![Black Hills Information Security](/img/default-banner.jpg)
- 717
- 2 541 180
Black Hills Information Security
United States
Приєднався 30 бер 2016
At Black Hills Information Security we were brand new to info sec once too! With that in mind we want to help everyone become more educated in this exciting field that's changing so quickly! We offer webcasts free to anyone who's interested, a blog on our website, and with our pen testing we're hoping to better educate our customers so they can always be improving their environments. We think it's summed up pretty brilliantly in this quote from Richard Feynman: “Study hard what interests you the most in the most undisciplined, irreverent and original manner possible.”
REKAST - Talkin' Bout [infosec] News 2024-06-17 #infosecnews #cybersecurity #podcast #podcastclips
Here's a byte-sized highlight reel of our weekly Podcast with BHIS and Friends. stories. (blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories. Catch us LIVE on Mondays, 4:430pm EST.
Brought to you by:
/// 📄 Antisyphon Training
www.antisyphontraining.com/
▶️ This FULL EPISODE:
ua-cam.com/users/liveQUdWSrMg-qs
▶️ The next EPISODE:
ua-cam.com/users/livekeEwKOly61M
/// 🔗 Register for webcasts, summits, and workshops -
blackhillsinfosec.zoom.us/ze/hub/stadium
/// All News Stories From the Full Episode
Story # 1: Windows security hole allows attackers to install malware via Wi-Fi - new patch plugs gaping vulnerability
www.tomshardware.com/software/windows/windows-security-hole-allows-attackers-to-install-malware-via-wi-fi-new-patch-plugs-gaping-vulnerability
www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
Story # 2: Microsoft’s all-knowing Recall AI feature is being delayed
www.theverge.com/2024/6/13/24178144/microsoft-windows-ai-recall-feature-delay
Story # 3: Here’s how Apple’s AI model tries to keep your data private
www.theverge.com/2024/6/13/24175985/apple-intelligence-ai-model-local-cloud-privacy-how-it-works
thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html
Story # 4: New Linux malware is controlled through emojis sent from Discord
www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/
Story # 5: Pure Storage confirms data breach after Snowflake account hack
www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack/
Story # 6: Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
///Black Hills Infosec Socials
Twitter: BHinfoSecurity
Mastodon: infosec.exchange/@blackhillsinfosec
LinkedIn: www.linkedin.com/company/antisyphon-training
Discord: discord.gg/ffzdt3WUDe
///Black Hills Infosec Shirts & Hoodies
spearphish-general-store.myshopify.com/collections/bhis-shirt-collections
///Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/services/active-soc/
Penetration Testing: www.blackhillsinfosec.com/services/
Incident Response: www.blackhillsinfosec.com/services/incident-response/
///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
///Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pay-what-you-can/
Live Training: www.antisyphontraining.com/course-catalog/
On Demand Training: www.antisyphontraining.com/on-demand-course-catalog/
Antisyphon Discord: discord.gg/antisyphon
Antisyphon Mastodon: infosec.exchange/@Antisy_Training
///Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest UA-cam: ua-cam.com/users/wildwesthackinfest
Antisyphon Training UA-cam: ua-cam.com/users/antisyphontraining
Active Countermeasures UA-cam: ua-cam.com/users/activecountermeasures
Threat Hunter Community Discord: discord.gg/threathunter
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#infosecnews #cybersecurity #podcast #podcastclips
Brought to you by:
/// 📄 Antisyphon Training
