This blog will not dive too deeply into BloodHound itself; instead, we will focus on various methods to collect AD data to provide BloodHound as input.
The post A Practical Guide to BloodHound Data Collection appeared first on Black Hills Information Security, Inc..
This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.
The post Cloud Security: Tips and Resources for Securing the Cloud appeared first on Black Hills Information Security, Inc..
Deceptive-Auditing is a tool that deploysΒ Active Directory honeypots and automatically enables auditing for those honeypots.
The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..
Imagine this: Youβre an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that thereβs no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.
The post GoSpoofΒ β Turning Attacks into IntelΒ appeared first on Black Hills Information Security, Inc..
But what if we need to wrangle Windows Event Logs for more than one system? In part 2, weβll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (βREIWβ)!Β
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..
Remember the good βol days of Zip drives, Winamp, the advent of βOffice 365,β and copy machines that didnβt understand email authentication? Okay, maybe they werenβt so good! For a [β¦]
The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..
Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.
The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..
For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.
The post Caging Copilot: Lessons Learned in LLM Security appeared first on Black Hills Information Security, Inc..
Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.
The post Go-Spoof: A Tool for Cyber Deception appeared first on Black Hills Information Security, Inc..
Iβve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem [β¦]
The post Canary in the Code: Alert()-ing on XSS Exploits appeared first on Black Hills Information Security, Inc..
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities [β¦]
The post One Active Directory Account Can Be Your Best Early Warning appeared first on Black Hills Information Security, Inc..
By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec [β¦]
The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security, Inc..
| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native [β¦]
The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security, Inc..
Troy Wojewoda // In honor of Shark Week1, I decided to write this blog to demonstrate various techniques Iβve found useful when analyzing network traffic with Wireshark, as well as [β¦]
The post Welcome to Shark Week: A Guide for Getting Started with Wireshark and TShark appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft [β¦]
The post Parsing Sysmon Logs on Microsoft Sentinel appeared first on Black Hills Information Security, Inc..
Jordan DrysdaleΒ // Overview The following description of some of Impacketβs tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. [β¦]
The post Impacket Defense Basics With an Azure LabΒ appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs [β¦]
The post Geopolitical Cyber-Detection Lures for Attribution with Microsoft SentinelΒ appeared first on Black Hills Information Security, Inc..
Have you heard of Backdoors & Breaches, or even have a deck of your own, and yetβ¦ still donβt know how to use it? We created an incident response card [β¦]
The post How to Use Backdoors & Breaches to do Tabletop Exercises and Learn Cybersecurity appeared first on Black Hills Information Security, Inc..
Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its [β¦]
The post The Azure Sandbox β Purple EditionΒ appeared first on Black Hills Information Security, Inc..
Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP [β¦]
The post Backdoors & Breaches LIVE β 5/19/2021 appeared first on Black Hills Information Security, Inc..
Login