Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain. https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been diligently following along – three webcasts now, a four-hour intro training session on a Saturday, our students who have attended the virtual courses – it […]
Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors and Forwarding (Handlers) + WinLogBeat + Elastic = The baseline configuration for producing endpoint optics that matter (for almost free). PART 1 – Building Your […]
Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on pentests to identify flaws in Active Directory and general network design and implementation. You’ve probably heard of most of them, like BloodHound, ADExplorer, mimikatz…, wait, […]
Podcast: Play in new window | Download
Do you know what your attackers know? There’s a good chance you know, but you might not be aware of just how much information can be found historically and in real-time about your business operations and organization. Join Jordan Drysdale and Kent Ickler as they discuss and demonstrate Purple Team Enterprise Reconnaissance methods that increase […]
Podcast: Play in new window | Download
TL;DR SILENTTRINITY (ST) made the news a few times in July 2019, and I wanted to see what all the fuss was about. This article has enough information to get ST installed, the teamserver operational, and a client connected to the teamserver. Once all that is out of the way, we’ll go for the goods. […]
BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated followers seem to be much more interested in catching malware than learning how to be (please forgive this next statement) “l33t hax0rs.” Slides for this […]
Podcast: Play in new window | Download
On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_GroupPoliciesThatKillKillChains.pdf 0:45 Introducing what a kill chain is and general background you need for this webcast 15:53 Getting into group policies, best […]
Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_OpenSourceExploitsinCloudsBigDataServices.pdf 4:18 Problem statement and exploitation timeline8:28 MapReduce and Hadoop overview, overview of open-source software based on Hadoop architecture and their vulnerabilities14:15 Live demonstration of standing up a stack in EMR, terminology, auto-scaling risks, […]
Jordan Drysdale // tl;dr BHIS made some interesting discoveries while working with a customer to audit their Amazon Web Services (AWS) infrastructure. At the time of the discovery, we found two paths to ingress the customer’s virtual private cloud (VPC) through the elastic map reduce (EMR) application stacks. One of the vulns that gained us […]
