It is another year for the Sacred Cash Cow Tipping Webcast. For those of you who are new to our email list within the past year, this is a webcast where we cover the various tools and techniques that Black Hills Information Security (BHIS) uses to bypass endpoint security protections. The point of this webcast is not so much to teach people how to bypass these products, but rather to show that they can be bypassed. Hopefully, this leads to some conversations about defense-in-depth and how many v...
Mar 10, 2021•1 hr 30 min•Ep. 1
Originally Aired on March 8, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,118 other subscribers Email Address Subscribe...
Mar 09, 2021•36 min•Ep. 1
Originally Aired on March 3, 2021 Articles discussed in this episode: * https://www.msn.com/en-us/money/other/microsoft-these-exchange-server-zero-day-flaws-are-being-used-by-hackers-so-update-now/ar-BB1ec0In Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join...
Mar 05, 2021•36 min•Ep. 1
Originally Aired on March 1, 2021 Articles discussed in this episode: * https://threatpost.com/yeezy-sneaker-bots-boost-sun/164312/* https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/* https://www.wired.com/story/gab-hack-data-breach-ddosecrets/* https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files* https://github.com/cyberark/blobhunter Check out our Cyber Range, not just a place to work thro...
Mar 03, 2021•51 min•Ep. 1
Originally Aired on February 24, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/government-and-defense/fireeye-and-microsoft-execs-senators-dissect-mandatory-breach-disclosure-in-wake-of-solarwinds/* https://www.wired.com/story/russia-gru-hackers-us-grid/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the B...
Feb 26, 2021•43 min•Ep. 1
Originally Aired on February 22, 2021 Articles discussed in this episode: * https://www.reuters.com/article/us-northkorea-cybercrime-pfizer-idUKKBN2AG0NI* https://threatpost.com/silver-sparrow-malware-30k-macs/164121/* https://www.securityweek.com/chinese-hackers-cloned-equation-group-exploit-years-shadow-brokers-leak Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/c...
Feb 23, 2021•34 min•Ep. 1
Originally Aired on February 17, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/everyones-half-asleep-and-bosses-dont-want-trouble-the-struggle-to-secure-utilities/* https://attack.mitre.org/matrices/enterprise/* https://www.scmagazine.com/home/security-news/network-security/siem-rules-ignore-bulk-of-mitre-attck-framework-placing-risk-burden-on-users/* https://www.securityweek.com/cybercriminals-leak-files-allegedly-stolen-law-firm-jones-day Check out ou...
Feb 18, 2021•44 min•Ep. 1
Originally Aired on February 8, 2021 Articles discussed in this episode: * https://threatpost.com/500-malicious-chrome-extensions-millions/152918/* https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/* https://threatpost.com/industrial-networks-hackable-security-holes/163708/* https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-poisoning-sheriff-says-idUSKBN2A82FV* https://twitter.com/SkelSec/status/1346553...
Feb 09, 2021•45 min•Ep. 1
Originally Aired on February 1, 2021 Articles discussed in this episode: * https://threatpost.com/microsoft-365-bec-innovation/163508/* https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/* https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way?&web_view=true Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/c...
Feb 02, 2021•1 hr 2 min•Ep. 1
ORIGINALLY AIRED ON JANUARY 25, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,989 other subscribers Email Address Subscribe...
Jan 26, 2021•31 min•Ep. 1
ORIGINALLY AIRED ON JANUARY 20, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/20/malwarebytes_solarwinds_hack_latest/* https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/* https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ ...
Jan 22, 2021•41 min•Ep. 1
A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some addi...
Jan 18, 2021•1 hr 5 min•Ep. 1
Originally aired on January 13, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/13/darkmarket_europol_shutdown/* https://www.theregister.com/2021/01/12/microsoft_linux_edr/* https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/* https://threatpost.com/hackers-leak-pfizer-covid-19-vaccine-data/163008/* https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ Check out our Cyber Range, not just a place to work through ...
Jan 14, 2021•30 min•Ep. 1
Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to learn why this is bad, but also why we assess that the sky isn’t falling. Join these three amigos to discuss breach details and actionable steps you can take in your own n...
