The post Talkin’ About Infosec News – 1/31/2024 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 1/24/2024 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 1/16/2024 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 1/10/24 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 12/21/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 12/15/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 12/06/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/30/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/22/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/13/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/10/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/09/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 11/4/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 10/10/23 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 10/9/2023 appeared first on Black Hills Information Security.

The post Special Segment – Cyber Security Career Advice – 9/28/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 9/25/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 9/18/2023 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 9/11/2023 appeared first on Black Hills Information Security.

Brought to you by Antisyphon Training — https://www.antisyphontraining.com

Brought to you by Antisyphon Training — https://www.antisyphontraining.com

🔵Join us for the Antisyphon Blue Team Summit! https://www.antisyphontraining.com/training/blue-team/2023/06/blue-team-summit-coming-in-august-2023/ Blue Team Summit Coming in August 2023! – Antisyphon Training

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories. Brought to you by: /// 📄 Antisyphon Training August 2023 Blue Team Summit: https://www.antisyphontraining.com/training/blue-team/2023/06/blue-team-summit-coming-in-august-2023/ /// 📄 […]

00:00 – PreShow Banter™ — Tossing Money at Problems00:58 – BHIS – Talkin’ Bout [infosec] News 2023-03-1301:41 – Story # 1: Silicon Valley Bank collapse: Treasury, Fed, and FDIC announce […]

THIS IS A TEST

00:00 – PreShow Banter™ — Lil NAS06:52 – BHIS – Talkin’ Bout [infosec] News 2023-03-0608:13 – Story # 1: LastPass says employee’s home computer was hacked and corporate vault takenhttps://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/28:32 […]

Story # 1: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Lifehttps://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a Story # 1b: Apple’s iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes […]

00:00 – PreShow Banter™ — Pop Tart Pizza04:15 – BHIS – Talkin’ Bout [infosec] News 2023-02-2005:39 – Story # 1: Employee data from a major cybersecurity firm posted for sale […]

00:00 – PreShow Banter™ — Scalping Valentine’s Day Reservations04:13 – BHIS – Talkin’ Bout [infosec] News 2023-06-2305:52 – Story # 1: 5 Chinese companies and a research institute blacklisted by […]

00:00 – PreShow Banter™ — We’ve got nothing to say03:07 – BHIS – Talkin’ Bout [infosec] News 2023-06-2305:56 – Story # 1: Cybercrime job ads on the dark web pay […]

00:00 – PreShow Banter™ — Woke Up Like This03:20 – BHIS – Talkin’ Bout [infosec] News 2023-01-3005:04 – Story # 1: GoTo says hackers stole customers’ backups and encryption keyhttps://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/09:48 […]

00:00 – PreShow Banter™ — Wade’s Googly Eyes00:41 – BHIS – Talkin’ Bout [infosec] News 2023-01-2301:26 – Story # 1: BIG TECH LAYOFFS. LAYOFFS! DOOM! RECESSION!

00:00 – PreShow Banter™ — Ralph’s Guide to Satellite Bands 04:33 – BHIS – Talkin’ Bout [infosec] News 2023-01-16 05:25 – Story # 1: Microsoft’s new AI can simulate anyone’s […]

00:00 – PreShow Banter™ — Twitch Airways International00:59 – BHIS – Talkin’ Bout [infosec] News 2023-01-1003:56 – Story # 1: How ChatGPT could become a hacker’s friendhttps://betanews.com/2023/01/05/how-chatgpt-could-become-a-hackers-friend/14:05 – Story # […]

00:00 – PreShow Banter™ — Seven People00:51 – BHIS – Talkin’ Bout [infosec] News 2023-01-0201:37 – Story # 1: LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolenhttps://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal32:22 – […]

00:00 – PreShow Banter™ — Talkin’ Bout [Elon] News00:51 – BHIS – Talkin’ Bout [infosec] News 2022-12-1902:46 – Story # 1: Antivirus and EDR solutions tricked into acting as data […]

00:00 – PreShow Banter™ — Scissors Vs Paper00:15 – BHIS – Talkin’ Bout [infosec] News 2022-12-1202:12 – Story # 1: Rackspace confirms ransomware attack behind days-long email meltdownhttps://www.theregister.com/2022/12/06/rackspace_confirms_ransomware/07:56 – Story […]

