Black Hills Information Security

BACKDOORS & BREACHES - CARD OF THE DAY
Deck: Core Deck 2.2
Attack/Procedure Type: Persistence
Attack/Procedure Evil Firmware
More:
UEFI Rootkit - threatpost.com/uefi-rootkit...

Trickbot - thehackernews.com/2020/12/tric...

Get physical decks -- spearphish-general-store.myshopify.com/collections/...

If you're attending DEFCON -- please come say hello, we'd love to see you! We're in the exhibitor area.

Soulmate or threat actor? Maybe both!

You can order your copy of the ANTISOC issue here -- spearphish-general-store.myshopify.com/products/pro...

You can read all past issues of PROMPT# here -- www.blackhillsinfosec.com/prompt-zine/

Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource - Black Hills Information Security, Inc. An Infosec Survival Guide Resource, released as blog posts, with fully designed, printer-friendly PDF cheatsheets.

*NEW RELEASE**
Offensive Tooling Cheatsheets: An Infosec Survival Guide Resource
10 essential offensive tool references, available as PDFs or blog posts. Download all or individual sheets. Thanks again to all our contributors!
Check it out: www.blackhillsinfosec.com/offensive-to...

Backdoors & Breaches: DATADOG Expansion Deck v1 Backdoors & Breaches: Trimarc Expansion Deck v1 was created in collaboration with our friends at Trimarc Security, to add additional attacks, injects, consultants, and procedure cards to the Core Deck...

Datadog teamed up with Black Hills Information Security to create a new Backdoors & Breaches expansion deck!

Purchase a deck here -- spearphish-general-store.myshopify.com/products/bac...

Watch here-- youtube.com/live/YtGexr2...

Plug and Play works!!! Till it doesn't...What are your implementation nightmares?

If you want to learn more about SOAR join us and Hayden Covington on August 20th --- www.antisyphontraining.com/event/anti-c...

BACKDOORS & BREACHES - CARD OF THE DAY
Deck: Densecure
Attack/Procedure Type: Initial Compromise
Attack/Procedure: Wi-Fi Guest Network Escape

Tools:
Bettercap - www.bettercap.org
Metasploit - www.metasploit.com

Get physical decks: spearphish-general-store.myshopify.com/collections/...

looking good!!!

Backdoors & Breaches - Black Hills Information Security, Inc. This is Backdoors & Breaches, an Incident Response Card Game, from Black Hills Information Security and Active Countermeasures. Backdoors & Breaches contains 52 unique cards to help you conduct incide...

THURSDAY - BHIS Webcast

Datadog & BHIS created a new Backdoors & Breaches expansion deck.

Join a free one-hour webcast to learn about the new attack, detection, and inject cards.

Thursday, July 31st - 1:00 PM EDT

Register (Zoom): events.zoom.us/ev/AgWn-tGp5...

30 Tips for Secure JavaScript w/ Tanya Janca

Hey folks!

WEDNESDAY - Antisyphon Training Anticast

Join a free one-hour training with Tanya Janca to learn 30 tips for writing secure JavaScript.

You'll learn what to do, what to avoid, and how to use open-source tools.

July 30th - 12:00 PM EDT

Register (Zoom): events.zoom.us/ev/AmaSwRAqJ...

Last week the ANTISOC Team joined us for a free one-hour webcast!

We learned the details of how they operate, working to improve our customers security every day, and take home tools and techniques that you can try yourself!

Watch the full webcast here -- www.youtube.com/live/JRXQRfO...

BACKDOORS & BREACHES - CARD OF THE DAY
Deck: Core Deck 2.2
Attack/Procedure Type: Initial Compromise
Attack/Procedure: Password Spray

Tools:
SprayingToolkit - github.com/byt3bl33d3r/...
FireProx - github.com/ustayready/f...
Hydra - github.com/vanhauser-th...

PROMPT# is Back!

This issue is by the ANTISOC team at BHIS, and it highlights the work they do!

Order -- spearphish-general-store.myshopify.com/products/pro...

If you get a 404 code that means we can't ship to your location but you can read it for free -- www.blackhillsinfosec.com/prompt-zine/...

We all need a humble brag every now and then!!!

The Detection Engineering Process w/ Hayden Covington #livestream YouTube video by Black Hills Information Security

Let's revisit a past webcast!

Let's revisit:
–The foundational elements of a scientific approach to detection engineering

–How to approach each step with a clear purpose from the start

–Strategies for continuous improvement & advanced detection techniques

Watch -- youtube.com/live/i2vOuky...

cybersecurity zine PROMPT# describing "The ANTISOC issue CONTINUOUS PENETRATION TESTING" featuring an axolotl anthro with a hoodie, eyeshadow, and gill piercings

there's free cybersecurity zines I like to get by @bhinfosecurity.bsky.social and the axolotl on the cover of this one... i love them.....

Workshop: Foundations of Network Forensics and Analysis with Troy Wojewoda - Antisyphon Training In this 4-hour workshop we will introduce students to the core concepts of network forensics, including network architecture, packet analysis tools, and basic traffic analysis techniques.