www.antisyphontraining.com/
▶️ This FULL EPISODE:
ua-cam.com/users/liveQUdWSrMg-qs
▶️ The next EPISODE:
ua-cam.com/users/livekeEwKOly61M
/// 🔗 Register for webcasts, summits, and workshops -
blackhillsinfosec.zoom.us/ze/hub/stadium
/// All News Stories From the Full Episode
Story # 1: Windows security hole allows attackers to install malware via Wi-Fi - new patch plugs gaping vulnerability
www.tomshardware.com/software/windows/windows-security-hole-allows-attackers-to-install-malware-via-wi-fi-new-patch-plugs-gaping-vulnerability
www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
Story # 2: Microsoft’s all-knowing Recall AI feature is being delayed
www.theverge.com/2024/6/13/24178144/microsoft-windows-ai-recall-feature-delay
Story # 3: Here’s how Apple’s AI model tries to keep your data private
www.theverge.com/2024/6/13/24175985/apple-intelligence-ai-model-local-cloud-privacy-how-it-works
thehackernews.com/2024/06/apple-integrates-openais-chatgpt-into.html
Story # 4: New Linux malware is controlled through emojis sent from Discord
www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/
Story # 5: Pure Storage confirms data breach after Snowflake account hack
www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack/
Story # 6: Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says
www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
///Black Hills Infosec Socials
Twitter: BHinfoSecurity
Mastodon: infosec.exchange/@blackhillsinfosec
LinkedIn: www.linkedin.com/company/antisyphon-training
Discord: discord.gg/ffzdt3WUDe
///Black Hills Infosec Shirts & Hoodies
spearphish-general-store.myshopify.com/collections/bhis-shirt-collections
///Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/services/active-soc/
Penetration Testing: www.blackhillsinfosec.com/services/
Incident Response: www.blackhillsinfosec.com/services/incident-response/
///Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
///Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pay-what-you-can/
Live Training: www.antisyphontraining.com/course-catalog/
On Demand Training: www.antisyphontraining.com/on-demand-course-catalog/
Antisyphon Discord: discord.gg/antisyphon
Antisyphon Mastodon: infosec.exchange/@Antisy_Training
///Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest UA-cam: ua-cam.com/users/wildwesthackinfest
Antisyphon Training UA-cam: ua-cam.com/users/antisyphontraining
Active Countermeasures UA-cam: ua-cam.com/users/activecountermeasures
Threat Hunter Community Discord: discord.gg/threathunter
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#infosecnews #cybersecurity #podcast #podcastclips
Переглядів: 231
Відео
REKAST - Talkin' Bout [infosec] News 2024-06-10 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 378День тому
Here's a byte-sized highlight reel of our weekly Podcast with BHIS and Friends. stories. (blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories. Catch us LIVE on Mondays, 4:430pm EST. Brought to you by: /// 📄 Antisyphon Training www.antisyphontraining.com/ ▶️ This FULL EPISODE: ua-cam.com/users/liveZRKz6ax4pH0 ▶️ The next EPISODE: ua-cam.com/users/liveQUdWSrMg-qs /// ...
REKAST - Talkin' Bout [infosec] News 2024-06-03 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 34114 днів тому
Here's a byte-sized highlight reel of our weekly Podcast with BHIS and Friends. stories. (blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories. Catch us LIVE on Mondays, 4:430pm EST. Brought to you by: /// 📄 Antisyphon Training www.antisyphontraining.com/ ▶️ This FULL EPISODE: ua-cam.com/users/live_KzQk5DG4Hg ▶️ The next EPISODE: ua-cam.com/users/liveZRKz6ax4pH0 /// ...
