Blue Team

Fun & Games, General InfoSec Tips & Tricks, InfoSec 101, InfoSec 201 Blue Team, books, Getting into Infosec, infosec 101, infosec books, Red Team, tools

Your Infosec Supply List

Bre Schumacher // As I was walking through the back to school display at the store the other day, I picked up a handy-dandy school supply list. Of course there were […]

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale, Kent Ickler, Webcasts Active Directory, AD, AWS, Best Practices, Blue Team, Defender, Federation Services, Firewall, Group Policies, Groups, Infrastructure, Job Functional Roles, Jordan Drysdale, Jugular, Kent Ickler, LAPS, LLMNR, LSDOU, Naming Conventions, security, Sysmon, webcast, webcasts, whitelisting

Active Directory Best Practices to Frustrate Attackers: Webcast & Write-up

Kent Ickler & Jordan Drysdale // BHIS Webcast and Podcast This post accompanies BHIS’s webcast recorded on August 7, 2018, Active Directory Best Practices to Frustrate Attackers, which you can view below. […]

Read the entire post here

Author, Blue Team, How-To, Jordan Drysdale Amazon Web Services, AWS, Best Practices, Blue Team, Jordan Drysdale, Scout2

Scout2 Usage: AWS Infrastructure Security Best Practices

Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your […]

Read the entire post here

Podcasts Blue Team, hacker tools, Microsoft, Red Team, Sysinternals Suite

PODCAST: Hacker Tools, Compliments of Microsoft

Sally Vandeven & David Fletcher // This is the podcast version of Sally & David’s webcast. For the whole webcast see our webcast post. Links that are mentioned in this […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Author, Blue Team, How-To, Kent Ickler, Phishing Anti-Phising, Best Practices, Blue Team, DKIM, DMARC, Email, Filtering, Incident Response, IR, Kent Ickler, Marketing, phishing, reconnaissance, RFC 4408, Sender Policy Framework, Spam, SPF

Offensive SPF: How to Automate Anti-Phishing Reconnaissance Using Sender Policy Framework

Kent Ickler // TL;DR: This post describes the process of building an active system to automatically recon SPF violations. Disclaimer: There are parts of this build that might not be legal […]

Read the entire post here

Author, Blue Team, John Strand, Podcasts Attack Tactics, Blue Team, Defending Networks, Tools for the blue team, webcast

PODCAST: Attack Tactics Part 2

John talked about how we’d attack, here’s how you can defend against those attacks. Grab the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/6843799/

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

Blue Team, Webcasts Attack Tactics, Blue Team, blue teaming, webcast, webcasts

WEBCAST: Attack Tactics Part 2

John Strand // This is the second part of our series about Attack Tactics, sponsored by our sister company, Active Countermeasures. In the first part we discussed how we’d attack. […]

Read the entire post here

Blue Team, How-To, Phishing Best Practices, Blue Team, Derrick Rauch, DKIM, DMARC, Email, Filtering, Kent Ickler, Marketing, phishing, Sender Policy Framework, Spam, SPF

How to Configure SPFv1: Explained for the Masses

Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, […]

Read the entire post here

Author, Blue Team, Jordan Drysdale, Kent Ickler, Webcasts AD Best Practices, Blue Team, webcast, Wireless, Wireless Blue Team, Wireless Defense, Wireless NEtworks

WEBCAST: Stop Sucking at Wireless

Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The […]

Read the entire post here