FRIDAY - Antisyphon Training PWYC Workshop

Foundations of Network Forensics & Analysis with Troy Wojewoda!

This workshop is 4 hours long & includes hands-on labs. It's the perfect way to fit a bit of training into your workweek.

Info: www.antisyphontraining.com/course/works...

Implementing Continuous Penetration Testing w/ BHIS ANTISOC Team

Hey folks!

Join us for a free one-hour webcast with the Black Hills Information Security (BHIS) ANTISOC Continuous Penetration Testing team!

Our goal: help you think like the threats you're up against.

Thursday, July 24th - 1:00 PM EDT

Register (Zoom): events.zoom.us/ev/AtOpqfQYq...

Inside SOC Email Investigations with Tom DeJong YouTube video by Black Hills Information Security

Last week Tom DeJong hosted our long awaited return to our weekly webcast series!

He'll taught how SOC Analysts investigate potentially malicious emails to keep their organizations inboxes safe.

Find all the info in the slide deck and watch the full webcast here -- youtube.com/live/ABjxK7P...

Join us this Friday, July 18th, 11 AM–4 PM ET for the SOC Detection Engineering Crash Course with Hayden Covington from BlackHills Info Security! No experience needed, just bring your curiosity! Register now: www.antisyphontraining.com/course/works...

CARD OF THE DAY
Deck: Core Deck 2.2
Attack/Procedure Type: Pivot and Escalate
Attack/Procedure: New Service Creation/Modification

Tools:
Impacket - github.com/SecureAuthCo...
Metasploit - www.metasploit.com

Get decks: spearphish-general-store.myshopify.com/collections/...

ICYMI: No webcast this week so let's look back at one of the hottest topics of the year!

Craig & Derek joined us or a freewebcast on Using AI to Augment Pentesting Methodologies.

We learned ways to leverage AI to assist with penetration testing methodology -- www.youtube.com/live/WALqWZh...

Workshop: Introduction to Cloud Security with Beau Bullock - Antisyphon Training Join us for this pay-what-you-can, hands-on, virtual workshop with Antisyphon Instructor, Beau Bullock as he provides a foundational understanding of cloud security, exploring essential concepts and p...

Friday, July 11

Introduction to Cloud Security

with Beau Bullock

Starting at $0


Register:

www.antisyphontraining.com/course/works...

Workshop: AI Foundation: Cyber Security Workflow Optimization using AI Technology with Joff Thyer and Derek Banks - Antisyphon Training This workshop gives an introduction to AI technology and then moves to practical examples of how AI technology can be used as a daily workflow and task optimization tool for Cyber Security Professiona...

Join BHIS & Antisyphon Training this week for hands-on, 4-hour, pay-what-you-can training workshops taught by BHIS security analysts!

Thurs, July 10
AI Foundation: Cybersecurity Workflow Optimization Using AI Tech with Joff Thyer & Derek Banks

Register:

www.antisyphontraining.com/course/works...

Join Jason Haddix for a free one-hour Antisyphon Anti-cast, "Attacking AI."

You'll learn practical techniques for assessing AI-enabled systems, including a seven-point methodology, prompt injection taxonomy, & useful tools.

Wed, July 9th - 12:00 PM EDT

Register: events.zoom.us/ev/Ap_oRmO3x...

BACKDOORS & BREACHES - CARD OF THE DAY
Have you experienced this?
Deck: Cloud Deck
Attack/Procedure Type: Initial Compromise
Attack/Procedure: Malicious OAuth Application

Tools:
O365 Attack Toolkit - github.com/mdsecactiveb...

Learn more:
threatpost.com/oauth-phishi...

Why Your Org Needs a Penetration Test Program w/ Kelli & Corey YouTube video by Black Hills Information Security

The BHIS team is enjoying a must needed break but that doesn't mean we can't give you your Thursday webcast fix!

Corey Ham & Kelli Tarala joined us for a very special free one-hour webcast on why your org needs a penetration test program!

Watch here -- youtube.com/live/OUWEdX1...

Join Jennifer Shannon from Secure Ideas for this 2-day training course and by the end, you will be able to conduct a basic API pen test using a systematic approach & industry best practices!

Grab your spot here: www.antisyphontraining.com/course/profe...

BACKDOORS & BREACHES - CARD OF THE DAY
Deck: Cloud Deck
Attack/Procedure Type: Initial Compromise
Attack/Procedure: Credentials Posted Publicly in a Code Repository

Tools:
Gitleaks - github.com/gitleaks/git...
TruffleHog - github.com/trufflesecur...
Gitrob - github.com/michenriksen...

Cybersecurity Awareness training Keep yourself secure online by taking Amazon's cybersecurity awareness training and learn about cyber risks like phishing and social engineering.

Free and Pay-What-You-Can Training
learnsecurity.amazon.com/en/index.html

www.antisyphontraining.com/pay-what-you...

Find more helpful educational content and the full article by Ashley by checking out the Infosec Survival Guide: GREEN BOOK - www.blackhillsinfosec.com/prompt-zine/...