He walked into the lobby with a fake badge clipped to his shirt. He had bought it online the week before. It was not perfect, and it did not need to be. From a few feet away, it looked close enough: a logo, a name, a photo, and a lanyard. The kind of thing most people glance at for half a second before their brain decides, “Looks fine.”

The post The Art of the Badge: A Hard Truth About Physical Security appeared first on Black Hills Information Security, Inc..

This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.

The post Cloud Security: Tips and Resources for Securing the Cloud appeared first on Black Hills Information Security, Inc..

Engaging with the C-suite is not just about addressing security concerns or defending budget requests. It's about establishing and maintaining an ongoing discussion that aims to align security objectives with the interests of the business.  

The post Communicating Security to the C-Suite: A Strategic Approach  appeared first on Black Hills Information Security, Inc..

GoPhish provides a nice platform for creating and running phishing campaigns. This blog will guide you through installing GoPhish and creating a campaign. 

The post Gone Phishing: Installing GoPhish and Creating a Campaign appeared first on Black Hills Information Security, Inc..

In this video, Troy Wojewoda discusses the intricacies of Zeek log analysis, focusing on how this network security monitoring system can be used to understand traffic and analyze logs effectively.

The post Introduction to Zeek Log Analysis appeared first on Black Hills Information Security, Inc..

| Ethan Robish It’s been nearly a year since Lastpass was breached and users’ encrypted vaults were stolen.  I had already migrated to a different password manager for all my […]

The post Rotating Your Passwords After a Password Manager Breach appeared first on Black Hills Information Security, Inc..

Every Android application has a “manifest.xml” file located in the root directory of the APK. (Remember APKs are just zip files.) The manifest file is like a guide to the application.

The post Field Guide to the Android Manifest File appeared first on Black Hills Information Security, Inc..

Corey Ham // Tl;dr   Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items.   Personal security: Do not save anything sensitive in […]

The post Your Browser is Not a Safe Space appeared first on Black Hills Information Security, Inc..

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]

The post The DNS over HTTPS (DoH) Mess appeared first on Black Hills Information Security, Inc..

Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser […]

The post Fixing Content-Security-Policies with Cloudflare Workers appeared first on Black Hills Information Security, Inc..

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..

Carrie Roberts //* I have needed to remind myself how to set up RDP access through an SSH connection so many times that I’ve decided to document it here for […]

The post The RDP Through SSH Encyclopedia appeared first on Black Hills Information Security, Inc..

Jordan Drysdale// tl;dr Inventory management and personnel management are critical to making this work. Often, the difference between your company becoming a statistic and catching someone with a foothold in […]

The post Small and Medium Business Security Strategies: Part 5 appeared first on Black Hills Information Security, Inc..

Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to […]

The post PODCAST: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..

John Strand // Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of […]

The post Webcast: Sacred Cash Cow Tipping 2019 appeared first on Black Hills Information Security, Inc..

Staff// If you missed part one, you can get caught up here: www.blackhillsinfosec.com/a-career-in-information-security-faq-part-1/ Let’s jump straight back in to the Q & A! 4)What are some of the college courses that […]

The post A Career in Information Security: FAQ (Part 2) appeared first on Black Hills Information Security, Inc..

John Strand shares some of his own journey into information security and also his ideas and tips for those wanting to get into the industry from the start, or those […]

The post PODCAST: John Strand’s 5 Year Plan into InfoSec Part 2 appeared first on Black Hills Information Security, Inc..

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

The post Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up appeared first on Black Hills Information Security, Inc..

Beau Bullock & Mike Felch// Ways to Learn More, Network, and Wake Up Your Inner Hacker Whether you are brand new to InfoSec or a skilled veteran there are ways […]

The post WEBCAST: Highly Caffeinated InfoSec appeared first on Black Hills Information Security, Inc..

David Fletcher// The following blog post is meant to expand upon the findings commonly identified in BHIS reports.  The “Server Supports Weak Transport Layer Security (SSL/TLS)” is almost universal across […]

The post Finding: Server Supports Weak Transport Layer Security (SSL/TLS) appeared first on Black Hills Information Security, Inc..