BHIS Webcasts

Learning to Trust AI Agents with Automation w/ Ethan and Derek

Black Hills Information Security — Fri, 24 Apr 2026 15:50:29 -0400

What if you could safely harness AI agents to automate real work, without spending a dime?

Join us for a free one-hour BHIS webcast with Ethan Robish and Derek Banks to cut through the hype and learn what coding agents really are, why they’re not just for developers, and how to start for free.

You’ll learn how tools like Opencode work, how to overcome security and trust barriers, and how to give agents the context, skills, and guardrails they need to safely plan, execute, and iterate.

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_Mar-26-Learning-to-Trust-AI-Agents-with-Automation-w-Ethan-Robish.pdf

Chapters

(00:00) - Intro - Learning to Trust AI Agents with Automation Ethan and Derek
(01:37) - Background
(05:26) - What is a coding agent?
(11:41) - Pick one and start learning
(12:31) - The Cost of AI
(15:26) - Opencode - Getting Started
(19:26) - Free Models - Never truely free
(22:21) - What can I do here?
(24:40) - Running models locally
(27:33) - Why would I need a coding agent?
(28:00) - Code Agent Examples
(35:48) - Openwork Demo
(38:49) - Ask the agent to help you use it better (Help me help you)
(41:07) - But AI always makes things up
(43:44) - Prompting an LLM
(46:37) - Concepts & Terminology
(49:25) - Context usage
(51:02) - Model Tokein Limits
(55:14) - Guiding an Agent : Best Practices
(57:18) - 80% planning 20% execution
(58:05) - Guardrails for command execution
(01:00:37) - Q&A

Creators & Guests

Jason Blanchard - Host

Deb Wigley - Host

Tom Smith - Guest

Ethan Robish - Guest

William Corbin - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Do it, do it NOW! - A Pre-Incident Checklist w/ Patterson

Black Hills Information Security — Thu, 19 Mar 2026 13:00:00 -0400

Post-incident “lessons learned” are extremely valuable and very, very expensive!

But you don’t have to wait until “right of boom” to make meaningful improvements to your cybersecurity resilience!

Join us for a free one-hour webcast with Patterson Cake from Black Hills Information Security: Do it, do it NOW!! A Pre-Incident Checklist.

You’ll learn the top 10 low-effort, high-impact lessons every business should review and fix before a cybersecurity incident.

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_IR-Preparedness-Checklist-03032026.pdf

Chapters

(00:00) - Intro - Do it, do it NOW! - A Pre-Incident Checklist - Patterson
(06:27) - Presuppositions
(08:28) - In the event of an Emergency...
(10:04) - YOUR INCIDENT RESPONSE PLAN IS USELESS
(12:47) - YOUR CYBER INSURANCE PROVIDER SHOULD NOT BE YOUR ADVERSARY
(15:44) - YOUR LOG DETAIL & RETENTION ARE INADEQUATE
(18:51) - YOUR MOST IMPORTANT ASSET IS __________
(20:48) - IMPLEMENT OUT-OF-BAND COMMS BEFORE CRISIS & TEST REGULARLY
(23:34) - YOUR STAFF ARE AWESOME BUT NOT SUPERHUMAN
(25:45) - EFFECTIVE IR TAKES TRAINING & PRACTICE
(28:04) - YOU MUST HAVE IMMUTABLE BACKUPS
(31:45) - YOU HAVE 0 HOURS TO FIX INTERNET-FACING VULNERABILITIES
(35:11) - THE TWO IR PLAYBOOKS YOU NEED MOST
(43:48) - 10 Things
(50:49) - Q&A
(57:37) - The "Working with BHIS" part

Creators & Guests

Jason Blanchard - Host

Deb Wigley - Host

Ryan Poirier - Producer

Bryan Strand - Guest

Patterson Cake - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda

Black Hills Information Security — Thu, 12 Mar 2026 12:00:00 -0400

What if an attacker lived inside your network for seven months and your tools never noticed?

During a real breach assessment, Black Hills Information Security uncovered a stealthy intrusion using a COM-based persistence technique hidden in native Windows scheduled tasks. There were no obvious indicators of compromise. No suspicious process names. No malicious file hashes.

Just a quiet foothold designed to stay invisible.

