Parsing Sysmon Logs on Microsoft Sentinel
Jordan Drysdale // Tl;dr: Many parsers have been written and several are referenced here. This blog describes a simple parser for Sysmon logs through Event ID (EID) 28 for Microsoft […] The post...
View ArticleYour Browser is Not a Safe Space
Corey Ham // Tl;dr Use a password manager instead of browser storage for passwords, credit card numbers, and other autofill items. Personal security: Do not save anything sensitive in […] The post...
View ArticleSsh… Don’t Tell Them I Am Not HTTPS: How Attackers Use SSH.exe as a Backdoor...
Derek Banks // Living Off the Land Binaries, Scripts, and Libraries, known as LOLBins or LOLBAS, are legitimate components of an operating system that threat actors can use to achieve […] The post...
View ArticleGot Enough Monitors?
Carrie Roberts // Guest Blog OK, I admit it: I might have a problem. But seriously, can you ever really have enough screen space? In this blog post, I’ll describe […] The post Got Enough Monitors?...
View ArticleField Guide to the Android Manifest File
kassie@blackhillsinfosec.com The post Field Guide to the Android Manifest File appeared first on Black Hills Information Security.
View ArticleGenymotion – Proxying Android App Traffic Through Burp Suite | Cameron Cartier
Mobile App Testing is a category showing no signs of slowing down. In this video, BHIS tester Cameron Cartier walks us through linking Genymotion to Burp Suite for traffic monitoring. […] The post...
View ArticleShenetworks Recommends: 9 Must Watch BHIS YouTube Videos
shenetworks // The Black Hills Information Security YouTube channel has over 400 videos available. Over the past year, I have attended many webcasts and explored plenty of the videos. I […] The post...
View ArticleIf You Don’t Ruse, You Lose: A Simple Guide to Blending in While Breaking In
Joseph Kingstone // Are you assigned a physical penetration test and want to fly under the radar and meet all of your objectives like the elite hacker you are? Stick around […] The post If You Don’t...
View ArticleAuditd Field Spoofing: Now You Auditd Me, Now You Auditdon’t
moth // Introduction One fateful night in June of 2022, Ethan sent a message to the crew: “Anyone know ways to fool Auditd on Linux? I’m trying to figure out how to change the auid (audit […] The...
View ArticleDynamic Device Code Phishing
rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […] The post...
View Article
More Pages to Explore .....