Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser […]

The post Fixing Content-Security-Policies with Cloudflare Workers appeared first on Black Hills Information Security, Inc..

Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend […]

The post Podcast: Passwords: You Are the Weakest Link appeared first on Black Hills Information Security, Inc..

Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend […]

The post Webcast: Passwords: You Are the Weakest Link appeared first on Black Hills Information Security, Inc..

Darin Roberts // “Why do you recommend a 15-character password policy when (name your favorite policy here) recommends only 8-character minimum passwords?” I have had this question posed to me […]

The post Passwords: Our First Line of Defense appeared first on Black Hills Information Security, Inc..

Click on the timecodes to jump to that part of the video (on YouTube) Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_ImplementingSysmonAppLocker.pdf 5:03 Introduction, problem statement, and executive problem […]

The post Webcast: Implementing Sysmon and Applocker appeared first on Black Hills Information Security, Inc..

Kent Ickler & Jordan Drysdale // Preface We had a sysadmin and security professional “AA” meeting on November 8, 2018. We met and discussed things that seem to be painfully […]

The post WEBCAST: Blue Team-Apalooza appeared first on Black Hills Information Security, Inc..

CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. […]

The post PODCAST: Security Policy: Fact Fiction or Implement the Marquis de Management appeared first on Black Hills Information Security, Inc..

David Fletcher// The weak password policy finding is typically an indicator of one of two conditions during a test: A password could be easily guessed using standard authentication mechanisms. A […]

The post Finding: Weak Password Policy appeared first on Black Hills Information Security, Inc..

Kelsey Bellew // Dear Big All-Powerful Company, Your idea of a ‘strong password’ is flawed. When I first saw the following message, I laughed. I said out loud, “No, you […]

The post An Open Letter about Big All-Powerful Company’s Password Policy appeared first on Black Hills Information Security, Inc..

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

The post How To Fix a Missing Referrer-Policy on a Website appeared first on Black Hills Information Security, Inc..

Kent Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your […]

The post How To Fix a Missing Content-Security-Policy on a Website appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

The post WEBCAST: Wrangling Internal Network Vulnerabilities appeared first on Black Hills Information Security, Inc..

Sally Vandeven // Back in November Beau Bullock wrote a blog post describing how his awesome PowerShell tool MailSniper can sometimes bypass OWA portals to get mail via EWS if […]

The post How to Bypass Two-Factor Authentication – One Step at a Time appeared first on Black Hills Information Security, Inc..