InfoSec 101

00431_01232020_WhatYouShouldLearnPentestReport

Informational, InfoSec 101 dakota nelson, pentest reports, Pentesting

What You Should Actually Learn From a Pentest Report

Dakota Nelson // Unknown Unknowns: So you’ve been pentested. Congrats! It might not feel like it, but this will eventually leave you more confident about your security, not less. The […]

Read the entire post here

00424_12112019_PodcastPasswordsWeakestLink

Informational, InfoSec 101, Password Cracking, Password Spray, Podcasts Darin Roberts, Password cracking, password policy, passwords

Podcast: Passwords: You Are the Weakest Link

Why are companies still recommending an 8-character password minimum? Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand, Webcasts carbonblack, Cisco, Cylance Bypass, john strand, PowerShell, Sacred Cash Cow Tipping, webcasts, Windows Defender

Webcast: Sacred Cash Cow Tipping 2020

Want to learn how attackers bypass endpoint products? Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

00421_12042019_CollectingUserInfoLinkedIn

Author, Finding, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Justin Angel, Phishing, Recon, Red Team, Red Team Tools Justin Angel, LinkedIn, Parsuite, Peasant, SendGrid

Collecting and Crafting User Information from LinkedIn

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

Read the entire post here

00414_10292019_IntroSoftwareDefinedRadio

Author, Hardware Hacking, How-To, Informational, InfoSec 101, Ray Felch GNURadio, GSM/LTE, Hackrf, Raymond Felch, RTL-SDR, SDR, Software Defined Radio, Wireshark

Intro to Software Defined Radio and GSM/LTE

Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. […]

Read the entire post here

00408_10022019_DNSServerUsedForDDoSAttacks

Author, Blue Team, Informational, InfoSec 101, Melissa Bruno BIND, DDoS, DNS, DNS cache snooping, Mail Relay Servers, Melissa Bruno

Do You Know If Your DNS Server Can Be Used For DDoS Attacks?

Melissa Bruno // So you have an Internet-facing DNS server. Maybe you decided to set one up at home for fun, or your company has one that works with other […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand ADHD, applocker, john strand, whitelisting

Getting Started With AppLocker

John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand ADHD, john strand, Logging, Malware, Sysmon

Getting Started With Sysmon

John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just […]

Read the entire post here

General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101 Github, PyFunnels, Python3, TJ Nicholls, Tool Output

PyFunnels: Data Normalization for InfoSec Workflows

TJ Nicholls // *BHIS Guest Contributor TL;DR How many times have you had to parse the same output from a tool? Wouldn’t you like to get that time back? There […]

Read the entire post here

«‹ 29 30 31 32 ›»