Over the past few months, we have discovered a couple trends that organizations seem to be missing. No silver bullets, just some general vulnerability issues we are seeing again and again. In this podcast, Jordan & Kent give a few pointers and some new tools to help the blue team stay on top of these […]
Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is important because vendors tend to over-hype their capabilities. He’ll cross reference some different malware specimens with the MITRE ATT&CK framework and cover how you can use these […]
John Strand shares some of his own journey into information security and also his ideas and tips for those wanting to get into the industry from the start, or those looking to change career paths mid stream. He’s joined by special guests Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT […]
Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He also talks through the challenges of detecting beacons, and some tricks you can use. Slides from the full webcast can be found here: www.activecountermeasures.com/threat-hunting-beacon-analysis-september-11-2018/
Dakota Nelson // Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm. See his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/ Extra links & notes: From guest blog post by Scott Worden: Having the penetration tester reach your crown jewels, get root, own you, pwn you, own3d, 0wn3d, pwned, […]
Join John Strand as he continues his Attack Tactic series this time with the defense ideas for the attacks mentioned in episode 3 (see more here) To see the entire webcast visit the Active Countermeasures YouTube channel Blogs mentioned in this episode: Mike Felch’s Stealing 2FA Tokens on Red Teams with CredSniper Carrie Roberts’ Gathering […]
// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real Sierra was on vacation. See the webcast and Kent’s show notes here.
CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. My Methodology The Rant Cross between Bob Cat Goldthwaite and Dennis Miller Policy is the foundation to the foundation Don’t we all just love Policy […]