Category Archives: john strand

Webcast: How to Play Backdoors & Breaches, Incident Response Card Game

Download slides: https://www.activecountermeasures.com/presentations/ More info: https://www.blackhillsinfosec.com/projects/backdoorsandbreaches/ 2:09 Introduction to the types of cards in the deck, pricing, why we created B&B 10:25 Basic setup for playing the game and how to play the game 18:03 Breaking down cards and how they work 35:54 Demo Game 1 44:39 Demo Game 2 54:50 Questions and comments This […]

The post Webcast: How to Play Backdoors & Breaches, Incident Response Card Game appeared first on Black Hills Information Security.

Webcast: How to Prepare Before the Compromise

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 00:40 Intro, background information, how to deal with the psychology and politics in your company 15:34 Reviewing different cards in Backdoors & Breaches, Server Analysis 22:39 Security Information and Event Management Log Analysis (SIEM) 31:12 Firewall Logs, Zeek, and […]

The post Webcast: How to Prepare Before the Compromise appeared first on Black Hills Information Security.

Webcast: In-Depth SILENTTRINITY Demo, Explanation & Walkthrough

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 1:07 Quick review of SILENTTRINITY functions, an overview of Bring your own Interpreter (BYOI) capabilities, BYOI payload 7:08 BYOI/SILENTTRINITY in a nutshell, advantages vs. disadvantages 16:53 Overview of the almost 50 new modules that have been incorporated, live demo 38:12 […]

The post Webcast: In-Depth SILENTTRINITY Demo, Explanation & Walkthrough appeared first on Black Hills Information Security.

Webcast: Open Source Exploits in the Cloud’s Big Data Services – Cloud TradeCraft

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:18 Problem statement and exploitation timeline8:28 MapReduce and Hadoop overview, overview of open-source software based on Hadoop architecture and their vulnerabilities14:15 Live demonstration of standing up a stack in EMR, terminology, auto-scaling risks, proper security postures for any new […]

The post Webcast: Open Source Exploits in the Cloud’s Big Data Services – Cloud TradeCraft appeared first on Black Hills Information Security.

Getting Started With AppLocker

John Strand // I have quite a few calls with customers who do not know where to begin when it comes to application whitelisting. Often, the approach some organizations take is to try and implement full application whitelisting on every single application across their entire environment.  While this goal is fun and seems like a […]

The post Getting Started With AppLocker appeared first on Black Hills Information Security.

Getting Started With Sysmon

John Strand // In this blog, I want to walk through how we can set up Sysmon to easily get improved logging over what we get from normal (and just plain awful) logging in Windows. Basically, trying to get information from standard Windows logs is a lot like playing tennis against curtains.  Sure, you can […]

The post Getting Started With Sysmon appeared first on Black Hills Information Security.

Webcast: Windows logging, Sysmon, and ELK

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 4:36 Problem Statement and Executive Problem Statement 9:00 Short Sysmon review, introduction to ELK, what programs make up ELK, data type and its affect on elasticsearch, answering viewer questions 20:51 Touching on different types of logs, how logstash deals […]

The post Webcast: Windows logging, Sysmon, and ELK appeared first on Black Hills Information Security.

Webcast: Implementing Sysmon and Applocker

Click on the timecodes to jump to that part of the video (on YouTube) Download slides: https://www.activecountermeasures.com/presentations 5:03 Introduction, problem statement, and executive problem statement 8:19 What Sysmon is with a demo of how it works 24:54 Implementing Sysmon and how to have your computers automatically update and utilize Sysmon 29:05 Applocker, its uses, and […]

The post Webcast: Implementing Sysmon and Applocker appeared first on Black Hills Information Security.