00:00 – PreShow Banter™ — Florida Bobsledding Team01:29 – PreShow Banter™ — Open AI Phishing Campaign05:17 – BHIS – Talkin’ Bout [infosec] News 2022-12-0507:53 – Story # 1: There are […]

00:00 – PreShow Banter™ — Inflatable Turkey00:15 – BHIS – Talkin’ Bout [infosec] News 2022-11-2802:34 – Story # 1: Musk recruits engineers for “Twitter 2.0”https://arstechnica.com/tech-policy/2022/11/musk-recruits-engineers-for-twitter-2-0-after-mass-layoffs-and-resignations/06:28 – Story # 2: Security […]

00:00 – BHIS – Talkin’ Bout [infosec] News 2022-11-1402:26 – Story # 1: Hackers Dump Australian Health Records Online After Insurer Refuses to Pay Ransom– https://gizmodo.com/hackers-health-info-online-medibank-pay-onion-dark-web-184976074210:04 – Story # 2: TransUnion […]

00:00 – PreShow Banter™ — A is for All Team00:33 – BHIS – Talkin’ Bout [infosec] News 2022-11-0703:56 – Story # 1: Musk to cut half of Twitter jobs and […]

00:00 – PreShow Banter™ — Spook Show00:58 – BHIS – Talkin’ Bout [infosec] News 2022-10-3104:00 – Story # 1: OpenSSL warns of critical security vulnerability with upcoming patch– https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/04:42 – Story […]

00:00 – PreShow Banter™ — Best WWHF Ever!00:31 – BHIS – Talkin’ Bout [infosec] News 2022-10-1704:55 – Story # 1: The Verge: Cybersecurity Week 2022– https://www.theverge.com/23365380/cybersecurity-week-series-phishing-encryption-device-security07:02 – Story # 2: Google […]

00:00 – PreShow Banter™ — Dumpster Fire Friends03:07 – PreShow Banter™ — WHHF Deadwood – https://wildwesthackinfest.com/deadwood/ 03:48 – BHIS – Talkin’ Bout [infosec] News 2022-10-0307:37 – Story # 1: High-severity […]

02:28 – Story # 1: American Airlines Breach Exposes Customer and Staff Information– https://www.infosecurity-magazine.com/news/american-airlines-breach-customer/18:59 – Story # 2: London police arrest, charge teen hacking suspect but won’t confirm GTA 6, Uber […]

ORIGINALLY AIRED ON AUGUST 22, 2022 00:00 – PreShow Banter™ — Ralph’s Birthday00:53 – BHIS – Talkin’ Bout [infosec] News 2022-08-2203:27 – Story # 1: PC store told it can’t […]

ORIGINALLY AIRED ON AUGUST 15, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Sneaking Candy03:32 – BHIS – Talkin’ Bout [infosec] News 2022-08-1507:06 – Story # 1: […]

ORIGINALLY AIRED ON JULY 25, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-07-25 03:59 – Story # 1: DOJ seized ransoms paid by […]

ORIGINALLY AIRED ON JULY 18, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Talkin’ Bout Audio 07:23 – BHIS – Talkin’ Bout [infosec] News 2022-07-18 09:28 – […]

ORIGINALLY AIRED ON JULY 11, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Cons, China, and Florida Man, oh my! 07:03 – Story # 1: North Korean […]

ORIGINALLY AIRED ON JUNE 27, 2022 Articles discussed in this episode: 02:13 – Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a […]

ORIGINALLY AIRED ON JUNE 20, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-20 01:31 – Story # 1: Internal TikTok Meetings Shows That […]

ORIGINALLY AIRED ON JUNE 13, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-13 02:26 – Story # 1: Roblox Game Pass store used […]

ORIGINALLY AIRED ON JUNE 6, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Boat Facts 01:38 – BHIS – Talkin’ Bout [infosec] News 2022-06-06 03:51 – Story […]

ORIGINALLY AIRED ON MAY 23, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-05-23 02:38 – Story # 1 – National bank trolls hackers […]

ORIGINALLY AIRED ON MAY 16, 2022 Articles discussed in this episode: 00:56 – Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors – https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/ 08:56 – Update rings for […]

ORIGINALLY AIRED ON MAY 9, 2022 Articles discussed in this episode: 00:00 – Bud Patches Reporting 02:27 – BHIS – Talkin’ Bout [infosec] News 2022-05-09 03:47 – Story # 1 […]

