This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]

The post AI Large Language Models and Supervised Fine Tuning appeared first on Black Hills Information Security, Inc..

This article originally featured in the very first issue of our PROMPT# zine — Choose Wisely. You can find that issue (and all the others) here: https://www.blackhillsinfosec.com/prompt-zine/ I remember a […]

The post Red Teaming: A Story From the Trenches appeared first on Black Hills Information Security, Inc..

The Challenge As stated in PART 1 of this blog, the Windows endpoint defense technology stack in a mature organization represents a challenge for Red Teamer initial access operations. For […]

The post Initial Access Operations Part 2: Offensive DevOps appeared first on Black Hills Information Security, Inc..

Today’s endpoint defense landscape on the Windows desktop platform is rich with product offerings of quite sophisticated capabilities. Beyond the world of antivirus products, Extended Detection and Response (XDR), and […]

The post Initial Access Operations Part 1: The Windows Endpoint Defense Technology Landscape appeared first on Black Hills Information Security, Inc..

Joff Thyer // Introduction We have already arrived at the end of 2022; wow, that was fast. As with any industry or aspect of life, we find ourselves peering into […]

The post <strong>Forward into 2023: Browser and O/S Security Features</strong>  appeared first on Black Hills Information Security, Inc..

Joff Thyer // I woke up this Monday morning thinking that it’s about time I spent time looking at my Domain Name Service (DNS) configuration in my network. (This thought […]

The post The DNS over HTTPS (DoH) Mess appeared first on Black Hills Information Security, Inc..

In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, […]

The post Webcast: Shellcode Execution with GoLang appeared first on Black Hills Information Security, Inc..

Joff Thyer // If you are a fan of web application pen testing, you have been spoiled with a lot of easy pickings over the years.  We all love our […]

The post Web App Pen Testing in an Angular Context appeared first on Black Hills Information Security, Inc..

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint […]

The post Webcast: Move Aside Script Kiddies – Malware Execution in the Age of Advanced Defenses appeared first on Black Hills Information Security, Inc..

Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. […]

The post Webcast: IPv6: How to Securely Start Deploying appeared first on Black Hills Information Security, Inc..

Joff Thyer // Introduction If there is anything that the start of 2020 has taught us, it is that Internetworking services are in higher demand than ever before.  IPv4 is […]

The post Securely Deploying IPv6 in 2020 Part 1: Internet Facing Perimeter appeared first on Black Hills Information Security, Inc..

What does it mean to work from home across your corporate VPN? What exactly is VPN? Is your home office prepared? How can you improve and better secure your home […]

The post Webcast: Pandemic Paradigm Shift: Remote Working is the New Normal appeared first on Black Hills Information Security, Inc..

Joff Thyer // The Domain Name System (DNS) is the single most important protocol on the Internet. The distributed architecture of DNS name servers and resolvers has resulted in a […]

The post Tap Into Your Valuable DNS Data appeared first on Black Hills Information Security, Inc..

Joff Thyer// In this webcast, we talk about the 2020 End of Life for Python2. We address what the short and medium term impacts will likely be. Key language differences […]

The post BHIS Webcast: Py2k20 – Transitioning from Python2 to Python3 appeared first on Black Hills Information Security, Inc..

Joff Thyer// Many of you have probably already looked at Beau Bullock’s fine blog entry on a penetration testing dropbox. Beau has some excellent guidance on how to build the […]

The post Pentesting Dropbox on Steroids appeared first on Black Hills Information Security, Inc..

Joff Thyer// Mobile is everywhere these days. So many applications in our daily life are being migrated towards a cloud deployment whereby the front end technology is back to the […]

The post Embedding Meterpreter in Android APK appeared first on Black Hills Information Security, Inc..

Joff Thyer // Black Hills Information Security loves performing both internal penetration tests, as well as command and control testing for our customers. Thanks to the efforts of many great […]

The post Got Privs? Crack Those Hashes! appeared first on Black Hills Information Security, Inc..

Joff Thyer // If you have been penetration testing a while, you likely have ended up in a Red Team situation or will be engaged in it soon enough. From […]

The post A Morning with Cobalt Strike & Symantec appeared first on Black Hills Information Security, Inc..

Joff Thyer // I had an interesting experience recently that reminded me to always “trust but verify.” Let me set the stage for you. As a penetration tester, and IT […]

The post Are You Really Hacking Naked? appeared first on Black Hills Information Security, Inc..

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

The post How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up appeared first on Black Hills Information Security, Inc..