@bcsecurity.bsky.social
Threat Emulation | Training | Red Team | Penetration Testing | Compliance
Cybersecurity Awareness Month!
Cyber Tip: Segment your administrative network and separate privileged access.
Keep domain controllers, jump servers, and management systems separate from user workstations.
Isolation limits lateral movement and protects privileged credentials.
Cybersecurity Awareness Month!
Cyber Tip: Patch your third-party software.
Attackers donβt always need zero-days, just an old plug-in or unpatched tool.
Centralize patching, remove legacy apps, and stay current.
Every unpatched tool is a potential entry point.
Cybersecurity Awareness Month!!
Cyber Tip: Rotate service account passwords often. These high-privilege accounts are prime targets for attackers. Regular rotation limits damage and reduces risk.
Cybersecurity Awareness Month!
Cyber Tip: Microsoft has officially ended support for Windows 10. Without ongoing security updates, these systems are now vulnerable to new exploits and malware. If youβre still running Windows 10, upgrade as soon as possible to stay secure and compliant.
Cybersecurity Awareness Month!!!
Cyber Tip: Close what you donβt use. Unused ports and services expand your attack surface and invite scanning or exploitation. Disabling them keeps your network lean, secure, and harder to breach.
#Cyberaware #CybersecurityAwarenessMonth #Cybersecurity
Cybersecurity Awareness Month!
Cyber Tip: Keep an eye on outbound traffic. Attackers often use it to exfiltrate data or maintain control of compromised systems. Reviewing outbound connections helps you detect and contain threats before sensitive data leaves your network.
Cybersecurity Awareness Month!!!
Cyber Tip: Review your PowerShell logs regularly. Attackers often abuse built-in tools like PowerShell to run commands, move laterally, and hide activity. Detailed logging helps spot unusual scripts or commands that may signal an intrusion before it spreads.
Cybersecurity Awareness Month!!!
Cyber Tip: Check file hashes before installing or running downloads. Verifying the SHA256 or MD5 ensures the file hasnβt been tampered with and matches the official source. This quick step helps prevent malware from slipping in through fake or modified installers.
Cybersecurity Awareness Month!!!
Cyber Tip: Use DNS filtering to block malicious domains before they reach your network. Even if someone clicks a bad link, DNS filters can stop the connection, prevent data theft, and reduce overall risk.
#Cybersecurity
Cybersecurity Awareness Month!
Cyber Tip: Never enable macros on documents from unknown or untrusted sources. Attackers often send Word/Excel files that trick you into clicking βEnable Contentβ to launch malware. If you werenβt expecting the file, donβt trust it.
Happy Cybersecurity Awareness Month!!
We believe awareness is the first line of defense. This month, weβll share tips and insights from our experts to help protect what matters most.
Tip: Scammers use urgent language to create panic. Donβt rush, pause & verify before acting.
One of our Black Hat instructors analyzes a real phishing email, how it works, the red flags, and how to stay safe.
youtu.be/IFy_96Dg__E?...
#Phishing #SecurityAwareness #Infosec
PyPI is warning about a new phishing scam hitting package maintainers. Fake βaccount verificationβ emails are floating around, pointing to pypi-mirror[.]org, a fake site built to steal your login.
www.bleepingcomputer.com/news/securit...
βWhen βworking as intendedβ means leaking sensitive dataβ
Our analyst Andrew, discovered unauthenticated access to thousands of files and faced roadblocks trying to report it. His blog breaks down what happened and why design flaws matter as much as exploits.
bc-security.org/when-intende...
Hot dogs, cold drinks, andβ¦ popping shells? This Labor Day, weβre serving up a special Empire Ops 1 Discount. Attackers donβt take holidays, and neither should your defenses.
training.bc-security.org/courses/empi...
#Cybersecurity #RedTeam
@Micrososft highlights top PRC tactics: cloud account abuse (impossible travel, new principals), LOTL lateral movement with psexec/WMI/remote PowerShell, and persistence via web shells on IIS, SharePoint, VPNs, and firewalls. Defenses: MFA, block legacy protocols, hardened configs.
