s Unifi controller is a network device, or software […]
Webcast: Shellcode Execution with GoLang
In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Webcast: Getting Started in Blockchain Security and Smart Contract Auditing
Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS
Understanding Zigbee and Wireless Mesh Networking
Ray Felch // Preface: Recently, I acquired a few home automation devices, so that I might research Zigbee and get a better understanding of how this very popular wireless technology […]
Admin’s Nightmare: Combining HiveNightmare/SeriousSAM and AD CS Attack Path’s for Profit
Stephan Borosh // The year of 2021 has presented some interesting challenges to securing Windows and Active Directory environments with new flaws that Microsoft has been slow to address. In June, @Harmj0y and @tifkin_ […]
How to Phish for User Passwords with PowerShell
tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication […]
Webcast: How to Build a Phishing Engagement – Coding TTP’s
Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS