Advice about getting started in pentesting from the BHIS pentest lead, including a learning path and why you should go all in on offensive security skills.
The post Getting Started In Pentesting β Advice From The BHIS Pentest Lead appeared first on Black Hills Information Security, Inc..
This overview of the basics of Cloud Security includes some tips and resources for getting started in defending the cloud.
The post Cloud Security: Tips and Resources for Securing the Cloud appeared first on Black Hills Information Security, Inc..
βGRCβ isnβt all witchcraft and administrative nonsense β itβs the core that drives security initiatives, connects security spend to business outcomes, and powers a well-functioning security team.
The post Understanding GRC: How to Navigate Risks and Compliance Standards appeared first on Black Hills Information Security, Inc..
Malware analysis is an amazing field that can be interesting, fun, and useful for your cybersecurity career. If youβre wondering WHY anyone would want to dig into malware, itβs all for a better understanding of cybersecurity!
The post Malware Analysis: How to Analyze and Understand Malware appeared first on Black Hills Information Security, Inc..
OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).
The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc..
Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?
The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..
This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks.
The post Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good IntentionsΒ appeared first on Black Hills Information Security, Inc..
In todayβs interconnected digital world, information security has become a critical concern for individuals, businesses, and governments alike. Cyber threats, which encompass a wide range of malicious activities targeting information systems, pose significant risks to the confidentiality, integrity, and availability of data.
The post Common Cyber Threats appeared first on Black Hills Information Security, Inc..
Setting goals is a deceptively simple career skill we all know is important, but how do you set goals youβre actually excited to work towards?
The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..
Whether it's forgotten temporary files, installation artifacts, READMEs, or even simple image files--default content on web servers can turn into a boon for attackers. In the most innocent of cases, these types of content can let attackers know more about the tech stack of the environment, and in the worst case scenario can lead to exploitation.
The post Default Web Content appeared first on Black Hills Information Security, Inc..
Organizations tend to focus a significant amount of their efforts on external threats, such as phishing and ransomware, but they often overlook one of the most dangerous attack vectors on their internal networks.Β
The post Commonly Abused Administrative Utilities: A Hidden Risk to Enterprise SecurityΒ appeared first on Black Hills Information Security, Inc..
An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.
The post Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource appeared first on Black Hills Information Security, Inc..
DNS Triage is a reconnaissance tool that finds information about an organization's infrastructure, software, and third-party services as fast as possible. The goal of DNS Triage is not to exhaustively find every technology asset that exists on the internet. The goal is to find the most commonly abused items of interest for real attackers.
The post DNS Triage Cheatsheet appeared first on Black Hills Information Security, Inc..
GraphRunner is a collection of post-exploitation PowerShell modules for interacting with the Microsoft Graph API. It provides modules for enumeration, exfiltration, persistence, and more!
The post GraphRunner Cheatsheet appeared first on Black Hills Information Security, Inc..
Burp Suite is an intercepting HTTP proxy that can also scan a web-based service for vulnerabilities. A tool like this is indispensable for testing web applications. Burp Suite is written in Java and comes bundled with a JVM, so it works on any operating system you're likely to use.
The post Burp Suite Cheatsheet appeared first on Black Hills Information Security, Inc..
Impacket is an extremely useful tool for post exploitation. It is a collection of Python scripts that provides low-level programmatic access to the packets and for some protocols, such as DCOM, Kerberos, SMB1, and MSRPC, the protocol implementation itself.
The post Impacket Cheatsheet appeared first on Black Hills Information Security, Inc..
Wireshark is an incredible tool used to read and analyze network traffic coming in and out of an endpoint. Additionally, it can load previously captured traffic to assist with troubleshooting network issues or analyze malicious traffic to help determine what a threat actor is doing on your network.
The post Wireshark Cheatsheet appeared first on Black Hills Information Security, Inc..
Hashcat is a powerful tool for recovering lost passwords, and, thanks to GPU acceleration, itβs one of the fastest. It works by rapidly trying different password guesses to determine the original password from its scrambled (hashed) version.
The post Hashcat Cheatsheet appeared first on Black Hills Information Security, Inc..
Offensive Purpose:Β Efficient way to gather info about web services & their hosting infrastructure. Automates taking screenshots for quick & easy review.
The post EyeWitness Cheatsheet appeared first on Black Hills Information Security, Inc..
Nmap is a powerful open-source tool commonly used by system/network administrators and security professionals to perform network discovery, security auditing, and basic vulnerability assessment.
The post Nmap Cheatsheet appeared first on Black Hills Information Security, Inc..
Login