Author

How-To, Informational, InfoSec 301, Joff Thyer AI, AI Model Training, LLM

AI Large Language Models and Supervised Fine Tuning

This blog post is aimed at the intermediate level learner in the fields of data science and artificial intelligence. If you would like to read up on some fundamentals, here […]

Read the entire post here

Informational, Jordan Drysdale, Kent Ickler, Red Team Active Directory, AD, penetration testing, Pentesting, Shadow Credentials

Attack Tactics 9: Shadow Creds for PrivEsc w/ Kent & Jordan

In this video, Kent Ickler and Jordan Drysdale discuss Attack Tactics 9: Shadow Credentials for Primaries, focusing on a specific technique used in penetration testing services at Black Hills Information Security

Read the entire post here

Blue Team, Blue Team Tools, How-To, Informational, InfoSec 201, Jordan Drysdale

One Active Directory Account Can Be Your Best Early Warning

Here we go again, discussing Active Directory, hacking, and detection engineering. tl;dr: One AD account can provide you with three detections that if implemented properly will catch common adversarial activities […]

Read the entire post here

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]

Read the entire post here

Dave Blandford, Web App, Webcast Wrap-Up Burp, Burp extensions, Burp Suite, extensions, Web Application Testing

Creating Burp Extensions: A Beginner’s Guide

In this video, Dave Blandford discusses a beginner’s guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

Read the entire post here

Brian Fehrman, How-To AI, Artificial Intelligence, LLMs, Machine Learning, PyRIT

Pitting AI Against AI: Using PyRIT to Assess Large Language Models (LLMs)

Many people have heard of ChatGPT, Gemini, Bart, Claude, Llama, or other artificial intelligence (AI) assistants at this point. These are all implementations of what are known as large language […]

Read the entire post here

Author, External/Internal, Finding, Informational, Jordan Drysdale, Kent Ickler Buzzwords, Clickbait, Report Findings, Statistical Analysis, Zero AI Mentions

The Top Ten List of Why You Got Hacked This Year (2023/2024)

by Jordan Drysdale and Kent Ickler tl;dr: BHIS does a lot of penetration testing in both traditional and continuous penetration testing (CPT) formats. This top ten style list was derived […]

Read the entire post here

Brian Ireland, Informational, InfoSec 201 B&B, Backdoors & Breaches, ICS/SCADA, Industrial Control Systems, Initial Compromise

ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches

This blog will be referencing the ICS/OT Backdoors & Breaches expansion deck created by BHIS and Dragos. We will be reviewing the ICS-focused Initial Compromise cards that are used to simulate a cyber incident and suggest potential mitigations to what is presented.

Read the entire post here