Classic BHIS Webcasts

Passwords: You Are the Weakest Link

Black Hills Information Security — Mon, 16 Dec 2019 11:07:00 -0500

Why are companies still recommending an 8-character password minimum? Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data. Download Slides: https://www.activecountermeasures.com/presentations

Chapters

(00:00) - Start
(01:04) - Introduction
(03:26) - In The Beginning
(04:23) - What The Experts Say : PCI
(05:55) - What The Experts Say : Microsoft
(09:29) - What The Experts Say : NIST
(16:01) - What The Experts Say : Google
(16:28) - What The Experts Say : Apple
(16:42) - Still More Experts
(17:49) - Why 15 Characters
(18:06) - Brute Force
(18:44) - Password Spray
(22:48) - Password Cracking
(23:25) - A Hashing Algorithm
(24:07) - More About Hashes
(25:49) - So What Is Password Cracking
(27:16) - Windows Hashes
(27:42) - The LM Hashing Algorithm
(29:46) - LM Hash Is "Weak"
(30:55) - LM Vs. NTLM Cracking
(31:14) - Why 15 Character Passwords – Answer
(32:06) - CJ's Response to the Problem
(36:32) - Let's See the Mathm
(37:09) - Math Examples
(40:30) - From the Field
(42:47) - Would You Like To Play A Game?
(45:03) - Take Aways
(46:46) - Are You Really Going To Let This Guy Decide
(48:33) - Audience Questions & Comments

Attack Tactics: Part 3! No Active Directory? No Problem!!

Black Hills Information Security — Mon, 16 Jul 2018 09:21:00 -0400

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going!

Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/

00:00 - Preshow Announcements
03:27 - Disclaimer
07:30 BYOD and Cloud; Network Blocks
12:41 - Eyewitness
17:11 - Shodan/ images.shodan.io
24:30 - Scraping Users with Google and Burp; Password Spraying
30:22 - Attacking Google 2FA; Phishing Ruse
35:03 - Credsniper
42:14 - Getting Documents; Changing Firewall
45:02 - Takeaways
49:27 - Q&A

Description: For this next installment of our Attack Tactics webcast series, John Strand looks at an environment that had no Active Directory. This is odd, but it's becoming more and more common for new companies to have everything in the "cloud" and everything BYOD. This is also a great case-study on how to access services like Git, Slack, Gsuites, Salesforce and so on, because even if you are still using AD, you WILL be moving to the cloud. This webcast is for everyone.

Finally, as testers, we need to evolve our testing to be able to successfully test these cloud services. This means we all need to up our game and be ready for the next round of cloud-based enterprise technologies!

Slides can be found here: https://www.blackhillsinfosec.com/webcast-attack-tactics-3/

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/services/active-soc/
Penetration Testing: https://www.blackhillsinfosec.com/services/
Incident Response: https://www.blackhillsinfosec.com/services/incident-response/

Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/
Live Training: https://www.antisyphontraining.com/course-catalog/
On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/

Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest
Active Countermeasures YouTube: https://youtube.com/activecountermeasures
Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

#bhis #infosec

PODCAST: Lee Kagan & Beau Bullock talk C2

Black Hills Information Security — Thu, 12 Jul 2018 09:57:00 -0400

Special guest Lee Kagan from RedBlack Security talks about his script, his previous guest posts and the future of C2 with Beau Bullock and Sierra.

Check out these links:

How to Build a C2 Infrastructure with Digital Ocean – Part 1

How to Build a C2 Infrastructure with Digital Ocean – C2K Revamped

Beau Bullock’s github: MailSniper, PassphraseGen et al

Lee Kagan’s github: C2Kv2

Wild West Hackin’ Fest – our annual information security conference in Deadwood, South Dakota!

Hacker Tools: Compliments of Microsoft

Black Hills Information Security — Mon, 02 Jul 2018 12:21:00 -0400

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going!

Join David "Fletch" and Sally as they explore the cornucopia of wonderful, free tools in the SysInternals Suite that conveniently are signed by Microsoft and that they use on a daily basis to hack their customers.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/
Live Training: https://www.antisyphontraining.com/course-catalog/
On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/

Testing G Suites with MailSniper

Black Hills Information Security — Wed, 20 Jun 2018 09:02:00 -0400

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going!

Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- https://www.blackhillsinfosec.com/

Chapters

(00:00) - Intro
(01:00) - Overview
(02:48) - Email
(09:15) - Google Capture
(13:36) - Duo TwoFactor
(16:15) - Proxy Cannon
(17:56) - SOCAT
(18:39) - Demo
(22:28) - Password Spraying
(26:47) - Invoke Username Harvest
(28:56) - Invoke Spray Gmail
(34:16) - PowerShell Oneliner
(35:47) - MailSniper Repository
(36:40) - Tools for Metadata
(38:40) - PowerMeta
(39:20) - SSO
(40:53) - Google API
(41:26) - Does MailSniper work with Office365
(42:32) - Does MailSniper work with G Suites
(44:18) - Will Microsoft shut down GitHub

Join Matt Toussain as he talks about Mailsniper, a tool written by our very own Beau Bullock. Wouldn't you like to START your pen tests knowing every username for all the individuals in your target environment? Gmail, G Suite, Outlook Web Access, Exchange Web Services... Email. A divine gift issued to hackers with no statute of limitations. In this webcast, we explore an exploitation workflow using new features of the MailSniper toolkit testing G Suite.

In addition to leveraging G Suites as an Information disclosure engine, we explore the signaling involved with the Google Accounts authentication API. This allows us to observe and bypass protections Google attempts to implement such as Captchas and even 2FA. We close out with a demonstration of mass account enumeration and password guessing attacks!

Slides available here: https://www.blackhillsinfosec.com/webcast-testing-g-suites-with-mailsniper/

Black Hills Infosec Socials
Twitter: https://twitter.com/BHinfoSecurity
Mastodon: https://infosec.exchange/@blackhillsinfosec
LinkedIn: https://www.linkedin.com/company/antisyphon-training
Discord: https://discord.gg/bhis

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Black Hills Infosec Services
Active SOC: https://www.blackhillsinfosec.com/services/active-soc/
Penetration Testing: https://www.blackhillsinfosec.com/services/
Incident Response: https://www.blackhillsinfosec.com/services/incident-response/

Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: https://www.backdoorsandbreaches.com/
Play B&B Online: https://play.backdoorsandbreaches.com/

Antisyphon Training
Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/
Live Training: https://www.antisyphontraining.com/course-catalog/
On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/

Educational Infosec Content
Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest
Active Countermeasures YouTube: https://youtube.com/activecountermeasures
Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

#bhis #infosec

Attack Tactics Part 2

Black Hills Information Security — Wed, 13 Jun 2018 09:36:00 -0400

Join us in the Black Hills InfoSec Discord server here: https://discord.gg/BHIS to keep the security conversation going!

Learn active defense cyber deception with John Strand from Antisyphon
Training: https://www.antisyphontraining.com/active-defense-cyber-deception-w-john-strand/

00:00 - Preshow Announcements
03:00 - Overview
04:51 - Defense against recon
10:56 - Other recon findings
11:11 - First and second attempts; Defense
22:30 - John Strand Snowball of Pain
25:23 - Password Spray
34:45 - OWA Access; Defense
36:55 - OWA Access and Pull down the Global Address List; Looking for VPN Instructions; Defense
45:24 - Mailsniper Searching/Defense; VPN Access Defense; Honeybadger
49:57 - Defense against Domain Recon/SIM; Kerberoasting/GPP and Defense
53:54 - Using Creds and Moving Laterally/Defense
57:16 - Secondary C2 Defense
58:30 - Tips

Description: This is the second part of John's series about Attack Tactics. In the first part we discussed how we'd attack. Now, we cover the same attack, but this time we are covering the defensive components the organization could have implemented to stop us every step of the way.

"We cover event logs, new vendors, SIEM, UBEA and yes... I hate to say it... Cyber Kill Chain. Remember, the goal is to make your next pentester cry; to make hackers give up and most importantly to have puppies and kittens everywhere love you." - John

Black Hills Infosec Shirts & Hoodies
https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections

Join us at the annual information security conference in Deadwood, SD (in-person and virtually) —
Wild West Hackin' Fest: https://wildwesthackinfest.com/

#bhis #infosec

Attack Tactics Part 1

Black Hills Information Security — Mon, 04 Jun 2018 08:27:00 -0400

John is starting a new series of webcasts called Attack Tactics. This first part is a step-by-step walk-through of an attack BHIS launched against a customer, with just a few obfuscating tweaks. He covers the tools, how we used them and any other tricks we had to pull out for the attack.

The second will be co-hosted by our sister company Active Countermeasures and will go through the defensive side. Stay tuned for more details about that!