Talkin' Bout [Infosec] News

In this podcast (originally recored as a live webcast), we talk about the 2020 End of Life for Python2. We address what the short, and medium term impacts will likely be. Key language differences will be highlighted with techniques to modify your code to be forward compatible. As a SANS instructor teaching SEC573: Automating Information Security with Python, over the past three years, I have steadily moved my teaching materials, examples, demonstrations and personal coding to Python3. In this process, I have had to break habits and learn new habits to write Python3 compatible scripts. I also spend considerable effort showing people how to write Python2 scripts which are forward compatible with Python3 in order to ease the transition. The largest barrier that most people struggle with is the idea that Python3 has changed the default string encoding to UTF-8 rather than simple byte encoding. Once you learn how to manage your string objects, the remaining transition issues are mostly modern improvements to the language which most people consider advantageous to adopt. Since Python2 will no longer have active releases after 2020, it is important to embrace the change and move forward with the Python scripting community.

Download slides: https://www.activecountermeasures.com/presentations In this webcast we walk through the step-by-step defenses to stop the attackers in every step of the way we showed in Attack Tactics Part 5!!!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester performs up front.

Lately, it seems like recon is just not getting as much love as it should. Well, time to change that. In this podcast, we discuss some new tips and tricks... And!!!! We released a new tool -- FireProxStrategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester performs up front. Often times testers only resort to using publicly available tools which can overlook critical assets.In this one-hour BHIS podcast, we begin by examining some commonly overlooked methods to discover external resources. Next, we show how to discover employees of a target organization and quickly locate their social media accounts. Finally, we strategically identify and weaponize personal information about the employees to target the organization directly using new attack techniques. Listeners will learn an external defense evasion method, a new process to gain credentialed access, and we'll give a demo on a newly released tool — FireProx!While the approach is designed to assist offensive security professionals, the webcast will be informative for technical and non-technical audiences; demonstrating the importance of security-awareness for everyone- BHIS

In this BHIS podcast, originally recorded as a live webcast, we cover some new techniques and tactics on how to track attackers via various honey tokens.  We cover how to track with Word Web Bugs in ADHD, and cover the awesome toolkit from Thinkst.

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call BYOI (Bring Your Own Interpreter). Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! We also cover some basic .NET & C# concepts in order to understand why this is possible and all the hype surrounding offensive C# tradecraft. Additionally, we demo SILENTTRINITY, a post-exploitation tool we have developed that attempts to weaponize the BYOI concept *AND* dropped a pretty huge update for it live during the webcast! This podcast was originally recorded on 2/14/2019 as a live webcast with our very own Marcello Salvati. P.S — You can get SILENTTRINITY here: https://github.com/byt3bl33d3r/SILENTTRINITY Also, you can now register for our Cyber Deception class at Black Hat 2019 here: https://www.blackhat.com/us-19/training/schedule/index.html#a-guide-to-active-defense-cyber-deception-and-hacking-back-14124

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?  In this one-hour podcast, originally recorded as a live webcast, we introduce a somewhat new Red Team approach that we call...

We all know what threat hunting is in general terms; it's when we actively search our network for compromised systems. But what does that mean exactly and what process should we be following? Can I simply check network traffic to see if the evil bit is set, or is there a bit more to it than that? In this podcast, originally recorded as a live webcast, we walk you through the methodology of doing a network threat hunt. We talk about what steps to perform and in what order. We also look at some of the tools and online resources you can leverage to expedite the process. In short, this podcast is be a runbook you can leverage for validating the integrity of each of your internal endpoints.

http://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Blockchain_and_You_Feb2019.mp3 Take a good look at Bitcoin right now… these are the unlucky ones. These are the unfortunate souls who jumped on another overinflated balloon. But, does this Bitcoin crash completely undermine all blockchain technologies? Since Bitcoin is crashing and burning we figured it would be a good time to have a webcast on blockchain security issues and why blockchain still matters.   Is it all hype? Is it all just a slow-motion train wreck? Why, exactly, should a security practitioner care?  There are so many cool applications, and more than a few crazy, stupid applications.  With the crazy applications comes crazy security issues… beyond the 51% attack. This podcast was recorded as a live webcast on 2/3/2019 We were joined by Beau Bullock, BHIS Tester, and host the Coinsec Podcast. And no… we did not give investment advice. Please, please do not ask us what coin is the best to get a 1,000% return on investment in 12 months.  We all got enough of that crap over the holidays. That and fixing printers and fax machines. For Penetration Testing, Security Assessments, Red Team Engagements, and Threat Hunting: Contact Us! Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.

Yet again it is time for another edition of Sacred Cash Cow Tipping! Or, “Why do these endpoint security bypass techniques still work? Why?” The goal of this is to share just some of the ways Black Hills Information Security bypassed endpoint security ...