Noah Heckman // Windows Vista didn’t have many fans in the Windows community (to put it lightly). It beaconed in a new user interface, file structure, and a bunch of […]

The post Why You Really Need to Stop Disabling UAC appeared first on Black Hills Information Security, Inc..

Sally Vandeven // We have all heard people talk about how much cooler Linux is than Windows, so much easier to use, etc. Well, they are not necessarily wrong… but we […]

The post Rainy Day Windows Command Research Results appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WindowsLogginSysmonELK.pdf 4:36 Problem Statement and Executive Problem Statement 9:00 […]

The post Webcast: Windows logging, Sysmon, and ELK appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf 5:03 Introduction, problem statement, and executive problem […]

The post Webcast: Implementing Sysmon and Applocker appeared first on Black Hills Information Security, Inc..

Brian Fehrman // Privilege escalation is a common goal for threat actors after they have compromised a system. Having elevated permissions can allow for tasks such as: extracting local password-hashes, […]

The post Digging Deeper into Vulnerable Windows Services appeared first on Black Hills Information Security, Inc..

Derek Banks // I want to expand on our previous blog post on consolidated endpoint event logging and use Windows Event Forwarding and live off the Microsoft land for shipping […]

The post End-Point Log Consolidation with Windows Event Forwarder appeared first on Black Hills Information Security, Inc..

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

The post How To: Empire’s Cross Platform Office Macro appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

The post WEBCAST: Wrangling Internal Network Vulnerabilities appeared first on Black Hills Information Security, Inc..

John Strand // In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the […]

The post WEBCAST: Windows Memory Forensics appeared first on Black Hills Information Security, Inc..

Editor’s Note: This is another awesome guest post from our friend, Robert Schwass. If you’d like to guest post contact us here. Robert Schwass // I had heard the rumors about […]

The post Time To Bash on Windows (Bourne Again Shell That Is) appeared first on Black Hills Information Security, Inc..