Category Archives: How To

Webcast: How to Hunt for Jobs like a Hacker

Job hunting? Looking for a career change? Still in college and want to know how to get started now in your career? If you answered yes to any of these questions, this might be the BHIS webcast for you. This webcast is an update to Jason’s popular recorded DerbyCon 2016 talk — How to Social […]

The post Webcast: How to Hunt for Jobs like a Hacker appeared first on Black Hills Information Security.

How to protect your business from COVID-19-themed vishing attacks

Cybercriminals have been using the COVID-19 pandemic as a central theme in all kinds of crisis-related email phishing campaigns. But because of the dramatic rise of the number of at-home workers, one method that has become increasingly common over the past few months are vishing attacks, i.e., phishing campaigns executed via phone calls. Rising success rates are the reason why vishing has become more common, and there are several factors driving this trend: People are … More

The post How to protect your business from COVID-19-themed vishing attacks appeared first on Help Net Security.

Promiscuous Wireless Packet Sniffer Project

Ray Felch // Introduction: After completing and documenting my recent research into keystroke injections (Executing Keyboard Injection Attacks), I was very much interested in learning the in-depth technical aspects of the tools and scripts I used (created by various authors and security research professionals). In particular, I was interested in creating my own software/hardware implementation […]

The post Promiscuous Wireless Packet Sniffer Project appeared first on Black Hills Information Security.

Maintaining the SOC in the age of limited resources

With COVID-19, a variety of new cyber risks have made their way into organizations as a result of remote working and increasingly sophisticated, opportunistic threats. As such, efficiency in the security operations center (SOC) is more critical than ever, as organizations have to deal with limited SOC resources. Limited SOC resources The SOC is a centralized team of analysts, engineers, and incident managers who are responsible for detecting, analyzing, and responding to incidents and keeping … More

The post Maintaining the SOC in the age of limited resources appeared first on Help Net Security.

Webcast: Kerberos & Attacks 101

Join the BHIS Discord discussion server: https://discord.gg/aHHh3u5 We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast on Kerberos & Attacks 101. Tim is the creator of Kerberoasting. Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? […]

The post Webcast: Kerberos & Attacks 101 appeared first on Black Hills Information Security.

How do I select a backup solution for my business?

42% of companies experienced a data loss event that resulted in downtime last year. That high number is likely caused by the fact that while nearly 90% are backing up the IT components they’re responsible for protecting, only 41% back up daily – leaving many businesses with gaps in the valuable data available for recovery. In order to select an appropriate backup solution for your business, you need to think about a variety of factors. … More

The post How do I select a backup solution for my business? appeared first on Help Net Security.

Integrating a SIEM solution in a large enterprise with disparate global centers

Security Information and Event Management (SIEM) systems combine two critical infosec abilities – information management and event management – to identify outliers and respond with appropriate measures. While information management deals with the collection of security data from across silos in the enterprise (firewalls, antivirus tools, intrusion detection, etc.), event management focuses on incidents that can pose a threat to the system – from benign human errors to malicious code trying to break in. Having … More

The post Integrating a SIEM solution in a large enterprise with disparate global centers appeared first on Help Net Security.

CISOs are critical to thriving companies: Here’s how to support their efforts

Even before COVID-19 initiated an onslaught of additional cybersecurity risks, many chief information security officers (CISOs) were struggling. According to a 2019 survey of cybersecurity professionals, these critical data defenders were burned out. At the time, 64% were considering quitting their jobs, and nearly as many, 63%, were looking to leave the industry altogether. Of course, COVID-19 and the ensuing remote work requirements have made the problem worse. It’s clear that companies could be facing … More

The post CISOs are critical to thriving companies: Here’s how to support their efforts appeared first on Help Net Security.

A Pentester’s Voyage – The First Few Hours

Jordan Drysdale // Many methodologies have been written, but the first few hours on an internal pentest tell the story of an organization’s security culture. This type of test differs from an assumed compromise or pivot in that the tester walks into the network fully armed. requirements.txt Nmap: https://nmap.org/  Responder: https://github.com/lgandx/Responder  Impacket: https://github.com/SecureAuthCorp/Impacket  CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec  […]

The post A Pentester’s Voyage – The First Few Hours appeared first on Black Hills Information Security.

Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era

In the wake of China lifting some of its lockdown restrictions in the Wuhan province, most of the world is looking forward to getting back to ‘normal’. According to the World Health Organization, this transition from government-enforced lockdown to a quasi-repose state, should not be taken lightly nor perceived as a callback to ‘normalcy’.

As many epidemiologists pointed out, we have yet to reach the ‘infection’ peak, meaning that a second viral wave may be lurking around the corner. In the interim, with several European countries dropping part of the lockdown-specific rules, company-owners are making the necessary preparations to accommodate all the employees who were sent to work from home.

Many challenges lie ahead, most being related to (re)constructing a (the) work environment and how to achieve total compliance with the governmental recommendations/regulations – which, literally translates to how to keep your employees safe in the ‘Post-Pandemic Era’. The apostrophes are not poetic license – the coronavirus pandemic is far from over and it’s important to keep that in mind when you begin drafting the plans on how to bring everyone back to the office.

There is another consideration – your company’s cybersecurity factor. Up till now, your sysadmins were focused on making telecommuting work – configuring the network, installing additional equipment, researching remote work-specific software.

However, not that the employees will be returning to the office, the focus must shift back to on-site network admin, which, among other things, means getting up-to-speed with your cybersecurity policies (or lack of).

In this article, I am going to go over Heimdal™ Security’s return-to-the-office, cybersecurity recommendations. And because this is a race against time, I’m going to show you how to cut some corners (not in a bad way).

The post-pandemic era office

It’s only natural to have some reservations about going back to the office. After all, we did spend the last couple of months being told to stay at home, wash our hands, and practice social distancing. The idea of heading back to the office, while the coronavirus is still active, may seem foreboding. Perhaps even confusing – how can we even think about venturing into the world when the authorities are still struggling to contain COVID hotbeds that appear overnight?

Some WHO-associated sources mentioned something about the ‘death of normalcy’. In other words, we can never go back to what we believed was ‘normal’ because the very idea of ‘commonplaceness’ is what led us to this conundrum.

We need to change and that’s a fact. ‘But how?’ is the question du jour. Do we simply go back to our regular, and very mundane, 9-to-5 lives, knowing that the virus is still around? There’s no doubt that all of them are legitimate questions, which I will be addressing throughout this article.

Is it safe to go back to work? Health authorities from around the globe have already begun loosening the lockdown restrictions, allowing some industries to resume production. For instance, the Spanish health authorities, partly encouraged by the decrease in new coronavirus cases/casualties, have cleared the ‘restart’ for the construction and manufacturing industries.

On Monday, by ministerial decree, workers employed in these two sectors will return to work. I would like to remind the readers that Spain has been under lockdown since the middle of March.

Moreover, Spain is ranked fourth in deaths caused by the new coronavirus, after the United States, UK, and Italy. It’s encouraging news indeed, considering how hard this country was hit. Spain is not the only country to loosen its lockdown restrictions to stabilize the economy.

On the 25th of April, three US states (Georgia, Alaska, and Oklahoma), have taken the first steps in loosening some of the lockdown orders, despite the US’s death toll is around 70,000 and climbing. Even life in China, which is considered the first coronavirus hotbed, is slowly returning to normal, with more business relaunching every single day.

Returning to the office is possible and feasible. However, it will look entirely different compared to what your employees had in mind.

First of all, as an employer, you are bound by law to take every necessary to ensure the safety of your workforce and help the health authorities stem the spread of this contagion. So, right from the start, two aspects need to be tackled: legal and health-related. Of course, an equally important aspect is cybersecurity. Let’s take a closer look at each of them.

Legal Implications of Returning to Work

According to the White House officials, employers can recall the staff on premises if they meet all the requirements laid down and enforced by federal, state, and local officials. The document in question is broken down into several sections, each of them addressing a certain social category (healthcare providers, employers, employees, specific employees, and businesses). Below, you will find an excerpt from the White House’s tri-phase plan.