REKAST - Talkin' Bout [infosec] News 2024-05-20 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 52428 днів тому
REKAST - Talkin' Bout [infosec] News 2024-05-20 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-05-13 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 342Місяць тому
REKAST - Talkin' Bout [infosec] News 2024-05-13 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-05-06 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 423Місяць тому
REKAST - Talkin' Bout [infosec] News 2024-05-06 #infosecnews #cybersecurity #podcast #podcastclips
Cyber Security Basics for Muggles & Minions with Ashley and Chris
Переглядів 1,1 тис.Місяць тому
Cyber Security Basics for Muggles & Minions with Ashley and Chris
REKAST - Talkin' Bout [infosec] News 2024-04-29 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 351Місяць тому
REKAST - Talkin' Bout [infosec] News 2024-04-29 #infosecnews #cybersecurity #podcast #podcastclips
REKCAH Comics: New Comic Series - THE FUTURE IS ****** (Highlights)
Переглядів 292Місяць тому
REKCAH Comics: New Comic Series - THE FUTURE IS (Highlights)
REKAST - Talkin' Bout [infosec] News 2024-04-22 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 2952 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-04-22 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-04-15 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3852 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-04-15 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-04-08 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3672 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-04-08 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-04-01 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3962 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-04-01 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-03-25 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3152 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-03-25 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-03-18 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3973 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-03-18 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-03-11 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3563 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-03-11 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-03-04 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 4243 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-03-04 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-02-26 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3273 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-02-26 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-02-19 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 4074 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-02-19 #infosecnews #cybersecurity #podcast #podcastclips
REKAST - Talkin' Bout [infosec] News 2024-02-12 #infosecnews #cybersecurity #podcast #podcastclips
Переглядів 3914 місяці тому
REKAST - Talkin' Bout [infosec] News 2024-02-12 #infosecnews #cybersecurity #podcast #podcastclips
RECAST - Talkin' Bout [infosec] News 2024-02-05
Переглядів 3044 місяці тому
RECAST - Talkin' Bout [infosec] News 2024-02-05
RECAST - Talkin' Bout [infosec] News 2024-01-29
Переглядів 3414 місяці тому
RECAST - Talkin' Bout [infosec] News 2024-01-29
Discovering and Exploiting N-Days w/ Corey Ham | #0day #exploit #pentesting
Переглядів 1,6 тис.4 місяці тому
Discovering and Exploiting N-Days w/ Corey Ham | #0day #exploit #pentesting
Introduction to Offensive Golang Automation w/ Phil Miller
Переглядів 1,5 тис.7 місяців тому
Introduction to Offensive Golang Automation w/ Phil Miller
AC-HUNTER: GUI Network Analysis (FREE!) John Strand | BHIS Nuggets
Переглядів 2,8 тис.8 місяців тому
AC-HUNTER: GUI Network Analysis (FREE!) John Strand | BHIS Nuggets
Honey Files, Canary Tokens, & SIEMS, Oh My! | John Strand | BHIS Nuggets
Переглядів 2,1 тис.8 місяців тому
Honey Files, Canary Tokens, & SIEMS, Oh My! | John Strand | BHIS Nuggets
Honey Users for Cybersecurity | John Strand | BHIS Nuggets
Переглядів 2,2 тис.8 місяців тому
Honey Users for Cybersecurity | John Strand | BHIS Nuggets
Backdoors & Breaches - Introducing the RED CANARY Expansion Deck!
Переглядів 9298 місяців тому
Backdoors & Breaches - Introducing the RED CANARY Expansion Deck!
Frameworks: Fundamental for Infosec | Kelli Tarala | BHIS Nuggets
Переглядів 1,2 тис.8 місяців тому
Frameworks: Fundamental for Infosec | Kelli Tarala | BHIS Nuggets
32:38 I believe you were talking about codespaces
taking my net+ here soon any good places to study? preferably free other than professor messer
There are still only 13 root servers. The reason for the limit has to do with the UDP packet size. Some roots do allow for an Anycast instance, but that instance is still the same IP as the primary root server that is being anycast’d. Speaking as a person that once ran L-Root for 3+ years
So, an interesting discussion all around concerning the biometrics topic. I found that it was missing some context in the discussion however, where no one mentioned that there are already other national protective laws under HIPAA; and there really needs to be correlation related to how that applies as well, and where the cross-over might exist. The CO state law takes inclusive steps to couple biometrics under state privacy laws (in the absence of an overall, cohesive national set), but I'm curious where the thought was that gaps existed in HIPAA that needed this type of additional regulation. Regardless of knowing about this law, this concept has led to some interesting group discussions lately. Are hosted data centers now, or going to be, responsible for providing HIPAA related audit data, in addition to SOC 1/2, as part of the reporting to their clients? Biometrics are a huge part of their security controls and they have lots of client data.
Man is sending full on helldivers 2 extraction codes 😂
Shecky bringing the real talk at 23:00 great points sir!
AONE ❤
That is not at all how it’s being used. Yes, it is Drone as First Response. But just as they would when physically on scene they can assess. And engage if the presented situation called for engagement and or simply be able to surveil and on going situation and provide live updates for those headed and to arriving on scene.
fkn banged my head trying to setup the proxy inside the emulator's settings. It worked super easy via adb. TY so much!
