John Strand// Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is important because vendors tend to over-hype their capabilities. He’ll cross reference some different malware specimens with the MITRE ATT&CK framework and cover how you can […]
John Strand talks about his own journey into information security and shares his suggestions for those wanting to get started from scratch or who are looking to change career tracks. Special Guests: Randy Marchany, CISO of Virginia Tech & Director of the VA Tech IT Security Lab, and Ed Capizzi, SANS instructor Show Notes […]
Kent Ickler & Jordan Drysdale// BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. The podcast version is available here. Also, the slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/7214618/ Preface Active Directory out of the box defaults aren’t enough to keep your network […]
Beau Bullock & Mike Felch// Ways to Learn More, Network, and Wake Up Your Inner Hacker Whether you are brand new to InfoSec or a skilled veteran there are ways to push the limits and learn more about this exciting profession. Knowledge doesn’t always come from a classroom but instead can come from networking with […]
John Strand// For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it’s becoming more and more common for new companies to have everything in the “cloud” and everything BYOD. This is also a great case-study on how to access […]
David Fletcher & Sally Vandeven// Join David “Fletch” and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and that they use on a daily basis to hack their customers. Slides are available here: https://blackhillsinformationsecurity.shootproof.com/gallery/6973715/
Matthew Toussain// Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn’t you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services… Email. A divine gift issued to hackers with […]
John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step […]
John Strand // John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack. […]