Dec 31, 2020•1 hr 16 min•Ep. 1
Originally aired on December 21, 2020 Articles discussed in this episode: * https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ * https://theintercept.com/2020/12/17/russia-hack-austin-texas/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified whe...
Dec 22, 2020•53 min•Ep. 1
Originally aired on December 14, 2020 Articles discussed in this episode: * https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage* https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html* https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/* https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-f...
Dec 16, 2020•43 min•Ep. 1
Originally aired on December 11, 2020 Articles discussed in this episode: * https://www.nobandwidth.io/* https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html* https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools* https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/* https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/* https://capricocave.word...
Dec 15, 2020•50 min•Ep. 1
Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple to configure. If you’ve ever watched someone else use Burp, you’ve no doubt picked up something useful from them: everyone seems to have their own tricks for getting more out of it. In this ...
Dec 07, 2020•1 hr 28 min•Ep. 1
Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in order to expose any command line interface (CLI) tools your packaging. Additionally, you also need to manage dependencies, keep them in sync with your requirements.t...
Dec 04, 2020•1 hr 15 min•Ep. 1
Originally aired on November 30, 2020 Articles discussed in this episode: * https://www.computerweekly.com/news/252491324/Surge-in-Ryuk-ransomware-attacks-has-hospitals-on-alert* https://www.baltimoresun.com/maryland/baltimore-county/bs-md-co-what-to-know-schools-ransomware-attack-20201130-2j3ws6yffzcrrkfzzf3m43zxma-story.html* https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library Check out our Cyber Range, not just a place to work through challenges and play, but also an...
Dec 01, 2020•24 min•Ep. 1
Originally aired on November 19, 2020 Articles discussed in this episode: * https://duo.com/blog/the-great-dns-vulnerability-of-2008-by-dan-kaminsky* https://blog.cloudflare.com/sad-dns-explained Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,880 other ...
Nov 25, 2020•18 min•Ep. 1
Originally aired on November 11, 2020 Articles discussed in this episode: * https://www.darkreading.com/attacks-breaches/malware-hidden-in-encrypted-traffic-surges-amid-pandemic/d/d-id/1339420* https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get not...
Nov 13, 2020•45 min•Ep. 1
Originally aired on 11/09/2020 Articles discussed in this episode: * https://www.darkreading.com/threat-intelligence/6-ways-passwords-fail-basic-security-tests/d/d-id/1339299* https://www.infosecurity-magazine.com/news/national-guard-uvm-health-network/* https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com...
Nov 12, 2020•32 min•Ep. 1
Originally aired on October 26, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,845 other subscribers Email Address Subscribe...
Nov 11, 2020•35 min•Ep. 1
Originally aired on October 21, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,828 other subscribers Email Address Subscribe...
Nov 02, 2020•26 min•Ep. 1
Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through a AI powered single pane of glass. Security has been and will continue to be, hard. This webcast will help people who are getting started be more successful and hopef...
Oct 26, 2020•1 hr 16 min•Ep. 1
They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be your guide into the unknown. We ALL can benefit from being mentored and being a mentor. In this live Black Hills Information Security (BHIS) webcast, we’ll discuss:– How to know if you...
Oct 19, 2020•1 hr 26 min•Ep. 1
Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for Purple Teaming in the information security community, they have invited Roberto Rodriguez & Nate Guagenti (HELK Project, Mordor...
Sep 09, 2020•1 hr 38 min•Ep. 1
John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how to effectively deal with chafing, don’t drink the water, choosing the right shoes, presenting to management, seriously, chafing is a problem, chickens, getting over impostor s...
Sep 04, 2020•10 min•Ep. 1
Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing a Python tool with apt-get and another with pip? (00:00) - PreShow Banter™ – Jokes Not Safe For Work (11:31) - PreShow Banter™ – SponsorWare for GitHub (20:13) - Feature Presentation: Pretty Little Python Secrets (25:19) - 1st Circle of Hell: Managing Python Versions (30:58) - 2nd Circle of Hell: Python Dependencie...
Aug 24, 2020•1 hr 19 min•Ep. 1
![Talkin' Bout [Infosec] News - podcast cover](https://assets.metacast.app/images/podcast/artwork/FMW0NX7U)