ORIGINALLY AIRED ON APRIL 25, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Broken Twitter Finger 01:38 – ISO – Talkin’ Bout [infosec] News 2022-04-26 03:08 – […]

ORIGINALLY AIRED ON APRIL 18, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-04-18 02:05 – Current Activity | CISA | https://www.cisa.gov/uscert/ncas/current-activity 02:58 – […]

ORIGINALLY AIRED ON APRIL 11, 2022 Articles discussed in this episode: The US Navy had cybersecurity wrong. Expect change. – https://www.c4isrnet.com/digital-show-dailies/navy-league/2022/04/05/us-navy-had-cybersecurity-wrong-expect-change/ Hackers have found a clever new way to steal […]

ORIGINALLY AIRED ON APRIL 4, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Blame it on the Intern 06:24 – Spring Time for Java – https://www.darkreading.com/application-security/zero-day-vulnerability-discovered-in-java-spring-framework 09:10 […]

ORIGINALLY AIRED ON MARCH 28, 2022 Articles discussed in this episode: 01:42 – Suspected Okta hackers arrested by British police – https://www.reuters.com/world/uk/british-police-say-seven-people-arrested-after-okta-hack-2022-03-24/ 11:16 – A Closer Look at the LAPSUS$ […]

ORIGINALLY AIRED ON MARCH 22, 2022 Articles discussed in this episode: 00:00 – BHIS – 2022-03-22 Special Newscast –Okta and Microsoft — Everything’s not burning down 10:27 – https://github.com/SigmaHQ/sigma/tree/master/rules/cloud/okta 13:29 […]

ORIGINALLY AIRED ON MARCH 21, 2022 Articles discussed in this episode: 03:27 – Netflix to clamp down on password sharing – https://about.netflix.com/en/news/paying-to-share-netflix-outside-your-household 10:15 – Ransomeware is still a thing 12:31 […]

ORIGINALLY AIRED ON MARCH 7, 2022 Articles discussed in this episode: 00:08:57 – Hacker Group Anonymous and Others Targeting Russian Data – https://www.websiteplanet.com/blog/cyberwarfare-ukraine-anonymous/

ORIGINALLY AIRED ON FEBRUARY 28, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Off-Brand Trickx 00:43 – BHIS – Talkin’ Bout [infosec] News 2022-02-28 02:40 – BHIS […]

ORIGINALLY AIRED ON FEBRUARY 7, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — I’m a Rocket Mail 01:21 – BHIS – Talkin’ Bout [infosec] News 2022-02-07 02:18 […]

ORIGINALLY AIRED ON JANUARY 31, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Legions of the Undead 01:26 – BHIS – Talkin’ Bout [infosec] News 2022-01-31 04:06 […]

ORIGINALLY AIRED ON JANUARY 24, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — The Monkey Dance 00:25 – BHIS – Talkin’ Bout [infosec] News 2022-01-24 01:49 – […]

ORIGINALLY AIRED ON JANUARY 17, 2022 Articles discussed in this episode: 0:00:00 – PreShow Banter™ — Whose Ears Are Buring? 0:01:06 – BHIS – Talkin’ Bout [infosec] News 2022-01-17 0:02:27 […]

ORIGINALLY AIRED ON JANUARY 10, 2022 Articles discussed in this episode: 01:58 – Story # 1: WordPress Core Vulnerabilities – https://www.searchenginejournal.com/wordpress-core-vulnerabilities/432042/#close 11:32 – Story # 2: Card-stealing code on over […]

ORIGINALLY AIRED ON JANUARY 4, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Who’s Job Is It Anyway? 00:20 – BHIS – Talkin’ Bout [infosec] News 2022-01-04 […]

This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand.  In this webcast, we cover […]

ORIGINALLY AIRED ON DECEMBER 20, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Getting Nerdy With It 04:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-20 – […]

Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology […]

At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their […]

ORIGINALLY AIRED ON DECEMBER 13, 2021 00:00 – PreShow Banter™ 09:41 – FEATURE PRESENTATION: The Floor is Java – Log4Shell / Log4J 10:26 – Lets Jump In 11:31 – Oh No… […]

ORIGINALLY AIRED ON DECEMBER 6, 2021 Articles discussed in this episode: 00:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-06 02:57 – Story # 1: Apple AirTag Car Thefts – […]

Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser […]

ORIGINALLY AIRED ON NOVEMBER 22, 2021 Articles discussed in this episode: Story # 1: Chinese Team Up With Russia To Launch US Cybersecurity Assault – https://hothardware.com/news/chinese-hackers-team-up-with-russian-ransomware-gang Story # 2: The FBI […]

ORIGINALLY AIRED ON NOVEMBER 15, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-11-15 02:22 – Story # 1: Robinhood data breach – https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/ 07:27 […]

ORIGINALLY AIRED ON November 08, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — God’s Waiting Room 03:08 – BHIS – Talkin’ Bout [infosec] News 2021-11-08 04:50 – […]

Have you ever seen a call for papers for a conference and thought to yourself that you’d like to submit a talk and then immediately thought, oh never mind? Have […]

ORIGINALLY AIRED ON OCTOBER 25, 2021 Articles discussed in this episode: 01:42 – Story # 1: https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/ 06:34 – Story # 2: https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ 11:50 – Story # 3: https://www.pcgamer.com/hackers-drain-cryptocurrency-accounts-of-thousands-of-coinbase-users/ 23:47 […]

ORIGINALLY AIRED ON OCTOBER 11, 2021 Articles discussed in this episode: 00:21 – Story # 1: Facebook Aftermath | https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ 09:17 – Story # 2: Twitch Source Code | https://www.theregister.com/2021/10/06/twitch_data_leak/ […]

ORIGINALLY AIRED ON OCTOBER 4, 2021 Articles discussed in this episode: 00:57 – Story # 1: Facebook is Burning 22:09 – Story # 2: https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/ 25:38 – Story # 3: […]

ORIGINALLY AIRED ON SEPTEMBER 27, 2021 Articles discussed in this episode: 01:20 – Story # 1: https://habr.com/en/post/579714/ 02:14 – Story # 1b: https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/ 02:54 – Story # 1c: https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/ 04:03 […]

In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, […]

ORIGINALLY AIRED ON SEPTEMBER 20, 2021 Articles discussed in this episode: 00:55 – Story # 1: https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/ 19:45 – Story # 2: https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware 27:45 – Story # 3: https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336 41:19 […]

Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices […]

ORIGINALLY AIRED ON SEPTEMBER 13, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13 02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ 04:43 – Story # […]

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where […]

ORIGINALLY AIRED ON SEPTEMBER 7, 2021 Articles discussed in this episode: 02:14 – Story # 1: https://therecord.media/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks 06:17 – Story # 2: https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds 08:30 – Story # 3: https://taskandpurpose.com/news/air-force-cybersecurity-nicolas-chaillan/ 10:29 […]

ORIGINALLY AIRED ON AUGUST 30, 2021 Articles discussed in this episode: 01:38 – Story # 1: https://carbuzz.com/news/tom-cruise-couldnt-stop-thieves-stealing-his-bmw-7-series 14:45 – Story # 2: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru 23:24 – Story # 3: https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/ 27:37 […]

ORIGINALLY AIRED ON AUGUST 23, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — A Case of the Mondays 04:14 – Talkin’ Bout [InfoSec] News 2021-08-23 05:24 – […]

ORIGINALLY AIRED ON AUGUST 16, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-16 01:34 – Story # 1: https://youtu.be/WqD-ATqw3js 05:50 – Story # 2: […]

Originally Aired on August 10, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-10 — The Ransomware Intro 03:18 – Story # 1: https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life 15:58 […]

Originally Aired on August 2, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-02 — Gold Foil Hats 05:18 – Story # 1: https://hothardware.com/news/microsoft-printnightmare-hack-grants-windows-admin-privileges 10:40 […]

Originally Aired on July 26, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-26 03:54 – Story # 1: https://cyberworkx.in/2021/07/24/new-windows-attack-petitpotam-forces-windows-hosts-to-share-ntlm-hashes/ 18:53 – Story # 2: […]

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can […]

Originally Aired on July 19, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-19 02:18 – Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm 13:15 – Story # 2: […]

Originally Aired on July 12, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-12 01:56 – Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ 03:09 – Russia’s R.A.R.E. Program […]

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]

Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – 2021-04-01 – PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ 05:29 – You’re So […]

