This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are. Consider this to […] The post Webcast: New Wave of Ransomware Attacks: How did this happen? appeared first on Black Hills Information Security ....
Dec 23, 2021•1 hr 47 min•Ep. 1
ORIGINALLY AIRED ON DECEMBER 20, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Getting Nerdy With It 04:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-20 – The Final Broadcast … of 2021 05:34 – Story # 1: Apple releases Android app to find rogue AirTags – https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/ 18:24 – Story # […] The post Talkin’ About Infosec News – 12/22/2021 appeared first on Black Hills Information Security . (00:00) - PreShow Bant...
Dec 22, 2021•57 min•Ep. 1
Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join […] The post Webcast: Intro to Ransomware and Industrial Control Systems (ICS) appeared first on Black Hills Information Sec...
Dec 21, 2021•1 hr 43 min•Ep. 1
At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their explanations. For their story of the environment as it appears to an attacker. The scanning and testing and exploiting (and failing at those things) is […] The post Webcast: Hack for Show, Report For Dough: Part 2 appeared first on Black Hills Information Security ....
Dec 21, 2021•1 hr 59 min•Ep. 1
ORIGINALLY AIRED ON DECEMBER 13, 2021 00:00 – PreShow Banter™ 09:41 – FEATURE PRESENTATION: The Floor is Java – Log4Shell / Log4J 10:26 – Lets Jump In 11:31 – Oh No… 12:28 – None of This is New 15:36 – How Does This Work? 19:48 – Mitigations 21:48 – Find it on Hosts 23:54 – Hal […] The post Talkin’ About Infosec News – The Floor is Java – 12/15/2021 appeared first on Black Hills Information Security . (00:00) - PreShow Banter™ (09:41) - FEATURE PRESENTATION: The Floor is Java – Log4Shell / Log4J...
Dec 15, 2021•1 hr 4 min•Ep. 1
ORIGINALLY AIRED ON DECEMBER 6, 2021 Articles discussed in this episode: 00:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-06 02:57 – Story # 1: Apple AirTag Car Thefts – https://www.macrumors.com/2021/12/03/airtag-linked-to-car-thefts/ 11:04 – Story # 2: Ubiquiti dev charged for extortion – https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/ 17:09 – Plug: Pay What You Can SOC Training – https://www.antisyphontraining.com/soc-core-skills...
Dec 09, 2021•59 min•Ep. 1
Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser how it should behave on certain security considerations. Oh, how times have changed. Here at Black Hills Information Security (BHIS), we’ve actually migrated webservers, hosting […] The post Fixing Content-Secu...
Dec 03, 2021•16 min•Ep. 1
ORIGINALLY AIRED ON NOVEMBER 22, 2021 Articles discussed in this episode: Story # 1: Chinese Team Up With Russia To Launch US Cybersecurity Assault – https://hothardware.com/news/chinese-hackers-team-up-with-russian-ransomware-gang Story # 2: The FBI Got Hacked Over a Beef With a Guy Named Vinny? – https://www.thedailybeast.com/was-fbi-email-hack-just-an-elaborate-troll-of-a-guy-named-vinny-troia Story # 3: Insurers run from ransomware cover as losses mount – https://www.reuters.com/markets/euro...
Nov 26, 2021•53 min•Ep. 1
ORIGINALLY AIRED ON NOVEMBER 15, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-11-15 02:22 – Story # 1: Robinhood data breach – https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/ 07:27 – Story # 2: Trojanized IDA Pro – https://thehackernews.com/2021/11/north-korean-hackers-target.html 09:48 – Story # 3: stealing data today, quantum computers tomorrow – https://www.technologyreview.com/2021/11/03...
Nov 17, 2021•57 min•Ep. 1
ORIGINALLY AIRED ON November 08, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — God’s Waiting Room 03:08 – BHIS – Talkin’ Bout [infosec] News 2021-11-08 04:50 – Story # 1: JavaScript in Excel – https://techcrunch.com/2021/11/02/microsoft-brings-javascript-to-excel/ 09:12 – Story # 2: Bots That Steal 2FA Codes – https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo 13:00 – Story # 3: US bans trade with NSO Group – https:/...
