BHIS

Author, InfoSec 101, John Strand, Webcasts general infosec, new to infosec, starting infosec, webcast

WEBCAST: Your 5 Year Plan into InfoSec

John Strand // New to InfoSec? Mentoring someone new to the industry? Here’s John’s advice if he had to do it all over again. Sierra is on replying to your […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Kent Ickler Defending, Defending Websites, Distributed Fail2Ban, Fail2Ban, IPtables, Kent Ickler, Pirates, Website Defense

How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence

Kent Ickler // How to Configure Distributed Fail2Ban: Actionable Threat Feed Intelligence Fail2Ban is a system that monitors logs and triggers actions based on those logs. While actions can be […]

Read the entire post here

Red Team, Red Team Tools Amazon, cloud, Cloud Cracking, GPU Acceleration, Kali 2017, Kali GPU, Kali Linux, Password cracking

How to Crack Passwords in the Cloud with GPU Acceleration (Kali 2017)

Carrie Roberts* // How does password cracking in the cloud compare to down here on earth? Maybe not as heavenly as imagined. I saw this on the web and got […]

Read the entire post here

InfoSec 101 Career in Infosec, Dreams, How to get into infosec

How to Get into Information Security

Dear BHIS, So I’m a big fan of you guys! I took John’s SANS504 OnDemand class and I saw the light. Now what? I want to get into security, (maybe […]

Read the entire post here

How-To Blue Team, blue teaming, C2, C2 Infrastructure, Digital Ocean, Let's Encrypt, pen-testing, penetration testing, Red Team, red teaming, SSH configuration

How to Build a C2 Infrastructure with Digital Ocean – Part 1

Lee Kagan* // Deploying an offensive infrastructure for red teams and penetration tests can be repetitive and complicated. One of my roles on our team is to build-out and maintain […]

Read the entire post here

Author, How-To, Kent Ickler How to fix a referrer policy, Kent Ickler, Referrer Policy, Scott Helme, Security Headers

How To Fix a Missing Referrer-Policy on a Website

Kent Ickler // Referrer-Policy, What-What? Referrer-Policy is a security header that can (and should) be included on communication from your website’s server to a client. The Referrer-Policy tells the web browser […]

Read the entire post here

Author, How-To, Kent Ickler Content Security Policy, Kent Ickler, Scott Helme, Security Headers, web page, web site, web site configuration

How To Fix a Missing Content-Security-Policy on a Website

Kent Ickler // Content-Security-Policy-What-What? Content-Security-Policy is a security header that can (and should) be included on communication from your website’s server to a client. When a user goes to your […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts bloodhound, DLP, group policy, Hashcat, Microsoft, mitigation, Network Vulnerabilities, PowerSploit, recon, reconaissance, Windows

WEBCAST: Wrangling Internal Network Vulnerabilities

Jordan Drysdale & Kent Ickler // In this webcast, we demonstrate some standard methodologies utilized during an internal network review. We also discuss various tools used to test network defenses […]

Read the entire post here

Author, Blue Team, Blue Team Tools, Derek Banks, Joff Thyer, Webcasts Breadcrumb Trails, elasticsearch, Endpoint Monitoring, kibana, Logstash, Monitoring, NXlog, Sysmon

How To Do Endpoint Monitoring on a Shoestring Budget – Webcast Write-Up

Joff Thyer & Derek Banks // Editor’s Note: This is a more in-depth write-up based on the webcast which can be watched here. As penetration testers, we often find ourselves […]

Read the entire post here