Originally Aired on July 6, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-06 02:32 – Story # 1 – CISA self-assessment audit tool – […]

Originally Aired on June 28, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Way West Recap06:38 – Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/12:58 – Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware19:41 – […]

Originally Aired on June 1, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Fishing Attacks 02:40 – Story 1: https://m1racles.com/ 05:33 – Story 2: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ 11:26 – […]

In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being […]

Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP […]

There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this […]

Originally Aired on May 10, 2021 Articles discussed in this episode: https://whyy.org/segments/the-greatest-hoax-on-earth/ https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/ https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/ https://www.macrumors.com/2021/05/10/hacked-airtag-links-to-custom-url-lost-mode/ https://jalopnik.com/security-researchers-hack-a-tesla-from-a-drone-1846833249

This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple […]

Originally Aired on May 5, 2021 Articles discussed in this episode:

Originally Aired on May 3, 2021 Articles discussed in this episode:

Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR […]

Originally Aired on April 26, 2021 Articles discussed in this episode: https://usdaynews.com/celebrities/celebrity-death/dan-kaminsky-death-cause/ https://signal.org/blog/cellebrite-vulnerabilities/ https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/ https://youtu.be/G0gOAvpGoJg

Originally Aired on April 19, 2021 Articles discussed in this episode:

Originally Aired on April 12, 2021 Articles discussed in this episode:

Originally Aired on April 7, 2021 Articles discussed in this episode: https://www.scmagazine.com/home/security-news/phishing/array-of-recent-phishing-schemes-use-personalized-job-lures-voice-manipulation/ https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report https://www.securityweek.com/white-hats-earn-440000-hacking-microsoft-products-first-day-pwn2own-2021 https://www.infosecurity-magazine.com/news/consulting-firm-data-breach/ https://github.com/Neo23x0/Raccine https://github.com/ralphte/build_a_phish https://support.microsoft.com/en-us/windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3 https://www.infosecurity-magazine.com/news/florida-school-district-40m-ransom/

Originally Aired on April 5, 2021 Articles discussed in this episode:

Originally Aired on March 29, 2021 Articles discussed in this episode:

Originally Aired on March 24, 2021 Articles discussed in this episode:

During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and […]

Originally Aired on March 22, 2021 Articles discussed in this episode:

Originally Aired on March 17, 2021 Articles discussed in this episode: https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-014.pdf https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/ https://twitter.com/PythonResponder/status/1372023079719817218?s=20

The Livestream of our first Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version of the game was a success! If you have STEAM / TABLETOP SIMULATOR […]

It is another year for the Sacred Cash Cow Tipping Webcast. For those of you who are new to our email list within the past year, this is a webcast […]

Originally Aired on March 8, 2021

Originally Aired on March 3, 2021 Articles discussed in this episode: https://www.msn.com/en-us/money/other/microsoft-these-exchange-server-zero-day-flaws-are-being-used-by-hackers-so-update-now/ar-BB1ec0In

Originally Aired on March 1, 2021 Articles discussed in this episode:

Originally Aired on February 24, 2021 Articles discussed in this episode:

Originally Aired on February 22, 2021 Articles discussed in this episode:

Originally Aired on February 17, 2021 Articles discussed in this episode:

Originally Aired on February 8, 2021 Articles discussed in this episode:

Originally Aired on February 1, 2021 Articles discussed in this episode:

ORIGINALLY AIRED ON JANUARY 25, 2021

ORIGINALLY AIRED ON JANUARY 20, 2021 Articles discussed in this episode:

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint […]

Originally aired on January 13, 2021 Articles discussed in this episode:

This blog was written in conjunction with Wild West Hackin’ Fest. Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, […]

Originally aired on December 21, 2020 Articles discussed in this episode: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ https://theintercept.com/2020/12/17/russia-hack-austin-texas/

Originally aired on December 14, 2020 Articles discussed in this episode:

Originally aired on December 11, 2020 Articles discussed in this episode:

Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many […]

Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you […]

Originally aired on November 30, 2020 Articles discussed in this episode:

Originally aired on November 19, 2020 Articles discussed in this episode:

Originally aired on November 11, 2020 Articles discussed in this episode:

Originally aired on 11/09/2020 Articles discussed in this episode:

Originally aired on October 26, 2020.

Originally aired on October 21, 2020.

Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst […]

They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools […]

Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of […]

John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on […]

Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing […]

CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, […]

Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can […]

This is a joint webcast between Black Hills Information Security and the Wild West Hackin’ Fest conference. We hate ransomware. Like a lot. This is because we feel this is […]

So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to […]

Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. […]

In this Black Hills Information Security webcast John breakdowns why he hates threat intelligence… Again… But, he breaks down some of the cool new projects that are focusing on durable […]

Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on […]

Job hunting? Looking for a career change? Still in college and want to know how to get started now in your career? If you answered yes to any of these […]

Join the BHIS Discord discussion server: https://discord.gg/aHHh3u5 We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast […]

I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. You don’t need a big […]

This is a joint webcast from Black Hills Information Security and Active Countermeasures. How many of us have tried some new configuration option, utility, or hardware on a production environment, […]

What does it mean to work from home across your corporate VPN? What exactly is VPN? Is your home office prepared? How can you improve and better secure your home […]

The team at Black Hills Information Security and Wild West Hackin’ Fest had to pivot from doing an in-person information security conference in San Diego to a 100% virtual conference […]

In this webcast, we will cover what we can do if we think there is a breach on our network. We will cover live forensics, cool PowerShell scripts, network, and […]

Do you know what your attackers know? There’s a good chance you know, but you might not be aware of just how much information can be found historically and in […]

In this webcast, we have our friend Hal Pomeranz sharing his massive knowledge on Linux. If you’re new to Linux, or if you know it and just want to hear […]

Backdoors & Breaches kind of took off. In case you don’t know, Backdoors & Breaches is an Incident Response Card Game to help people better understand the various attacks and defenses used […]

Ever wanted to get started in cyber deception? Ever wanted to do it for free? In this BHIS webcast, we will cover some basic, legal, and easy tools/techniques to get […]

Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend […]

Want to learn how attackers bypass endpoint products? Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco […]

BHIS’ Defensery Driven Duo Delivers Another Delectable Transmission! We know you are worried about your networks. After hours of discussion, we’ve come to the realization that some of our dedicated […]

Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend […]

Download slides: https://www.activecountermeasures.com/presentations In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!! Originally recorded […]

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to […]

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour podcast, originally recorded as […]

Take a good look at Bitcoin right now… these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely […]

Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to […]

For this podcast we cover a couple of different topics. First, we talk about how to password spray in a non-attributable sort of way. Beau found a way to obfuscate […]

In this webcast we cover some of the core tools we use all the time at Black Hills Information Security. However, there’s a twist. We don’t talk about Nessus, Nmap, […]

Yes.. Ethical Hacker Kids. The holidays are coming up! Here John & Jordan cover the different games, tools and gifts we can give kids that help teach them the trade. […]

Over the past few months, we have discovered a couple trends that organizations seem to be missing. No silver bullets, just some general vulnerability issues we are seeing again and […]

Join John as he covers what he and the BHIS Systems team have been working on lately – creating a C2/Implant/Malware test bed. Testing our C2/malware solutions is important because […]

John Strand shares some of his own journey into information security and also his ideas and tips for those wanting to get into the industry from the start, or those […]

Join special guest Chris Brenton, COO of Active Countermeasures, as he discusses the anatomy of beacons and why you need to be looking for them during a threat hunt. He […]

Dakota Nelson // Dakota talks about the pentester pyramid of pain and the different types of tests available from an information security firm. See his slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7404264/ Extra links & […]

Join John Strand as he continues his Attack Tactic series this time with the defense ideas for the attacks mentioned in episode 3 (see more here) To see the entire […]

// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real […]

CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. […]

Join Beau Bullock and Mike Felch as they talk about ways to learn more, network and wake up your inner hacker. See the full episode here and look at the slides […]

John Strand talks about how BHIS pen tests companies who use the cloud. Want to know how you can defend against attacks in your cloud infrastructure? Keep your eyes peeled for […]

Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra. Check out these links: How […]

Sally Vandeven & David Fletcher // This is the podcast version of Sally & David’s webcast. For the whole webcast see our webcast post. Links that are mentioned in this […]

Matt Toussain goes through how Mailsniper can be the penetration tester’s best friend. If you haven’t been using this tool in your tests you might start now! Check out the […]

John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/

This is the audio only version of John’s webcast about how we would attack your company during a pentest. Grab his slides here:  https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/