Nov 12, 2021•43 min•Ep. 1
Have you ever seen a call for papers for a conference and thought to yourself that you’d like to submit a talk and then immediately thought, oh never mind? Have you ever been asked to present internally at your organization and immediately recommended someone else to do it? Was it because you didn’t know how to give a presentation, or because you were afraid of speaking in front of an audience, or because you didn’t know where to start? This Black Hills Information Security (BHIS) presentation o...
Nov 02, 2021•1 hr 14 min•Ep. 1
ORIGINALLY AIRED ON OCTOBER 25, 2021 Articles discussed in this episode: 01:42 – Story # 1: https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/ 06:34 – Story # 2: https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ 11:50 – Story # 3: https://www.pcgamer.com/hackers-drain-cryptocurrency-accounts-of-thousands-of-coinbase-users/ 23:47 – Story # 4: https:...
Oct 28, 2021•59 min•Ep. 1
ORIGINALLY AIRED ON OCTOBER 11, 2021 Articles discussed in this episode: 00:21 – Story # 1: Facebook Aftermath | https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ 09:17 – Story # 2: Twitch Source Code | https://www.theregister.com/2021/10/06/twitch_data_leak/ 25:31 – Story # 3: SMS Hacked; 5 Years | https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/ 31:40 – Story # 4: K-12 Cybersecurity Bill |...
Oct 19, 2021•50 min•Ep. 1
ORIGINALLY AIRED ON OCTOBER 4, 2021 Articles discussed in this episode: 00:57 – Story # 1: Facebook is Burning 22:09 – Story # 2: https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/ 25:38 – Story # 3: https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/ 33:02 – Story # 4: https://cyberworkx.in/2021/10/03/hackers-spreading-malware-by-misusing-trust-of-amnesty-international/ 36:55 – Story # 5: https://threatpost....
Oct 13, 2021•43 min•Ep. 1
ORIGINALLY AIRED ON SEPTEMBER 27, 2021 Articles discussed in this episode: 01:20 – Story # 1: https://habr.com/en/post/579714/ 02:14 – Story # 1b: https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/ 02:54 – Story # 1c: https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/ 04:03 – Story #1d: https://habr.com/en/post/580272/ 09:42 – A Wild Noah Has Joined the Chat 13:24 – The Wildest, Grayson & Tenille,...
Sep 29, 2021•53 min•Ep. 1
In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, high performance, multi-threaded, and unlike C/C++ includes garbage collection! It has the advantage of compiling to native machine code, unlike .NET C# which is dependent on the common language runtime, and easily reversible. We explore how to execute Windows shellcode with GoLang in the ...
Sep 28, 2021•1 hr 3 min•Ep. 1
ORIGINALLY AIRED ON SEPTEMBER 20, 2021 Articles discussed in this episode: 00:55 – Story # 1: https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/ 19:45 – Story # 2: https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware 27:45 – Story # 3: https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336 41:19 – Story # 4: https://apnews.com/article/technology-business-pakistan-seattle-washington-c6122e936e0fcc7c077becdd2559886b...
Sep 23, 2021•53 min•Ep. 1
Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices to Frustrate Attackers” have changed their business models for the better. And since they’ve been offered the BHIS soapbox again, they thought it was time to update this material and combine it. Security can sometimes move slow and other times blazingly fast. They’ll discuss what they’ve seen in the past year a...
Sep 22, 2021•1 hr 3 min•Ep. 1
ORIGINALLY AIRED ON SEPTEMBER 13, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13 02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ 04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083 07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-do...
Sep 17, 2021•45 min•Ep. 1
Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically appl...
Sep 16, 2021•1 hr 51 min•Ep. 1
ORIGINALLY AIRED ON SEPTEMBER 7, 2021 Articles discussed in this episode: 02:14 – Story # 1: https://therecord.media/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks 06:17 – Story # 2: https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds 08:30 – Story # 3: https://taskandpurpose.com/news/air-force-cybersecurity-nicolas-chaillan/ 10:29 – Story # 3b: https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/ 13:20 – Story # 4: https://venturebeat.com/2021/09/02/the...
