Webcast: Sacred Cash Cow Tipping 2021





It is another year for the Sacred Cash Cow Tipping Webcast. For those of you who are new to our email list within the past year, this is a webcast where we cover the various tools and techniques that Black Hills Information Security (BHIS) uses to bypass endpoint security protections. The point of this webcast is not so much to teach people how to bypass these products, but rather to show that they can be bypassed. Hopefully, this leads to some conversations about defense-in-depth and how many vendors exaggerate their capabilities.

We also discuss how simply writing signatures for specific strains of malware is a waste of time. Well, I mean, it has its place. But it is not something that should be the primary cornerstone of your security support structure. 

There is a lot to unpack in this webcast, one of the main things to unpack is why we are still doing it. We are still doing this because it is still necessary. We still have vendors and CISOs perpetuating the myth that a security product can protect you from all attacks. This is an oversimplification, and it needs to be exterminated like a termite or a cockroach. 

In past years we have had vendors threaten to sue… and some cooler vendors send us beer.  

Hopefully, this year ends in beer.

Join the BHIS Community Discord: https://discord.gg/bhis

0:00:00​ – PreShow Banter™ — We Love You 3000

0:02:56​ – PreShow Banter™ — SolarWinds Forever

0:07:26​ – PreShow Banter™ — Watching Bitcoins Being Mined

0:08:53​ – PreShow Banter™ — TeacherCoin™

0:11:12​ – PreShow Banter™ — Babies’ Toys For Your Hands

0:15:45​ – FEATURE PRESENTATION: Sacred Cash Cow Tipping 2021

0:21:28​ – Ralph May: Due Diligence

0:25:42​ – Ralph May: ScareCrow

0:32:56​ – Ralph May: RDP

0:35:51​ – Marcello: Sentinel One

0:44:52​ – Jordan Drysdale: Windows Subsystem for Linux

0:53:31​ – Rob (mubix) Fuller: Initial Access

1:05:15​ – Rob (mubix) Fuller: Post Exploitation

1:10:59​ – Joff Thyer: Strip PowerShell Script Comments

1:17:50​ – Joff Thyer: Build a .NET Assembly to Execute Shellcode

1:20:58​ – Joff Thyer: Load/Run DLL/Assembly in PowerShell

1:23:28​ – PostShow Banter™

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/03/SLIDES_SacredCashCowTipping2021.pdf


Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment.

https://www.blackhillsinfosec.com/services/cyber-range/