Originally Aired on July 19, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-19 02:18 – Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm 13:15 – Story # 2: https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/ 16:00 – Story # 3: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ 34:41 – Story # 4: https://thehackernews.com/2021/07/turns-out-that-low-risk...
Jul 21, 2021•54 min•Ep. 1
Originally Aired on July 12, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-12 01:56 – Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ 03:09 – Russia’s R.A.R.E. Program 03:54 – Story # 2: https://www.securityweek.com/solarwinds-confirms-new-zero-day-flaw-under-attack 05:33 – Story # 3: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html 08:44 – Story # 4: https://t...
Jul 16, 2021•53 min•Ep. 1
Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it all work. Wouldn’t it be nice if you had a playbook of how to set everything up to save time and prevent mistakes? What if we coded this playbook ...
Jul 14, 2021•1 hr 5 min•Ep. 1
Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – 2021-04-01 – PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ 05:29 – You’re So Vanity 08:39 – Let’s Talk About Florida Man 11:27 – Kellon is here – Intro Sec Con Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join ...
Jul 13, 2021•21 min•Ep. 1
Originally Aired on July 6, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-06 02:32 – Story # 1 – CISA self-assessment audit tool – https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 – Story # 2 – Insurance rates up 32% – https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 – Story # 3 – 0 Day for Windows OS PrintNightmare – https://doublepulsar.com/zero-day-for-every-suppor...
Jul 12, 2021•56 min•Ep. 1
Articles discussed in this episode: 00:00 - BHIS | Talkin’ Bout News 2021-07-06 02:32 - Story # 1 - CISA self-assessment audit tool - https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 - Story # 2 - Insurance rates up 32% - https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 - Story # 3 - 0 Day for Windows OS PrintNightmare - https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wil...
Jul 12, 2021•56 min•Ep. 1
Originally Aired on June 28, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Way West Recap06:38 – Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/12:58 – Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware19:41 – Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html29:27 – Story 4 : https://venturebea...
Jun 30, 2021•1 hr•Ep. 1
00:00 - PreShow Banter™ — Way West Recap 06:38 - Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/ 12:58 - Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware 19:41 - Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html 29:27 - Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-h...
Jun 30, 2021•1 hr•Ep. 1
https://youtu.be/ZXNzG8ilfiw 00:00 - Talkin’ Bout Ransomware 01:26 - Story 1: https://nypost.com/2021/06/06/texas-mom-arrested-after-posing-as-her-13-year-old-daughter-at-middle-school/ 06:26 - Story 2: https://cyberworkx.in/2021/06/07/worlds-first-known-malware-targeting-windows-containers-to-compromise-cloud-environments/ 10:42 - Story 3: https://threatpost.com/revil-spill-details-us-attacks/166669/ 22:27 - Story 4: https://www.eff.org/deeplinks/2021/06/van-buren-victory-against-overbroad-inte...
Jun 14, 2021•42 min•Ep. 1
Originally Aired on June 1, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Fishing Attacks 02:40 – Story 1: https://m1racles.com/ 05:33 – Story 2: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ 11:26 – Story 3: https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps 15:29 – Story 4: https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/...
Jun 04, 2021•33 min•Ep. 1
In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of ...
Jun 03, 2021•1 hr 7 min•Ep. 1
Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | hashtaginfosec Kaitlyn | Kadawi Blake | zer0cool Vee | Po1Zon_P1x13 Ralph | ralphte1 Game Play Master: Ja...
May 28, 2021•1 hr 11 min•Ep. 1
Join Incident Master Ean Meyer as we play another round of Backdoors & Breaches.
May 21, 2021•1 hr 11 min•Ep. 1
There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do. You may be a shop that is looking at commercial offerings, h...
May 19, 2021•1 hr 22 min•Ep. 1
Originally Aired on May 10, 2021 Articles discussed in this episode: * https://whyy.org/segments/the-greatest-hoax-on-earth/ * https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline * https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/ * https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/ * https://www.macrumors.com/2021/05/10/hacked-airtag-links-to-custom-url-lost-mo...
May 14, 2021•57 min•Ep. 1
This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick emergency webcast together to cover some of these new developments and hit on some very real and very easy things to mitigate against some of these attacks. We say “some” because these atta...
May 12, 2021•1 hr 32 min•Ep. 1
Originally Aired on May 5, 2021 Articles discussed in this episode: * https://thehackernews.com/images/-V6c2_ZHgMzI/YJFAaQl5RjI/AAAAAAAAA_8/wNs6d4zWc1MHLJ5VPaSpzHvXkFIIcwfZQCLcBGAsYHQ/s0/reset-passsword.jpg * https://threatpost.com/dell-kernel-privilege-bugs/165843/ * https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/ * https://signal.org/blog/the-instagram-ads-you-will-never-see/ * https://nakedsecurity.sophos.com/2021/05/04/apple-pro...
