❌

Normal view

Received yesterday β€” 10 July 2026 ⏭ Black Hills Information Security, Inc.

Finding the β€œGoldilocks” Zone: A Practical Approach to Alert Triage

We're all petrified about missing a critical event or misclassifying an alert, but when we're talking about incident response (IR), there are often hundreds if not thousands of alerts to parse through. It's easy to get caught up with one alert because it feels "too hot" or maybe not spend enough time looking into something that initially seems "too cold."

The post Finding the β€œGoldilocks” Zone: A Practical Approach to Alert Triage appeared first on Black Hills Information Security, Inc..

Received β€” 11 January 2026 ⏭ Black Hills Information Security, Inc.

Inside the BHIS SOC: A Conversation with Hayden CovingtonΒ 

By: BHIS
3 December 2025 at 15:00

What happens when you ditch the tiered ticket queues and replace them withΒ collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which isΒ where analystsΒ don’tΒ escalateΒ tickets,Β they solve them.

The post Inside the BHIS SOC: A Conversation with Hayden CovingtonΒ  appeared first on Black Hills Information Security, Inc..

Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2)

By: BHIS
1 October 2025 at 16:00

But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (β€œREIW”)!Β 

The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..

Wrangling Windows Event Logs with Hayabusa & SOF-ELKΒ (Part 1)

By: BHIS
17 September 2025 at 16:09

In part 1 of this post, we’ll discuss how Hayabusa and β€œSecurity Operations and Forensics ELK” (SOF-ELK) can help us wrangle EVTX files (Windows Event Log files) for maximum effect during a Windows endpoint investigation!

The post Wrangling Windows Event Logs with Hayabusa & SOF-ELKΒ (Part 1) appeared first on Black Hills Information Security, Inc..

Stop Spoofing Yourself! Disabling M365 Direct Send

By: BHIS
20 August 2025 at 16:00

Remember the good β€˜ol days of Zip drives, Winamp, the advent of β€œOffice 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]

The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..

Monitoring High Risk Azure LoginsΒ 

By: BHIS
12 September 2024 at 16:44

Recently in the SOC, we were notified by a partner that they had a potential business email compromise, or BEC. We commonly catch these by identifying suspicious email forwarding rules, […]

The post Monitoring High Risk Azure LoginsΒ  appeared first on Black Hills Information Security, Inc..

OSINT for Incident Response (Part 2)

Be sure to read PART 1! Metadata and a New-Fashioned Bank Robbery Let’s face it, some cases are just more interesting than others and, when you do incident response for […]

The post OSINT for Incident Response (Part 2) appeared first on Black Hills Information Security, Inc..

OSINT for Incident Response (Part 1)

Being a digital forensics and incident response consultant is largely about unanswered questions. When we engage with a client, they know something bad happened or is happening, but they are […]

The post OSINT for Incident Response (Part 1) appeared first on Black Hills Information Security, Inc..

Dynamic Device Code PhishingΒ 

rvrsh3ll //Β  IntroductionΒ  This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

The post Dynamic Device Code PhishingΒ  appeared first on Black Hills Information Security, Inc..

Webcast: Attack Tactics 7 – The Logs You Are Looking For

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_AttackTactics7LogsYouAreLookingFor.pdf So we went through an attack in the BHIS Webcast, β€œAttack Tactics 5! Zero to Hero Attack.” Then we went through […]

The post Webcast: Attack Tactics 7 – The Logs You Are Looking For appeared first on Black Hills Information Security, Inc..

❌