Sep 09, 2021•49 min•Ep. 1
ORIGINALLY AIRED ON AUGUST 30, 2021 Articles discussed in this episode: 01:38 – Story # 1: https://carbuzz.com/news/tom-cruise-couldnt-stop-thieves-stealing-his-bmw-7-series 14:45 – Story # 2: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru 23:24 – Story # 3: https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/ 27:37 – Story # 4: https://cyberworkx.in/2021/08/28/five-different-malware-families-targ...
Sep 03, 2021•57 min•Ep. 1
ORIGINALLY AIRED ON AUGUST 23, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — A Case of the Mondays 04:14 – Talkin’ Bout [InfoSec] News 2021-08-23 05:24 – Story # 1: https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure 09:03 – Story # 2: https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/ 14:50 – Story # 3: https://www.nytime...
Aug 25, 2021•57 min•Ep. 1
ORIGINALLY AIRED ON AUGUST 16, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-16 01:34 – Story # 1: https://youtu.be/WqD-ATqw3js 05:50 – Story # 2: https://cyberworkx.in/2021/08/11/accenture-data-is-on-darkweb-ransomware-group-threatens-to-release-it-for-public/ 09:54 – Story # 3: https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million 13:37 – Story # 4: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-...
Aug 18, 2021•51 min•Ep. 1
Originally Aired on August 10, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-10 — The Ransomware Intro 03:18 – Story # 1: https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life 15:58 – Story # 2: https://www.securityweek.com/details-emerge-iranian-railroad-cyberattack 32:34 – Story # 3: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/ 36:...
Aug 13, 2021•57 min•Ep. 1
Originally Aired on August 10, 2021 Articles discussed in this episode: https://youtu.be/JTPa1rGq7qk 00:00 - BHIS | Talkin’ Bout News 2021-08-10 — The Ransomware Intro 03:18 - Story # 1: https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life 15:58 - Story # 2: https://www.securityweek.com/details-emerge-iranian-railroad-cyberattack 32:34 - Story # 3: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fi...
Aug 13, 2021•57 min•Ep. 1
Originally Aired on August 2, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-02 — Gold Foil Hats 05:18 – Story # 1: https://hothardware.com/news/microsoft-printnightmare-hack-grants-windows-admin-privileges 10:40 – Story # 2: https://www.wsj.com/articles/amazon-hit-with-record-eu-privacy-fine-11627646144 28:43 – LINK : Social Zombies – https://vimeo.com/6307559 31:54 – LINK: The Great Hack – https://youtu.be/iX8GxLP1FHo 32:24 – Story # 3: https://thehackernews....
Aug 04, 2021•56 min•Ep. 1
ORIGINALLY AIRED ON JULY 26, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-26 03:54 – Story # 1: https://cyberworkx.in/2021/07/24/new-windows-attack-petitpotam-forces-windows-hosts-to-share-ntlm-hashes/ 18:53 – Story # 2: https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html 30:26 – Story # 3: https://cyberworkx.in/2021/07/23/kaseya-received-the-universal-decryptor-for-revil-ransomware-attack/ 51:48 – Random Crap...
Jul 28, 2021•53 min•Ep. 1
Originally Aired on July 26, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-26 03:54 – Story # 1: https://cyberworkx.in/2021/07/24/new-windows-attack-petitpotam-forces-windows-hosts-to-share-ntlm-hashes/ 18:53 – Story # 2: https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html 30:26 – Story # 3: https://cyberworkx.in/2021/07/23/kaseya-received-the-universal-decryptor-for-revil-ransomware-attack/ 51:48 – Random Crap Check out our Cyber Ra...
Jul 28, 2021•53 min•Ep. 1
We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools. Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home. However, there are a couple of ways to set up full network monitoring at home. N...
Jul 23, 2021•1 hr 6 min•Ep. 1
![Talkin' Bout [Infosec] News - podcast cover](https://assets.metacast.app/images/podcast/artwork/FMW0NX7U)