Guidelines for all phases

Employers:

Develop and implement appropriate policies, per Federal, State, and local regulations and guidance, and informed by industry best practices, regarding:

  • Social distancing and protective equipment
  • Temperature checks
  • Sanitation
  • Use and disinfection of common and high-traffic areas
  • Business travel

Monitor the workforce for indicative symptoms. Do not allow symptomatic people to physically return to work until cleared by a medical provider.

Develop and implement policies and procedures for workforce contact tracing following employee COVID + test.”

Source: White House Gov – Opening America (Guidelines)

The European Union has also laid down strict guidelines regarding how employers should (re)act when recalling employees. According to the OSHwiki, EU’s plan of reopening businesses focuses:

  1. Minimizing exposure to COVID-19 after recalling employees,
  2. Updating your company’s risk assessment plan[i];
  3. Adapting the environment’s layout as to comply with the health authorities’ recommendations regarding social distancing and other health-related concerns;
  4. Identifying employees that are in the high-risk groups and creating a hazard-free work environment[ii];
  5. Maintaining communication with your occupational health service;
  6. Miscellaneous measures that can help your workforce cope with the changes produced by the coronavirus outbreak (i.e. a counselor to help your employees overcome anxiety, or depression, as side-effects of long-term isolation).

The same document also provides some insight on telework – bringing everybody back to the office at once would violate the social distancing rule. The obvious solution would be to allow some of your employees to continue working from home. In the long run, you can work out a rotation-based schedule to get everyone back.

Heimdal Official Logo

Simple Antivirus protection is no longer enough.

Thor Premium Enterprise

is the multi-layered Endpoint Detection and Response (EDR) approach
to organizational defense.
  • Next-gen Antivirus which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

Cybersecurity concerns in the Post-Pandemic Era

In terms of cybercrime, the coronavirus did nothing to stop or at least dilute the number of cyberattacks. Although in some countries the healthcare system is on the brink of collapse, that did not stop malicious actors from taking advantage of the confusion to stage debilitating ransomware attacks. The oil industry has also been targeted, as well as SMBs that fast-tracked the remote work initiative while sacrificing their cybersecurity posture.

Because I do a lot of research in the cyber-resilience area, I usually come across various forums where sysadmins ask all kind of security-related questions. In one thread, there was this sysadmin who said that his CEO ordered him to give every employee admin-type privilege before sending them to work from home. Needless to say, this type of praxis can lead to all manner of entanglements, not to mention the fact that you would be offering hackers several access points for data exfiltration.

This should be in a way construed as typical corona-related behavior. It goes further than that. Oftentimes, decision-makers, who lack cybersecurity training, will often make the mistake of overruling the sysadmin’s decisions in the area of security. A grave mistake, indeed, one that can cost companies millions of dollars.

Consider an alternative scenario – a lack of funding. An expanding startup just doesn’t have the financial needs to secure all the vital areas, leaving sysadmins to work with the tools they have on hands. Take patching, for instance. Nobody gives patching any attention until the company reaches the 20+ endpoint milestone. Then it becomes problematic, especially when there is only one sysadmin. What happens after that?

System administrators will use automatic patching and deployment solutions like WSUS and SCCM to ensure that are endpoints are running the latest Windows versions or that the proprietary software has been patched.

Even when you’re overseeing a 20+ endpoint network, using either one of those can create more issues than they can solve. This is not me putting the kibosh on Microsoft’s auto-patching, management, and deployment software, but, considering the speed that was required to set up a stable remote work network, SCCM and WSUS is simply not feasible.

Readers should remember that more than 80% of a machine’s vulnerabilities can be fixed through patching. Right now, the emphasis is on automatic tools that can deploy patches and updates on the fly.

Heimdal™ Security’s Thor Premium Enterprise, our company’s unique threat-hunting, and vulnerability remediation solution can help your sysadmin deploy updates and patches from anywhere in the world. Thor Premium Enterprise is a cloud-native solution, which means that you won’t have to worry about saving those patches/updates locally before they are applied.

