OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.).

The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc..

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start?

The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..

In today’s interconnected digital world, information security has become a critical concern for individuals, businesses, and governments alike. Cyber threats, which encompass a wide range of malicious activities targeting information systems, pose significant risks to the confidentiality, integrity, and availability of data.

The post Common Cyber Threats appeared first on Black Hills Information Security, Inc..

Jordan Drysdale & Kent Ickler // TL;DR Look for links, download them. Look for GPOs, import them. Look for screenshots, for guidance. Sysmon + Windows Audit Policies + Event Collectors […]

The post How To Deploy Windows Optics: Commands, Downloads, Instructions, and Screenshots appeared first on Black Hills Information Security, Inc..

Setting goals is a deceptively simple career skill we all know is important, but how do you set goals you’re actually excited to work towards?

The post How to Set Smart Goals (That Actually Work For You) appeared first on Black Hills Information Security, Inc..

Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

The post Bypassing WAFs Using Oversized Requests appeared first on Black Hills Information Security, Inc..

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

The post The Top Ten List of Why You Got Hacked This Year (2023/2024)  appeared first on Black Hills Information Security, Inc..

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]

The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security, Inc..

by Gerald Auger of Simply Cyber // Guest Author You want to break into cybersecurity? That’s AWESOME. I’ve been in the field for 20 years and I LOVE IT! But […]

The post How to Get a Job in Cybersecurity appeared first on Black Hills Information Security, Inc..

by Amanda Berlin of Mental Health Hackers This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 […]

The post Mental Health – An Infosec Challenge appeared first on Black Hills Information Security, Inc..

by Martin Pearson || Guest Author This article was originally published in the second edition of the InfoSec Survival Guide. Find it free online HERE or order your $1 physical […]

The post Build a Home Lab: Equipment, Tools, and Tips appeared first on Black Hills Information Security, Inc..

| Niccolo Arboleda | Guest Author Niccolo Arboleda is a cybersecurity enthusiast and student at the University of Toronto. He is usually found in his home lab studying different cybersecurity […]

The post At Home Detection Engineering Lab for Beginners appeared first on Black Hills Information Security, Inc..

The potential leaking of confidential information can pose a significant security risk for any organization. When sensitive details (i.e., API keys, passwords, cryptographic keys, and other credentials) are unintentionally committed […]

The post Rooting For Secrets with TruffleHog appeared first on Black Hills Information Security, Inc..

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]

The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security, Inc..

Dale Hobbs // One thing that I almost always find when performing an internal network penetration test is Simple Network Management Protocol (SNMP) configured with default community strings. Simple Network […]

The post SNMP… Strings Attached! appeared first on Black Hills Information Security, Inc..

Kent Ickler // It’s been over two years since Jordan and I talked about a Blue Team’s perspective on Red Team tools.   A Blue Team’s Perspective on Red Team Hack […]

The post PlumHound Reporting Engine for BloodHoundAD appeared first on Black Hills Information Security, Inc..

Penetration Testing is often considered a dark art that’s shrouded in mystery. This unfortunate perception can hold back organizations from being more secure and keep people from an exciting career. […]

The post Webcast: Pentester Tactics, Techniques, and Procedures TTPs w/ Chris Traynor appeared first on Black Hills Information Security, Inc..

The post Webcast: Coercions and Relays – The First Cred is the Deepest w/ Gabriel Prud’homme appeared first on Black Hills Information Security, Inc..

The post Webcast: Offensive Windows Event Logs w/ Tim Fowler appeared first on Black Hills Information Security, Inc..

The post Webcast: Demystifying Web3 Attack Vectors, w/ Beau Bullock and Steve Borosh appeared first on Black Hills Information Security, Inc..