In part 1 of this post, weβll discuss how Hayabusa and βSecurity Operations and Forensics ELKβ (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!
The post Wrangling Windows Event Logs with Hayabusa & SOF-ELKΒ (Part 1) appeared first on Black Hills Information Security, Inc..
The Microsoft Store provides a convenient mechanism to install software without needing administrator permissions. The feature is convenient for non-corporate and home users but is unlikely to be acceptable in corporate environments. This is because attackers and malicious employees can use the Microsoft Store to install software that might violate organizational policy.Β
The post Microsoft Store and WinGet: Security Risks for Corporate Environments appeared first on Black Hills Information Security, Inc..
Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.
The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..
Engaging with the C-suite is not just about addressing security concerns or defending budget requests. It's about establishing and maintaining an ongoing discussion that aims to align security objectives with the interests of the business.Β Β
The post Communicating Security to the C-Suite: A Strategic ApproachΒ appeared first on Black Hills Information Security, Inc..
Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.
The post Go-Spoof: A Tool for Cyber Deception appeared first on Black Hills Information Security, Inc..
Iβve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem [β¦]
The post Canary in the Code: Alert()-ing on XSS Exploits appeared first on Black Hills Information Security, Inc..
In this video, John Strand discusses the complexities and challenges of penetration testing, emphasizing that it goes beyond just finding and exploiting vulnerabilities.
The post 5 Things We Are Going to Continue to Ignore in 2025 appeared first on Black Hills Information Security, Inc..
Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities [β¦]
The post One Active Directory Account Can Be Your Best Early Warning appeared first on Black Hills Information Security, Inc..
A lot of emphasis and focus is put on the investigative part of SOC work, with the documentation and less glamorous side of things brushed under the rug. One such [β¦]
The post Clear, Concise, and Comprehensive: The Formula for Great SOC Tickets appeared first on Black Hills Information Security, Inc..
By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec [β¦]
The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security, Inc..
Changes to the msds-KeyCredentialLink attribute are not audited/logged with standard audit configurations. This required serious investigations and a partner firm in infosec provided us the answer: TrustedSec.Β So, credit where [β¦]
The post Enable Auditing of Changes to msDS-KeyCredentialLinkΒ appeared first on Black Hills Information Security, Inc..
Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, [β¦]
The post Monitoring High Risk Azure LoginsΒ appeared first on Black Hills Information Security, Inc..
Start this blog series from the beginning here: PART 1 Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise environment. In this article, we will [β¦]
The post Abusing Active Directory Certificate Services (Part 4) appeared first on Black Hills Information Security, Inc..
| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity [β¦]
The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security, Inc..
In An SMB Relay Race β How To Exploit LLMNR and SMB Message Signing for Fun and Profit, Jordan Drysdale shared the dangers of lack of SMB Signing requirements and [β¦]
The post Bypass NTLM Message Integrity Check β Drop the MIC appeared first on Black Hills Information Security, Inc..
| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native [β¦]
The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security, Inc..
Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are [β¦]
The post OSINT for Incident Response (Part 1) appeared first on Black Hills Information Security, Inc..
| Alyssa Snow In PART ONE and PART TWO of this blog series, we discussed common misconfigurations of Active Directory certificate templates. In this post, we will walk through exploitation [β¦]
The post Abusing Active Directory Certificate Services (Part 3) appeared first on Black Hills Information Security, Inc..
Misconfigurations in Active Directory Certificate Services (ADCS) can introduce critical vulnerabilities into an Enterprise Active Directory environment, such as paths of escalation from low privileged accounts to domain administrator.
The post Abusing Active Directory Certificate Services (Part 2) appeared first on Black Hills Information Security, Inc..
Active Directory Certificate Services (ADCS) is used for public key infrastructure in an Active Directory environment. ADCS is widely used in enterprise Active Directory environments for managing certificates for systems, users, applications, and more.
The post Abusing Active Directory Certificate Services (Part 1) appeared first on Black Hills Information Security, Inc..
Login