Furthermore, on-demand, you can also add Infinity Management to your Thor Premium Enterprise suite. IM provides you with granular control over your endpoints and, most importantly, over what kind of software was installed on those machines. From there, you can force-install applications, roll back to a previous version, deploy and install proprietary software\update\patches, and much more.

Wrap-up

Back to work in the Post-Pandemic era? It is possible, but we have and need to follow some rules. As a company-owner, you have to guarantee the safety of your employees, no matter if it’s related to health or cybersecurity.

One sensible step towards reopening your business would be to work with the local authorities to make sure you meet all the requirements. Furthermore, you should also offer some degree of flexibility. Perhaps not all of them are thrilled at the thought of going back to the office considering that the coronavirus pandemic is far from over. Be mindful of your employees’ wishes and work with them to come up with the best solution.

[i] A company-wide analysis that must include a risk evaluation paper, risk control, safety measures, mitigation, risk management tools, and training.

[ii] If your office cannot guarantee the safety of your high-risk employees during regular office hours, it’s advisable to allow them to continue working from a home-type environment.

The post Back to Work After Lockdown: Cyber Risks of the Post-Pandemic Era appeared first on Heimdal Security Blog.

Webcast: Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests

I like webapps, don’t you? Webapps have got to be the best way to learn about security. Why? Because they’re self-contained and so very transparent. You don’t need a big ol’ lab before you can play with them. You can run them in a single tiny VM or even tiny-er Docker image on your laptop. […]

The post Webcast: Free Tools! How to Use Developer Tools and Javascript in Webapp Pentests appeared first on Black Hills Information Security.

Getting Started With Basic Google Searches

Hello and welcome. My name is John Strand and in this video, we’re going to be talking about some very basic Google searches. Now we’ve got to take a couple of steps back and talk about what Google actually does. Google goes through and it indexes all the different texts and images and things they […]

The post Getting Started With Basic Google Searches appeared first on Black Hills Information Security.

Getting Started With Base64 Encoding and Decoding

Hello and welcome. My name is John Strand and in this video, we’re going to be talking about Base64 encoding and decoding. Now the reason why we’re talking about it is once again we have the BHIS Cyber Range for our customers and friends and this is just basically a video to walk people through […]

The post Getting Started With Base64 Encoding and Decoding appeared first on Black Hills Information Security.

Webcast: How to Build a Home Lab

This is a joint webcast from Black Hills Information Security and Active Countermeasures. How many of us have tried some new configuration option, utility, or hardware on a production environment, only to crash a critical piece of the business? (me raising hand…) It’s amazing how quickly we learn not to do that! Now we have […]

The post Webcast: How to Build a Home Lab appeared first on Black Hills Information Security.

Getting Started With ROT Obfuscation

Hello, my name is John Strand. In this video, we’re going to be talking about ROT or rotate. Why exactly are we talking about one specific thing? Well, this particular video is used with our Cyber Range that we’re establishing at Black Hills Information Security and it’s very common when you’re pentesting or you’re doing […]

The post Getting Started With ROT Obfuscation appeared first on Black Hills Information Security.

Getting Started With Tracking Hackers With HoneyBadger

Hello and welcome. My name is John Strand, and in this video, we’re going to talk a little bit about HoneyBadger. Now, in a number of other videos and a number of other things whenever you’re talking about attribution or cyber deception, you can focus on creating documents or elements that’ll beacon back and many […]

The post Getting Started With Tracking Hackers With HoneyBadger appeared first on Black Hills Information Security.

Home Network Design – Part 2

Ethan Robish // Why Segment Your Network? Here’s a quick recap from Part 1. A typical home network is flat. This means that all devices are connected to the same router and are on the same subnet. Each device can communicate with every other with no restrictions at the network level. This network’s first line […]

The post Home Network Design – Part 2 appeared first on Black Hills Information Security.

Tracking Attackers With Word Web Bugs (Cyber Deception)

Hello and welcome! My name is John Strand, and in this video, we’re going to be talking about Word Web Bug Servers. Now the idea of a Word Web Bug Server is we can create a Word document that any time that document is opened it will actually create a call back and it will […]

The post Tracking Attackers With Word Web Bugs (Cyber Deception) appeared first on Black Hills Information Security.