Informational

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand Infosec for Beginners, PROMPT#, SOC Issue

John Strand’s 5 Phase Plan For Starting in Computer Security

This article was originally published in the SOC Issue of our PROMPT# zine, which you can read for free HERE. The information was adapted from the 2018 webcast “John Strand’s […]

Read the entire post here

Hunt Teaming, Informational, InfoSec 101 Beginner, On the Hunt, PROMPT#, Q&A, threat hunting

Questions From a Beginner Threat Hunter

Answered by Chris Brenton of Active Countermeasures | Questions compiled from the infosec community by Shelby Perry This article was originally published in the Threat Hunting issue of our infosec […]

Read the entire post here

How-To, Informational, InfoSec 301, Joff Thyer AI, AI Model Training, LLM

AI Large Language Models and Supervised Fine Tuning

This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]

Read the entire post here

Informational, Jordan Drysdale, Kent Ickler, Red Team Active Directory, AD, penetration testing, Pentesting, Shadow Credentials

Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, InfoSec 201, Jordan Drysdale

One Active Directory Account Can Be Your Best Early Warning

Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities […]

Read the entire post here

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]

Read the entire post here

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024)

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here

Brian Ireland, Informational, InfoSec 201 B&B, Backdoors & Breaches, ICS/SCADA, Industrial Control Systems, Initial Compromise

ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches

This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.

Read the entire post here

Craig Vincent, Informational, Web App Access Control Vulnerability, Access Controls, Autorize, IDOR

Finding Access Control Vulnerabilities with Autorize

In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]

Read the entire post here

«‹ 6 7 8 9 ›»