May 07, 2021•30 min•Ep. 1
Originally Aired on May 3, 2021 Articles discussed in this episode: * https://threatpost.com/deepfake-attacks-surge-experts-warn/165798/ * https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/* https://www.reddit.com/r/netsec/comments/n36x7h/arbitrary_code_execution_in_exiftool/* https://krebsonsecurity.com/2021/04/experians-credit-freeze-security-is-still-a-joke/* https://github.com/alievk/avatarify-python * https://media.ccc.de/v/29c3-5327-en-writing_a_thumbdrive_from_scratch_h264...
May 05, 2021•55 min•Ep. 1
Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Jason Blanchard | BanjoCrashland Defenders: Matt Thomas | slegna Richard Phung | p3hndrx Maril Vernon | SheWhoHacks Kaitlyn Wimberley ...
Apr 30, 2021•46 min•Ep. 1
Originally Aired on April 26, 2021 Articles discussed in this episode: * https://usdaynews.com/celebrities/celebrity-death/dan-kaminsky-death-cause/* https://signal.org/blog/cellebrite-vulnerabilities/* https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/* https://youtu.be/G0gOAvpGoJg Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhills...
Apr 28, 2021•52 min•Ep. 1
Originally Aired on April 19, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack* https://apnews.com/article/russia-safe-harbor-ransomeware-hacking-c9dab7eb3841be45dff2d93ed3102999* https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/* https://www.theverge.com/2021/4/18/22390379/federal-investigators-breach-software-codecov-solarwinds* https://threatpost.com/google-project-zero-cuts-bug-disclosure-tim...
Apr 21, 2021•53 min•Ep. 1
Originally Aired on April 12, 2021 Articles discussed in this episode: * https://threatpost.com/azure-functions-privilege-escalation/165307/* https://www.theverge.com/2021/4/8/22374464/linkedin-data-leak-500-million-accounts-scraped-microsoft* https://news.linkedin.com/2021/april/an-update-from-linkedin* https://www.bbc.com/news/world-middle-east-56708778* https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors Check out our Cyber ...
Apr 14, 2021•39 min•Ep. 1
Originally Aired on April 7, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/phishing/array-of-recent-phishing-schemes-use-personalized-job-lures-voice-manipulation/* https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report* https://www.securityweek.com/white-hats-earn-440000-hacking-microsoft-products-first-day-pwn2own-2021* https://www.infosecurity-magazine.com/news/consulting-firm-data-breach/* https://github.com/Neo23x0/Raccine* https:/...
Apr 08, 2021•57 min•Ep. 1
Originally Aired on April 5, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/* https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/* https://threatpost.com/call-of-duty-cheats-gamers-malware/165209/* https://outflank.nl/services/outflank-security-tooling/* https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html* https://www.paulosyibelo.com/20...
Apr 06, 2021•57 min•Ep. 1
Originally Aired on March 29, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-nonprofit-hears-from-the-police/* https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html* https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html* https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open di...
Mar 31, 2021•50 min•Ep. 1
Originally Aired on March 24, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/3/22/22345792/microsoft-discord-acquisition-report-10-billion* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://grahamcluley.com/police-raid-apartment-alleged-verkada-hacker/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-...
Mar 29, 2021•38 min•Ep. 1
During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and every network service probed leaves some trace that the red team was there. Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further a...
Mar 25, 2021•1 hr 41 min•Ep. 1
Originally Aired on March 22, 2021 Articles discussed in this episode: * https://threatpost.com/google-spectre-poc-exploit-chrome/164787/* https://threatpost.com/office-365-phishing-attack-financial-execs/164925/* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/* https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-...
Mar 23, 2021•41 min•Ep. 1
Originally Aired on March 17, 2021 Articles discussed in this episode: * https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams* https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-014.pdf* https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://twitter.com/PythonResponder/status/1372023079719817218?s=2...
Mar 19, 2021•48 min•Ep. 1
The Livestream of our first Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version of the game was a success! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. 11:05 – Backdoors & Breaches Session Begins! Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-sim...
Mar 18, 2021•46 min•Ep. 1
![Talkin' Bout [Infosec] News - podcast cover](https://assets.metacast.app/images/podcast/artwork/FMW0NX7U)
