But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..
In part 1 of this post, we’ll discuss how Hayabusa and “Security Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 1) appeared first on Black Hills Information Security, Inc..
Remember the good ‘ol days of Zip drives, Winamp, the advent of “Office 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]
The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..
Answered by Chris Brenton of Active Countermeasures | Questions compiled from the infosec community by Shelby Perry This article was originally published in the Threat Hunting issue of our infosec […]
The post Questions From a Beginner Threat Hunter appeared first on Black Hills Information Security, Inc..
Hayden Covington // Phishing is an ever-present threat, but lately, user education and spam filters have helped mitigate some of that threat. But what happens when a phish makes it […]
The post Stop Phishing Yourself: How Auto-Forwarding and Exchange Contacts Can Stab You in the Back appeared first on Black Hills Information Security, Inc..
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […]
The post Ssh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor Into Your Network appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs […]
The post Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]
The post The Azure Sandbox – Purple Edition appeared first on Black Hills Information Security, Inc..
Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on […]
The post Webcast: A Blue Team’s Perspective on Red Team Hack Tools appeared first on Black Hills Information Security, Inc..
In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens. We cover how to […]
The post BHIS PODCAST: Tracking attackers. Why attribution matters and how to do it. appeared first on Black Hills Information Security, Inc..
Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He […]
The post PODCAST: Beacon Analysis appeared first on Black Hills Information Security, Inc..
John Strand// In this webcast, John walks through a couple of cool things we’ve found useful in some recent network hunt teams. He also shares some of our techniques and […]
The post WEBCAST: Tales from the Network Threat Hunting Trenches appeared first on Black Hills Information Security, Inc..
Logan Lembke// Here at BHIS, we ♥ Bro IDS. Imagine… Bro IDS Everywhere! If you haven’t encountered Bro IDS before, checkout this webcast on John’s Youtube channel discussing the need for Bro […]
The post Let’s Go Hunting! How to Hunt Command & Control Channels Using Bro IDS and RITA appeared first on Black Hills Information Security, Inc..
John Strand // Want to get started on a hunt team and discover “bad things” on your network? In this webcast, we will walk through the installation and usage of […]
The post WEBCAST: RITA appeared first on Black Hills Information Security, Inc..
John Strand // So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What […]
The post WEBCAST: Live Forensics & Memory Analysis appeared first on Black Hills Information Security, Inc..
A bit delayed but here is the webcast John did with Security Weekly and Endgame about Threat Hunting on 11/15/16.
The post WEBCAST: Threat Hunting Using Open Source Software Bro Part 1 appeared first on Black Hills Information Security, Inc..
Lawrence Hoffman // Last week a friend stopped by my desk with a worried look on his face. He knelt down and showed me the screen of his laptop where […]
The post Hacking Like It’s 1999 appeared first on Black Hills Information Security, Inc..
Login