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_CuriousCaseOfTheComburglar_BreachAssessment-2026-03-12.pdf

Chapters

(00:00) - Intro - Breach Assessment - The Curious Case of the Comburglar - Troy Wojewoda
(02:15) - Agenda
(03:02) - What Is a Breach Assessment?
(10:50) - 5 Pillars of Data Telemetry
(16:23) - The Hunt Begins
(29:15) - Attack Chain
(38:39) - Timeline & Scope
(45:21) - Threat Hunting Playbook
(51:29) - Key Takeaways
(53:52) - Q&A

Creators & Guests

Troy Wojewoda - Guest

Jason Blanchard - Host

Deb Wigley - Host

Logan Bender - Guest

Keith Chew - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Data Loss Prevention (DLP) Survival Guide - Ashley Knowles

Black Hills Information Security — Fri, 27 Feb 2026 11:16:33 -0500

How quickly could you detect sensitive data being exfiltrated?

Join us for a free one-hour BHIS webcast with Ashley Knowles on best practices for data loss prevention and keeping your most sensitive information safe.

You’ll learn about common vulnerabilities, real-world scenarios, and practical, actionable strategies to protect the data you’ve been hired to safeguard.

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/02/SLIDES_Data-Loss-Protection-Survival-Guide.pdf

Chapters

(00:00) - Intro
(02:57) - About Ashley Knowles
(03:26) - Why DLP Shouldn't Terrify You (Too Much)
(08:10) - Understanding Your Data Landscape
(10:23) - Data Classification Framework
(11:49) - Where Does Your Data Live?
(14:24) - Understanding Data Exfiltration
(18:34) - Advanced Exfiltration Methods
(22:20) - The Insider Threat Reality
(24:19) - How to Stop Data Loss: The Basics
(25:51) - Technical Controls That Work
(27:44) - Recommended Layered Approach
(30:56) - Cloud & Modern Workplace Protection
(32:01) - The Purple Team Process
(34:18) - Purple Team Testing: Scenario 1
(36:38) - Purple Team Testing: Scenario 2
(39:13) - Purple Team Testing: Scenario 3
(40:12) - Purple Team Testing: Scenario 4
(40:40) - Purple Team Testing: Scenario 5
(42:03) - Starting Your DLP Journey
(43:50) - Key Takeaways & Action Items
(44:16) - Questions & Resources
(55:59) - The "What it's like to work with Black Hills Information Security" segment

Creators & Guests

Jason Blanchard - Host

Ryan Poirier - Producer

Deb Wigley - Host

Bryan Strand - Guest

Ashley Knowles - Guest

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

Simplify Pentest Workflows Using Cerno - Chris Traynor

Black Hills Information Security — Sun, 01 Feb 2026 13:43:37 -0500

Are you reviewing findings or managing chaos?

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Simplify-Pentest-Workflows-Using-Cerno.pdf

✏️ Learn from Chris Traynor with Offensive Tooling for Operators
https://www.antisyphontraining.com/product/offensive-tooling-for-operators-with-chris-traynor/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

If you are a pentester, you have been there. Hundreds of findings. Critical vulns buried in noise. Too many terminal windows, lost context, and manual tracking slowing you down. On offensive work, time is everything, and disorganization wastes it fast.

Join us for a free one-hour webcast with Chris Traynor, Security Consultant at Black Hills Infosec, as he introduces Cerno, a new free and open-source tool designed to bring order to pentest findings.

Cerno is a Terminal User Interface tool that imports vulnerability data for structured review and validation. Navigate findings with keyboard shortcuts, launch tools with a single keystroke, track progress automatically, extract CVEs, look up related exploits, compare findings across hosts, and follow built-in or custom verification workflows.

You'll learn how to use Cerno to organize, review, and validate pentest findings faster, reduce chaos during engagements, and stay efficient under real-world time pressure.

Get familiar with Cerno: https://github.com/ridgebackinfosec/cerno

Chapters

(00:00) - Intro – Simplify Pentest Workflows Using Cerno w/ Chris Traynor
(06:03) - The Problem
(10:55) - The Solution
(13:14) - Feature Overview
(16:37) - Database-First Design
(17:17) - Module Architecture
(18:11) - Data Flow
(19:02) - Interactive TUI
(21:16) - Severity Filtering
(22:57) - Finding Review
(25:09) - Tool Orchestration - nmap
(27:35) - NetExec & Custom Tools
(28:45) - NetExec DB [Beta]
(30:22) - Host Comparison
(32:40) - Session Persistence
(34:23) - Configuration
(36:22) - Demo Time
(57:38) - Getting Started
(57:49) - Resources
(58:13) - Thank You / Free Labs
(59:58) - CTF challenge
(01:00:23) - Free Survival Guide - Spearphish General Store
(01:00:42) - QA Start
(01:10:16) - Taking Care of Business Related Plugs

Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

Zero to Zeek: Build a Network Sensor Fast and Easy w/ Troy Wojewoda

Black Hills Information Security — Sat, 24 Jan 2026 09:50:47 -0500

What if world-class network monitoring didn’t require being a Linux expert?

