Intro to Software Defined Radio and GSM/LTE
Ray Felch // Disclaimer: Be sure to use a faraday bag or cage before transmitting cellular data so you don’t accidentally break any laws by illegally transmitting on regulated frequencies. […]
InfoSec 101
Do You Know If Your DNS Server Can Be Used For DDoS Attacks?
Melissa Bruno // So you have an Internet-facing DNS server. Maybe you decided to set one up at home for fun, or your company has one that works with other […]
Getting Started With AppLocker
John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take […]
Getting Started With Sysmon
John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just […]
PyFunnels: Data Normalization for InfoSec Workflows
TJ Nicholls // *BHIS Guest Contributor TL;DR How many times have you had to parse the same output from a tool? Wouldn’t you like to get that time back? There […]
Your Reporting Matters: How to Improve Pen Test Reporting
Brian B. King // This is a companion post to BBKing’s “Hack for Show, Report for Dough” report, given at BSides Cleveland in June 2019. The fun part of pentesting is […]
Webcast: Introducing Backdoors & Breaches Incident Response Card Game
This webcast was originally given live on June 5th, 2019 by John Strand and the BHIS (card) Testers. How To Play! download and print a pdf version of “how to […]
How to Purge Google and Start Over – Part 2
Mike Felch// How to Purge Google and Start Over – Part 1 Brief Recap In part 1, we discussed a red team engagement that went south when the Google SOC […]
How to Purge Google and Start Over – Part 1
Mike Felch// A Tale of Blue Destroying Red Let me start by sharing a story about a fairly recent red team engagement against a highly-secured technical customer that didn’t end […]