PODCAST

Author Archives - Black Hills Information Security, Inc.

news tech news

All Episodes

DLL Hijacking – A New Spin on Proxying your Shellcode

Author Archives - Black Hills Information Security, Inc. ·

2024/10/14

This webcast was originally published on October 4, 2024. In this video, experts delve into the intricacies of DLL hijacking and new techniques for malicious code proxying, featuring a comprehensive […] The post DLL Hijacking – A New Spin on Proxying your Shellcode appeared first on Black Hills Information Security.

en-US

Blue Team, Red Team, and Purple Team: An Overview

Author Archives - Black Hills Information Security, Inc. ·

2024/10/10

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […] The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security.

en-US

Reconnaissance: Azure Cloud w/ Kevin Klingbile

Author Archives - Black Hills Information Security, Inc. ·

2024/10/07

This webcast was originally published on September 26, 2024. In this video, Kevin Klingbile from Black Hills Information Security discusses the intricacies of Azure Cloud services and M365, focusing on […] The post Reconnaissance: Azure Cloud w/ Kevin Klingbile appeared first on Black Hills Information Security.

en-US

Ghost in the Wireless: An introduction to Airspace...

Author Archives - Black Hills Information Security, Inc. ·

2024/08/15

This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […] The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet appeared first on Black Hills Information Security.

en-US

Augmenting Security Testing and Analysis Activities...

Author Archives - Black Hills Information Security, Inc. ·

2024/06/13

Use of Microsoft 365 products in security testing is not a new concept. For a long time, I’ve incorporated various activities using Office products into my testing regimen. In the […]The post Augmenting Security Testing and Analysis Activities with Microsoft 365 Products appeared first on Black Hills Information Security.

en-US

At Home Detection Engineering Lab for Beginners

Author Archives - Black Hills Information Security, Inc. ·

2024/05/02

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security.

en-US

OSINT for Incident Response (Part 2)

Author Archives - Black Hills Information Security, Inc. ·

2024/03/07

Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]The post OSINT for Incident Response (Part 2) appeared first on Black Hills Information Security.

en-US

Initial Access Operations Part 1: The Windows...

Author Archives - Black Hills Information Security, Inc. ·

2024/02/22

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]The post Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape appeared first on Black Hills Information Security.

en-US

Hacking with Hydra

Author Archives - Black Hills Information Security, Inc. ·

2024/02/15

What is Hydra? Hydra is a tool that can be used for password spraying. Let’s begin by defining the term “password spray.” A password spray is where an attacker defines […] The post Hacking with Hydra appeared first on Black Hills Information Security.

en-US

Revisiting Insecure Direct Object Reference (IDOR)

Author Archives - Black Hills Information Security, Inc. ·

2024/02/08

The new year has begun, and as a penetration tester at Black Hills Information Security, one thing really struck me as I reflected on 2023: a concerningly large number of […] The post Revisiting Insecure Direct Object Reference (IDOR) appeared first on Black Hills Information Security.

en-US

Bypass NTLM Message Integrity Check – Drop the MIC

Author Archives - Black Hills Information Security, Inc. ·

2024/02/01

In An SMB Relay Race – How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and […] The post Bypass NTLM Message Integrity Check – Drop the MIC appeared first on Black Hills Information Security.

en-US

Testing TLS and Certificates

Author Archives - Black Hills Information Security, Inc. ·

2024/01/25

Pentest reports sometimes include bad information under a heading like, “Weak TLS Configuration” or “Insecure SSL Certificates.” This article will explain how TLS is supposed to work, common ways it […] The post Testing TLS and Certificates appeared first on Black Hills Information Security.

en-US

Hunting for SSRF Bugs in PDF Generators

Author Archives - Black Hills Information Security, Inc. ·

2024/01/11

If you’ve been on a website and noticed one of the following features, there’s a good chance you’ve stumbled upon a hot spot for server-side request forgery (SSRF) bugs: Before […] The post Hunting for SSRF Bugs in PDF Generators appeared first on Black Hills Information Security.

en-US

Better Together: Real Time Threat Detection for...

Author Archives - Black Hills Information Security, Inc. ·

2024/01/04

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […] The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security.

en-US

Spamming Microsoft 365 Like It’s 1995

Author Archives - Black Hills Information Security, Inc. ·

2023/12/14

Introduction I previously blogged about spoofing Microsoft 365 using the direct send feature enabled by default when creating a business 365 Exchange Online instance (https://www.blackhillsinfosec.com/spoofing-microsoft-365-like-its-1995/). Using the direct send feature, […] The post Spamming Microsoft 365 Like It’s 1995 appeared first on Black Hills Information Security.

en-US

OSINT for Incident Response (Part 1)

Author Archives - Black Hills Information Security, Inc. ·

2023/12/07

Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […] The post OSINT for Incident Response (Part 1) appeared first on Black Hills Information Security.

en-US

The Simplest and Last Internet-Only ACL You’ll Ever Need

Author Archives - Black Hills Information Security, Inc. ·

2023/11/30

tl;dr Implement this ACL using whatever network gear, cloud ACL config, or uncomplicated firewall you use to protect your networks. Our IOT devices are on 10.99.99.0/24 for this example. Also, […] The post The Simplest and Last Internet-Only ACL You’ll Ever Need appeared first on Black Hills Information Security.

en-US

Unpacking the Packet: Demystifying the Internet Protocol

Author Archives - Black Hills Information Security, Inc. ·

2023/11/16

The internet is a product of a global group effort to build an interoperable network connecting billions of devices, regardless of country, region, or manufacturer. That effort yielded hundreds of […] The post Unpacking the Packet: Demystifying the Internet Protocol appeared first on Black Hills Information Security.

en-US

Abusing Active Directory Certificate Services (Part 3)

Author Archives - Black Hills Information Security, Inc. ·

2023/11/09

| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation […] The post Abusing Active Directory Certificate Services (Part 3) appeared first on Black Hills Information Security.

en-US

Rotating Your Passwords After a Password Manager Breach

Author Archives - Black Hills Information Security, Inc. ·

2023/11/02

| Ethan Robish It’s been nearly a year since Lastpass was breached and users’ encrypted vaults were stolen. I had already migrated to a different password manager for all my […] The post Rotating Your Passwords After a Password Manager Breach appeared first on Black Hills Information Security.

en-US

473 results

Author Archives - Black Hills Information Security, Inc.

All Episodes

Similar Podcasts

Expres Ráno

Expres FM

PBS News Hour - Full Show

PBS News

CD Voice

China Daily

Israel Today: Ongoing War Report

Noa Levi

Jeffrey Epstein: The Coverup Chronicles

Bobby Capucci