🛝 Webcast Slides (URL)
https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Zero-to-Zeek_TroyWojewoda_2026-01-22.pdf

Join Antisyphon instructor Troy Wojewoda (Black Hills Infosec – Incident Response) for a free one-hour training session on how to standup a Zeek sensor in as little as three commands...maybe four.

Troy will teach you how to quickly deploy and customize a powerful network visibility sensor without needing Linux expertise.

You'll learn to adjust log formats, reduce noisy traffic, and tune the sensor for richer, higher-quality event data.

Don't let Linux be the barrier to outstanding insight into your network.

Register now and gain the power of Zeek today!
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Active Directory Attack Path in Action

Black Hills Information Security — Mon, 19 Jan 2026 09:00:00 -0500

Are small Active Directory misconfigurations putting you at risk?

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –

https://poweredbybhis.com

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Active-Directory-Attack-Path-in-Action.pdf

Antisyphon Training events featuring Alyssa & Kaitlyn
https://www.antisyphontraining.com/search/Alyssa%20Kaitlyn

Chapters

(00:00) - Intro - Active Directory Attack Path in Action
(02:06) - Alyssa and Kaitlyn Fun Facts
(02:43) - Webcast Overview
(03:34) - Web Services
(06:20) - Jenkins Env Hunter - Tool by Kent Ickler!
(07:53) - Test Credentials
(08:57) - Username Enumeration
(12:12) - Domain Enumeration
(14:11) - NetExec
(15:12) - BloodHound.py
(16:29) - SharpHound
(17:28) - ADExplorer
(19:30) - Convert Snapshot
(20:07) - BOFHound
(22:46) - Identify Attack Path
(23:55) - Abusing RBCD for Local Priviledge Escalation
(26:43) - Machine Account Quota
(27:40) - Resource-Based Constrained Delegation Expolitation Flow
(30:36) - Create Computer Object
(31:58) - Set Delegation
(33:22) - Delegation Attribute
(33:53) - Select a Target Account
(34:34) - Avoid Protected Users
(35:24) - Get Privileged TGS
(37:07) - Delegation Failure Example
(37:39) - Escalation Success
(39:18) - Dump local Secrets
(40:53) - Domain Admin Compromised
(41:39) - Attack Path Summary
(44:24) - Defensive Considerations
(45:42) - Related Antisyphon Courses
(46:08) - More Resources
(47:27) - Q&A Start
(50:03) - Alternative Path for Attackers
(51:30) - Whats the Assumed Compromize Course like?
(56:27) - Are Extended Test Timelines an advantage?
(57:51) - BHIS "Side Quest" capabilities
(58:55) - BHIS CPT On-Boarding Process
(01:02:29) - Getting the Ball Rolling on Test Assessments
(01:04:22) - The Price of Continous Pen Testing
(01:05:30) - Favorite Things About Customer CPTs

Join Kaitlyn Wimberley and Alyssa Snow (Black Hills Infosec – Continuous Penetration Testers) for a free one-hour webcast where they’ll walk through an example Active Directory attack path, from un-credentialed network access to Domain Administrator.

You’ll learn how attackers can escalate from un-credentialed access to Domain Admin, identify common misconfigurations, and understand how small weaknesses can combine to compromise your network.

Chat with your fellow attendees in the Black Hills Infosec Discord server:
https://discord.gg/BHIS
in the #🔴live-chat channel.

Brought to you by:

Black Hills Information Security

https://www.blackhillsinfosec.com

Antisyphon Training

https://www.antisyphontraining.com/

Active Countermeasures

https://www.activecountermeasures.com

Wild West Hackin Fest

https://wildwesthackinfest.com

Inside SOC: Triage Smarter, Not Harder w/ Tom DeJong

Black Hills Information Security — Fri, 19 Dec 2025 16:40:11 -0500

Inside SOC: Triage Smarter, Not Harder w/ Tom Dejong

🛝 Webcast Slides
https://www.blackhillsinfosec.com/wp-content/uploads/2025/12/SLIDES_Inside-SOC-Triage-Smarter-Not-Harder-1.pdf

Could you triage an alert on the spot?

Learn why alert triage is a crucial skill for every SOC analyst.

Tom will teach you the basics of triage, including alert anatomy, how to separate real threats from noise, and when to escalate or close an alert.
You’ll also learn documentation best practices, common mistakes to avoid, and tips for strengthening your soft skills.
This webcast is ideal for anyone starting out in a SOC or looking to sharpen their foundational skills.

Chat with your fellow attendees in the Antisyphon Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel