Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots.

The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

Imagine this: You’re an attacker ready to get their hands on valuable data that you can sell to afford going on a sweet vacation. You do your research, your recon, everything, ensuring that there’s no way this can go wrong. The day of the attack, you brew some coffee, crack your knuckles, and get started. A few hours into the service scan, you come to realize that all the network ports are open, but in use.

The post GoSpoof – Turning Attacks into Intel  appeared first on Black Hills Information Security, Inc..

But what if we need to wrangle Windows Event Logs for more than one system? In part 2, we’ll wrangle EVTX logs at scale by incorporating Hayabusa and SOF-ELK into my rapid endpoint investigation workflow (“REIW”)! 

The post Wrangling Windows Event Logs with Hayabusa & SOF-ELK (Part 2) appeared first on Black Hills Information Security, Inc..

Remember the good ‘ol days of Zip drives, Winamp, the advent of “Office 365,” and copy machines that didn’t understand email authentication? Okay, maybe they weren’t so good! For a […]

The post Stop Spoofing Yourself! Disabling M365 Direct Send appeared first on Black Hills Information Security, Inc..

Active Directory Certificate Services (ADCS) is used to manage certificates for systems, users, applications, and more in an enterprise environment. Misconfigurations in ADCS can introduce critical vulnerabilities into an enterprise Active Directory environment.

The post Detecting ADCS Privilege Escalation appeared first on Black Hills Information Security, Inc..

For those of us in cybersecurity, there are a lot of unanswered questions and associated concerns about integrating AI into these various products. No small part of our worries has to do with the fact that this is new technology, and new tech always brings with it new security issues, especially technology that is evolving as quickly as AI.

The post Caging Copilot: Lessons Learned in LLM Security appeared first on Black Hills Information Security, Inc..

Go-Spoof brings an old tool to a new language. The Golang rewrite [of Portspoof] provides similar efficiency and all the same features of the previous tool but with easier setup and useability.

The post Go-Spoof: A Tool for Cyber Deception appeared first on Black Hills Information Security, Inc..

I’ve been a web application pentester for a while now and over the years must have found hundreds of cross-site scripting (XSS) vulnerabilities.1 Cross-site scripting is a notoriously difficult problem […]

The post Canary in the Code: Alert()-ing on XSS Exploits appeared first on Black Hills Information Security, Inc..

Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities […]

The post One Active Directory Account Can Be Your Best Early Warning appeared first on Black Hills Information Security, Inc..

By Erik Goldoff, Ray Van Hoose, and Max Boehner || Guest Authors This post is comprised of 3 articles that were originally published in the second edition of the InfoSec […]

The post Blue Team, Red Team, and Purple Team: An Overview appeared first on Black Hills Information Security, Inc..

| Nigel Douglas As a Developer Advocate working on Project Falco, Nigel Douglas plays a key role in driving education for the Open-Source Detection and Response (D&R) segment of cloud-native […]

The post Better Together: Real Time Threat Detection for Kubernetes with Atomic Red Tests & Falco appeared first on Black Hills Information Security, Inc..

Troy Wojewoda // In honor of Shark Week1, I decided to write this blog to demonstrate various techniques I’ve found useful when analyzing network traffic with Wireshark, as well as […]

The post Welcome to Shark Week: A Guide for Getting Started with Wireshark and TShark appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […]

The post Parsing Sysmon Logs on Microsoft Sentinel appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // Overview The following description of some of Impacket’s tools and techniques is a tribute to the authors, SecureAuthCorp, and the open-source effort to maintain and extend the code. […]

The post Impacket Defense Basics With an Azure Lab  appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // Summary! There are tons of security event management (SIEM) solutions available these days, but this blog will focus on Microsoft Sentinel. Sentinel is easy to deploy, logs […]

The post Geopolitical Cyber-Detection Lures for Attribution with Microsoft Sentinel  appeared first on Black Hills Information Security, Inc..

Have you heard of Backdoors & Breaches, or even have a deck of your own, and yet… still don’t know how to use it? We created an incident response card […]

The post How to Use Backdoors & Breaches to do Tabletop Exercises and Learn Cybersecurity appeared first on Black Hills Information Security, Inc..

Jordan Drysdale // Azure has replaced AWS in my personal development pipeline. This may sound crazy but hear me out. Microsoft has solidified its offerings, done nothing but improve its […]

The post The Azure Sandbox – Purple Edition  appeared first on Black Hills Information Security, Inc..

Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP […]

The post Backdoors & Breaches LIVE – 5/19/2021 appeared first on Black Hills Information Security, Inc..

How to make sure your antivirus is working without any malware  Michael Allen // Recently, a customer asked me if there was a way they could generate alerts from the new antivirus product they deployed without executing any actual […]

The post Is This Thing On? appeared first on Black Hills Information Security, Inc..

This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple […]

The post Webcast: Ok, Let’s Talk About Ransomware appeared first on Black Hills Information Security, Inc..