Is it going to help them get the right address ? Before they kick in the wrong door and shoot an innocent unarmed citizen ?
Why don't hackers do the right thing and delete peoples loans and mortgages
The DNS and BIND book should be required reading for anyone working in IT. The amount of people that only have surface level understanding of DNS is astounding.
Windows is malware, stop using it.
ACAB
Already in use, mostly for narcotic surveillance and prostitution stings as the test templates
Not gonna lie I totally agree with his statement 😂
can someone post the article by Daniel Meissler referenced at 3:20
Its such a evasive move im sure the a community will find a way to disable it
Yeah start using Linux lol
finalyyyyy thanks alot
This is gold!
I used my Flipper to find all the secret codes for my TV. It's been helpful because my TV needs an occasional hard reboot which I can do using an undocumented ir command. It was also awesome when I was pranking my nieces and nephews.
Thank you for this Serena and BHIS team. :D
42
Ethics, company have none. It’s all about money. Disclose after 90’days of just like Google does period. Then sue the vendor aka MS for dragging their feet.
Love these talks!! Thx for taking your time and doing them.
Sir tornet is safe? pip install tornet?
UA-cam why have you been hiding this channel from me? Great video!😻
We're glad you found us!
Hii Serena, Do you know any book that goes deep into this or atleast networkig?
May I recommend The TCP IP Guide by Kozierok? That is a comprehensive guide from no starch press.
Thinking about AWS certs...needed to brush my DNS knowledge. Keep it up.
Nice one. Is Bryan Strand a brother to John Strand?
The rumors are true.
To me the biggest problem trying to use direct IP communications are the shared IP addresses. My setup is fairly typical so it's a good example. I have multiple web sites on my primary server and multiple servers behind my IP addresses. Without DNS information in the header the traffic can't be routed properly. In addition I use Cloudflare just like nearly 20% of the web. Direct incoming traffic would just hit my firewall and get "Unable to connect". Cloudflare also uses shared IP addresses unless you want to give them a kidney each and every month. If you try an IP you get from querying my DNS records you get "Error 1003" "Direct IP access not allowed". All that is before we even talk about residential configurations that are often CGNAT. I think DNS is here to stay for a while.
the secret is to screenshot the solution before playing. I wish someone had explained this before on the RSAC speech. Because I had no idea how to share the deck on zoom with other people. dang it people. it's always the simple things.
I like this one more, this webbrowser is up to date. unlike the RSAC one.
Great summary, i'm learning so much about cyber sec!
Thanksss so much!! Helped me a lot cause default way of configuring proxy inside android wasan´t working.
Is Recall any worse than an RCE though? It has an “ultimate use after free vuln” vibe, but from a security perspective, is it really worse? Computers are vulnerable, we might as well get to use the AI.
I think Just a Clever Simulation is exactly right at 28:45ish about Windows Recall. People won't really care until they are personally confronted with something they don't like. It could be a hacker blackmailing them, a family member or friend using your computer and seeing something you didn't want them to see, or SUPER pushy advertising calling out your exact behavior along the lines of "You looked at that potato twice today. Are you sure you don't want to buy it?"
I took the Cyber Deception course few years ago and can highly recommend it! I did pay what I could at the time, and then got a few additional courses from Antisyphon that were excellent!
Love the puppy dog. P.S. People have been editing their genes at home for at least a couple years.
That was funny!!
If you know you know.
Who even uses qradar?
As an IT student/new professional, I enjoy watching these shows because your breakdowns of cybersecurity news topics end up being very friendly to those of us that may not have a deep level of knowledge on the topics. I learn something new every episode. Just a personal preference; If there was a system you could use so there isn’t as much of people talking over each other like a hand raising button or a host and co-host call out people to speak that would be sweet.
What kind of camera and software are you using for your LPR?
Whoa, this looks skookum
1=1;--
Yes, hackers working stealing my notes !!!
This is an AMAZING checklist, great job underlining the examples!
ARP spoofing still being viable in 2024 isn't surprising at all. Can't say I've ever seen anyone implement DHCP snooping, IP source guard or DAI on production switches. Hell 90% of the time they're still using type 7 passwords in configs.
Yea no joke!!