27.08.2025 21:28 β π 0 π 0 π¬ 0 π 0
We are honored to be at #DAFITC this year and catch the keynote from Huntressβ CEO. A powerful discussion on how cybercriminals are abusing tools like ScreenConnect and why defenders must stay vigilant. Great insights for everyone in cyber defense. #CyberSecurity
25.08.2025 15:16 β π 0 π 0 π¬ 0 π 0AMA starts in a few hours!
Jake Krasnov (BC Security) is hosting a LIVE AMA on r/SolarDIY at 12 PM ET β only a few hours from now!
Bring your cyber questions here: reddit.com/r/SolarDIY
Solar powers your home. Cybersecurity keeps it safe.
This Friday (Aug 22) @ 12 PM ET, Jake Krasnov (BC Security) goes LIVE for an AMA on r/SolarDIY!
Bring your questions!
www.reddit.com/r/SolarDIY/
We want to give a huge thank you to everyone who reached out about the CVEs from our Solar Research! Your feedback, stories, and collaboration mean a great deal to our team, and it has been incredible to see the community come together around this work. Please keep reaching out!
18.08.2025 21:06 β π 0 π 0 π¬ 0 π 0
What a great #DefCon!!! We spent almost 2 weeks in Vegas between #BlackHat and #Defcon. We would like to thank everyone who attended our classes, demo labs, workshops, and our mainstage talk. If you didn't have a chance to talk to us, you can always reach out to us on our website or social media!
11.08.2025 22:05 β π 0 π 0 π¬ 0 π 0
The first day of #DEFCON is in the books. We had great attendance in both the Empire 6.0 Demo Lab and Obfuscation Reloaded!
Check out our main stage talk:
Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain
Today at 14:00 (2PM Vegas time) Exhibit Hall West 3 - Track 2
Today is the day! The first day of #DefCon is here! We have workshops and a lab today. Then the mainstage talk tomorrow!
Come Check out Obfuscation Reloaded: Modern Techniques for Evading Detection / Empire 6.0!
We are stoked to be out and about @blackhatevents.bsky.social!!! Come say hey if you see us! We are always down to chat and meet new people!
07.08.2025 16:08 β π 0 π 0 π¬ 0 π 0So amazing to see the diversity of students we've had at @blackhatevents.bsky.social this year! We would like to thank everyone who traveled from all parts of the world to attend our classes. Now it's time for #Blackhat2025 briefings!
05.08.2025 21:10 β π 0 π 0 π¬ 0 π 0
Day 3 of @blackhatevents.bsky.social
We finished class with our first set of students yesterday, and today we start with new students.
Donβt forget that we offer training throughout the year.
Visit www.training.bc-security.org for a list of our available training options.
#blackhat2025
Mark your calendars for our mainstage talk at DEF CON:
Rebadged, Relabeled, and Rooted: Pwnage via the Solar Supply Chain
Aug 9. Saturday @ 14:00 (2 PM PT)
Exhibit Hall West 3 β Track 2
If you see any of us out and about, feel free to say hi!
Day 1 complete and Day 2 underway at @blackhatevents.bsky.social
We kicked things off strong!
Thereβs still time to join our Advanced Threat Emulation: Active Directory / Advanced Threat Emulation: Evasion classes tomorrow.
www.blackhat.com/us-25/traini...
www.blackhat.com/us-25/traini...
Anthony & Jake are finishing up the documentation on the 14 CVEs they will be releasing at DEF CON next week & can't wait to share it with y'all! Don't miss their Rebadged, Relabeled, & Rooted: Pwnage via the Solar Supply Chain talk on Aug 9 at 2 pm PST
31.07.2025 15:09 β π 0 π 0 π¬ 0 π 0
Advanced Threat Emulation: Active Directory is the best way to improve your AD skills at Black Hat. Learn about reflection attacks, resource-based constrained delegation, & more. By the end, you will be equipped with the latest TTPs & ready for your next engagement
www.blackhat.com/us-25/traini...
