Search Results for: password

CJ Cox, GRC, Wrap-Up Compliance, Governance, Kelli Tarala, Risk

GRC for Security Managers: From Checklists to Influence

This webcast was originally aired on January 16, 2025. In this video, Kelli K. Tarala and CJ Cox discuss the challenges and strategies for improving governance, risk, and compliance (GRC) […]

Read the entire post here

Informational, Jordan Drysdale, Kent Ickler, Red Team Active Directory, AD, penetration testing, Pentesting, Shadow Credentials

Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, InfoSec 201, Jordan Drysdale

One Active Directory Account Can Be Your Best Early Warning

Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities […]

Read the entire post here

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing 

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely.  This blog post details a true story of […]

Read the entire post here

Dave Blandford, Web App, Webcast Wrap-Up Burp, Burp extensions, Burp Suite, extensions, Web Application Testing

Creating Burp Extensions: A Beginner’s Guide

In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

Read the entire post here

Brian Fehrman, How-To AI, Artificial Intelligence, LLMs, Machine Learning, PyRIT

Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs) 

Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]

Read the entire post here

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024) 

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here

Craig Vincent, Informational, Web App Access Control Vulnerability, Access Controls, Autorize, IDOR

Finding Access Control Vulnerabilities with Autorize

In the most recent revision of the OWASP Top 10, Broken Access Controls leapt from fifth to first.1 OWASP describes an access control as something that “enforces policy such that […]

Read the entire post here

Hayden Covington, SOC Alerting, automation, detection engineering, detections, Security Operations Center

The Detection Engineering Process

This webcast was originally published on November 8, 2024. In this video, Hayden Covington discusses the detection engineering process and how to apply the scientific method to improve the quality […]

Read the entire post here