Black Hills Information Security

Originally aired on December 21, 2020 Articles discussed in this episode: * https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ * https://theintercept.com/2020/12/17/russia-hack-austin-texas/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/

Originally aired on December 14, 2020 Articles discussed in this episode: * https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage * https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html * https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/ * https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680 * https://www.solarwinds.com/solutions/orion Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on December 11, 2020 Articles discussed in this episode: * https://www.nobandwidth.io/ * https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html * https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools * https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/ * https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/ * https://capricocave.wordpress.com/2020/12/10/docker-botnets/ * https://www.trustedsec.com/blog/4-free-easy-wins-that-make-red-teams-harder/ * https://arstechnica.com/tech-policy/2020/12/florida-posted-the-password-to-a-key-disaster-system-on-its-website/ Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple to configure. If you’ve ever watched someone else use Burp, you’ve no doubt picked up something useful from them: everyone seems to have their own tricks for getting more out of it. In this live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp for his own webapp and Web API pentests. Then he’ll show the settings, tools, and BApp Store Extensions that help him perform better tests. If you have any responsibility related to webapps – even if it’s not pentesting them – you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you’ll find a thing or two you can take back and use on your next security assessment. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Special Guests: The Innocent Lives Foundation 0:29:12 – FEATURE PRESENTATION: Getting Started With Burp Suite 0:32:33 – Initial Setup After install 0:45:25 – A Quick Run-Through Burp Suite 1:22:08 – We Has Questions? Outline for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/12/SLIDES_GettingStartedWithBurpSuiteOutline.pdf Show Notes: * BHIS SWAG STORE! https://spearphish-general-store.myshopify.com/ * https://wildwesthackinfest.com/training/ * https://github.com/snoopysecurity/awesome-burp-extensions * https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/ * https://bitbucket.org/mrbbking/quieter-firefox/src

Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in order to expose any command line interface (CLI) tools your packaging. Additionally, you also need to manage dependencies, keep them in sync with your requirements.txt files and install third-party applications in order to upload them to Pypi. That’s after you even manage to setup a proper development environment and necessary virtual environments for your dependencies. Ever wonder if there’s a simpler solution that takes care of everything for you? In this Black Hills Information Security (BHIS) webcast, Marcello will show you how to make the entire Python development & packaging process as short and simple as a Haiku (https://python-poetry.org/). He’ll also show you the setup/workflow that he uses for all of his Python projects and throw in some pro tips along the way. Missed the first episode? Check out Pretty Little Python Secrets—EP 1—Installing Python Tools/ Libraries the Right Way- Marcello Salvati — https://youtu.be/ieyRV9zQd2U Join the Black Hills Information Security Discord Community — https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Everybody Leaves West Virginia 0:12:15 – FEATURE PRESENTATION: Making Python Packaging Haiku Simple 0:16:56 – Why and How to Package Python? 0:23:26 – What Are All These Files? 0:31:28 – How to Upload the Dang Thing 0:37:01 – Setup a Development Environment? 0:42:44 – Pipenv! 0:46:52 – Pipenb Solves, but Also Creates Problems 0:49:21 – Poetry Corner 0:58:11 – Cookiecutter Automation

Originally aired on November 30, 2020 Articles discussed in this episode: * https://www.computerweekly.com/news/252491324/Surge-in-Ryuk-ransomware-attacks-has-hospitals-on-alert * https://www.baltimoresun.com/maryland/baltimore-county/bs-md-co-what-to-know-schools-ransomware-attack-20201130-2j3ws6yffzcrrkfzzf3m43zxma-story.html * https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on November 19, 2020 Articles discussed in this episode: * https://duo.com/blog/the-great-dns-vulnerability-of-2008-by-dan-kaminsky * https://blog.cloudflare.com/sad-dns-explained Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on November 11, 2020 Articles discussed in this episode: * https://www.darkreading.com/attacks-breaches/malware-hidden-in-encrypted-traffic-surges-amid-pandemic/d/d-id/1339420 * https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/ Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on 11/09/2020 Articles discussed in this episode: * https://www.darkreading.com/threat-intelligence/6-ways-passwords-fail-basic-security-tests/d/d-id/1339299 * https://www.infosecurity-magazine.com/news/national-guard-uvm-health-network/ * https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on October 26, 2020. Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Originally aired on October 21, 2020. Ready to learn more? Level up your skills with affordable classes from Antisyphon! Pay-What-You-Can Training Available live/virtual and on-demand

Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through a AI powered single pane of glass. Security has been and will continue to be, hard. This webcast will help people who are getting started be more successful and hopefully happier in their jobs. I mean, we can’t make people happy. But, being good at one’s job is a good step in that direction. The rest is on you. We also cover some techniques that can be used to help stop SOC burnout. Because that is a real thing….. It is a real thing that many SOC analysts go through. When they do, they often entertain dreams of getting out of security and buying a food truck. Let’s help stop that. The world does not need another mediocre falafel truck powered by the crushed hopes and dreams of another infosec burnout. Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_TheSOCAge.pdf Join the BHIS Discord Community — https://discord.gg/aHHh3u5 “Pay What You Can” SOC Core Skills 16-Hour Training Course: https://wildwesthackinfest.com/online-training/soc-core-skills-john-strand/ 0:00:00 – PreShow Banter™ – A Weird Flex 0:12:24 – FEATURE PRESENTATION: SOC Analyst Key Skills 0:16:53 – Server Analysis 0:20:13 – There’s A Guide For That 0:26:54 – Memory Forensics 0:34:16 – Egress Traffic Analysis 0:43:39 – Logs Are Better Than Bad, They’re a Train Wreck 0:48:40 – “False Positives”

Slides They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be your guide into the unknown. We ALL can benefit from being mentored and being a mentor. In this live Black Hills Information Security (BHIS) webcast, we’ll discuss:– How to know if you need a mentor– How to find a mentor– How to be a mentor– How to be a mentee– How to ask someone to be a mentor– Multiple mentors– Difference between mentors, friends, tutors, career counselors, etc.– What to discuss during a mentoring session– How to make the best use of everyone’s time– When to end a mentoring relationship Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_InfoSecMentoring_HowtoFindandBe.pdf Join Our BHIS Discord Community – https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ – We’re There, Trust Us 0:07:33 – PreShow Banter™ – Trace Labs CTF 0:24:47 – FEATURE PRESENTATION: InfoSec Mentoring 0:28:23 – Mentors, the Fresh Maker™ 0:30:27 – How To Find a Cult Leader, I Mean Mentor. 0:34:37 – B-Sides Orlando DEMO 0:42:17 – How To Be a Mentor 0:56:12 – How to Be A Mentee 1:03:42 – Your Moment of Self-Doubt 1:05:34 – Will You Be My Mentor? 1:11:56 – Reach Out 1:14:41 – Multiple...

Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for Purple Teaming in the information security community, they have invited Roberto Rodriguez & Nate Guagenti (HELK Project, Mordor) and Marcello Salvati (CrackMapExec, SILENTTRINITY) to discuss the collision of OSS Hunting and Adversarial Emulation platforms, with additional commentary from John Strand. The group will discuss Roberto Rodriguez (@Cyb3rWard0g) and Nate Guagenti’s (@neu5ron) development and maintenance of the HELK project while focusing on the ongoing development of Mordor, Datasets, and Azure Resource Manager templates. Joining the world-class hunters is Marcello Salvati (Byt3bl33d3r), developer of CrackMapExec and SILENTTRINITY to continue the discussion of OSS adversarial simulation. John Strand will add commentary on the history of adversarial simulation, hunting, and where the industry may be headed. Webcast Hosts: * Jordan Drysdale @rev10d * Kent Ickler @krelkci Special Guests: * Roberto Rodriguez @cyb3rward0g * Nate Guagenti @neu5ron * Marcello Salvatti @byt3bl33d3r * John Strand @strandjs Join the BHIS Community Discord https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WhenWorldsCollide.pdf 00:00:00 – PreShow Banter™ — We’ve Lost Control 00:10:47 – FEATURE PRESENTATION: When Worlds Collide 00:14:26 – Threat Intelligence Sharing 00:25:57 – Won’t Stop Can’t Stop 00:32:06 – A Tired Community 00:38:54 – Re...

John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how to effectively deal with chafing, don’t drink the water, choosing the right shoes, presenting to management, seriously, chafing is a problem, chickens, getting over impostor syndrome, becoming a PowerPoint ninja, every piece of presenting advice you have ever heard is wrong, using your podium as a weapon, shutting down trolls and tips for presenting in the dark, with no heat/AC and very little water… to over 100 people, and keeping them all happy. BHIS Discord Community https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowToPresent.pdf 00:00:00 – PreShow Banter™ — War Stories 00:12:33 – PreShow Banter™ — WWHF 09-2020 Preview 00:15:52 – FEATURE PRESENTATION: How To Present 00:26:25 – Lessons! 00:43:42 – Don’t Drink the Water 00:46:34 – Imposter 00:59:02 – Keynote Presentations 01:07:30 – Projections 01:17:32 – The Boss Level 01:20:15 – Conversations That Matter 01:26:54 – End of Show Questions