In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security
The post Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan appeared first on Black Hills Information Security, Inc..
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities [β¦]
The post One Active Directory Account Can Be Your Best Early Warning appeared first on Black Hills Information Security, Inc..
by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived [β¦]
The post The Top Ten List of Why You Got Hacked This Year (2023/2024)Β appeared first on Black Hills Information Security, Inc..
Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the answer: TrustedSec.Β So, credit where [β¦]
The post Enable Auditing of Changes to msDS-KeyCredentialLinkΒ appeared first on Black Hills Information Security, Inc..
tl;dr: Install Wifiphisher on Kali and run a basic attack.Β This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).Β Β Two [β¦]
The post How to Install and Perform Wi-Fi Attacks with WifiphisherΒ appeared first on Black Hills Information Security, Inc..
tl;drΒ Implement this ACL using whatever network gear, cloud ACL config, or uncomplicated firewall you use to protect your networks. Our IOT devices are on 10.99.99.0/24 for this example. Also, [β¦]
The post The Simplest and Last Internet-Only ACL Youβll Ever NeedΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft [β¦]
The post Parsing Sysmon Logs on Microsoft Sentinel appeared first on Black Hills Information Security, Inc..
Jordan DrysdaleΒ // Overview The following description of some of Impacketβs tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. [β¦]
The post Impacket Defense Basics With an Azure LabΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Overview The following description of some of Impacketβs tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the [β¦]
The post Impacket Offense Basics With an Azure Lab appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs [β¦]
The post Geopolitical Cyber-Detection Lures for Attribution with Microsoft SentinelΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its [β¦]
The post The Azure Sandbox β Purple EditionΒ appeared first on Black Hills Information Security, Inc..
Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: βGroup Policies That Kill Kill Chainsβ and βActive Directory Best Practices [β¦]
The post Webcast: The Quest for the Kill Chain Killer Continues appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // UPDATES! October 30, 2023Thereβs been an additional update for Sysmon! Event ID 29! Another Event ID (EID) was added to the Sysmon service. This event ID followed [β¦]
The post A Sysmon Event ID Breakdown β Updated to Include 29!! appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr SILENTTRINITY (ST) is one of our favorite C2 tools at BHIS. Itβs multiplayer, modern, and multiserver. The code has been revised significantly of late, especially the [β¦]
The post Joyriding with SILENTTRINITY β UPDATES appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // tl;dr Sentinel is easy! Especially when using Azure Sentinel To-Go. So, letβs do some threat research by deploying Sentinel To-Go and executing a Cobalt Strike beacon. Link: [β¦]
The post Azure Sentinel Quick-Deploy with Cyb3rWard0gβs Sentinel To-Go β Letβs Catch Cobalt Strike! appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // TL;DR The problem with a pentesterβs perspective on defense, hunting, and security: Lab demographics versus scale.Β If it costs $15 bucks per month per server for me [β¦]
The post Azure Security Basics: Log Analytics, Security Center, and Sentinel appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // tl;dr Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain.Β https://github.com/DefensiveOrigins/APT-Lab-Terraform For those of you who have been [β¦]
The post How To: Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!) appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizationsβ information security human capital (Thatβs all you folks!). Organization Leadership and Security Practitioners can [β¦]
The post Webcast: Atomic Purple Team Framework and Life Cycle appeared first on Black Hills Information Security, Inc..
Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors [β¦]
The post How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots appeared first on Black Hills Information Security, Inc..
Login