10 episodes

Helping you navigate the treacherous terrain of InfoSec. Black Hills Information Security specializes in penetration testing, red teaming, and threat hunting.

Black Hills Information Security Black Hills Information Security

    • News
    • 4.9 • 66 Ratings

Helping you navigate the treacherous terrain of InfoSec. Black Hills Information Security specializes in penetration testing, red teaming, and threat hunting.

    Talkin’ About Infosec News – 1/14/2021

    Talkin’ About Infosec News – 1/14/2021

    ORIGINALLY AIRED ON JANUARY 10, 2021







    Articles discussed in this episode:







    01:58 – Story # 1: WordPress Core Vulnerabilities – https://www.searchenginejournal.com/wordpress-core-vulnerabilities/432042/#close







    11:32 – Story # 2: Card-stealing code on over 100 Sotheby’s luxury real estate sites – https://therecord.media/card-stealing-code-found-on-more-than-100-sothebys-luxury-real-estate-sites/







    14:55 – Story # 3: France hits Facebook & Google with $210 million in fines – https://www.bleepingcomputer.com/news/legal/france-hits-facebook-and-google-with-210-million-in-fines/







    22:14 – Story # 4: Pwn2Own, ShmooCon security conferences postponed due to COVID-19 surge – https://therecord.media/pwn2own-shmoocon-security-conferences-postponed-due-to-covid-19-surge/







    24:48 – Story # 5: BREAKING! Cyber Threat Map – https://www.fireeye.com/cyber-map/threat-map.html







    27:21 – Story # 6: Open source developer corrupts widely-used libraries – https://www.theverge.com/2022/1/9/22874949/developer-corrupts-open-source-libraries-projects-affected







    34:38 – Story # 7: FTC warns companies to remediate Log4j security vulnerability – https://www.ftc.gov/news-events/blogs/techftc/2022/01/ftc-warns-companies-remediate-log4j-security-vulnerability







    39:58 – Story # 8: Trojanized dnSpy app drops malware cocktail – https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/







    45:33 – Story # 9: Norton 360 Cryptominer – https://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/







    55:56 – Hot Takes and Sadness

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) ...

    • 57 min
    Talkin’ About Infosec News – 1/7/2021

    Talkin’ About Infosec News – 1/7/2021

    ORIGINALLY AIRED ON JANUARY 4, 2021







    Articles discussed in this episode:







    00:00 – PreShow Banter™ — Who’s Job Is It Anyway?







    00:20 – BHIS – Talkin’ Bout [infosec] News 2022-01-04







    01:58 – Story # 1: iLOBleed Rootkit – https://thehackernews.com/2021/12/new-ilobleed-rootkit-targeting-hp.html







    08:39 – Story # 2: Firmware attack can drop persistent malware in hidden SSD area – https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/







    17:35 – Story # 3: OverWatch Exposes AQUATIC PANDA – https://www.crowdstrike.com/blog/overwatch-exposes-aquatic-panda-in-possession-of-log-4-shell-exploit-tools/







    21:38 – Story # 4: Experts warn against storing passwords in Chrome – https://nypost.com/2022/01/02/experts-warn-against-storing-passwords-in-chrome/







    42:16 – Official Report: Not Responsible for the Information Super Highway

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) 

    Other stuffs 



    You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ 

    • 50 min
    Webcast: New Wave of Ransomware Attacks: How did this happen?

    Webcast: New Wave of Ransomware Attacks: How did this happen?

    This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. 







    In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are.







    Consider this to be part 2 of the previous webcast I did on the topic. Available now on YouTube: https://youtu.be/wKAQB4Yp-k4?t=1669







    Yep, we are going to talk about management and how to change their attitude on security. Yes, we will be talking about compliance. Of course, we will be talking about some simple actions companies can take to be better prepared. 







    I think it is important for us to talk through the history and see how we got to where we are in the industry. We have done a lot of tests over the years. We have seen technical and political patterns in “hard” and “easy” targets. We will talk about those as well.







    We may even talk about threat intelligence, just a little…

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) 

    Other stuffs 



    You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ 

    • 1 hr 46 min
    Talkin’ About Infosec News – 12/22/2021

    Talkin’ About Infosec News – 12/22/2021

    ORIGINALLY AIRED ON DECEMBER 20, 2021







    Articles discussed in this episode:







    00:00 – PreShow Banter™ — Getting Nerdy With It







    04:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-20 – The Final Broadcast … of 2021







    05:34 – Story # 1: Apple releases Android app to find rogue AirTags – https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/







    18:24 – Story # 2: A Summary of Sorts – The Tale of 2021







    21:40 – Story # 3: Kronos hit with ransomware – https://www.zdnet.com/article/hr-platform-kronos-brought-down-by-ransomware-attack-ukg-warns-of-data-breach/







    22:19 – Story # 4: 300,000 MikroTik Devices Found Vulnerable – https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html







    26:51 – Story # 5: WordPress Sites Under Cyberattack – https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html







    28:45 – Story # 6: Firefox password leak via Windows Cloud Clipboard – https://therecord.media/firefox-fixes-password-leak-via-windows-cloud-clipboard-feature/







    36:33 – Story # 7: Android Application Testing Using Windows 11 – https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/







    37:43 – Story # 8: Verizon overrides users’ opt-out – https://arstechnica.com/information-technology/2021/12/verizon-ignored-users-previous-opt-outs-in-latest-push-to-scan-web-browsing/







    43:15 – Story # 9: Volvo cyber security breach – https://www.media.volvocars.com/global/en-gb/media/pressreleases/292817/notice-of-cyber-security-breach-by-third-party-1

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) 

    Other stuffs 

    • 57 min
    Webcast: Intro to Ransomware and Industrial Control Systems (ICS)

    Webcast: Intro to Ransomware and Industrial Control Systems (ICS)

    Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join Ashley in this adventure to learn about our critical infrastructure, the threats, and how to secure them.







    At the end of this BHIS webcast, you will have a better understanding of ICS infrastructure, how ransomware affects ICS, and how to protect against threats to ICS.







    00:00:00 – PreShow Banter™







    00:37:38 – FEATURE PRESENTATION







    01:32:04 – Closing Q&A

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) 

    Other stuffs 



    You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ 

    • 1 hr 42 min
    Webcast: Hack for Show, Report For Dough: Part 2

    Webcast: Hack for Show, Report For Dough: Part 2

    At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest.







    Penetration Testers get paid for their reports.







    For their explanations.







    For their story of the environment as it appears to an attacker.







    The scanning and testing and exploiting (and failing at those things) is nothing more than input for the report.







    So if the job of pentesting is all about creating a good report, why is it so common to hear how much testers hate reporting? Is there any way to make it all less difficult, or more attractive?







    Yes, there is.







    Come see a better way to think about your report. See examples of common mistakes and missed opportunities in reporting and how you can do better. Consider how a small change in how you think about your report can make it easier to write.







    We’ll wrap up with a demonstration of how a little time exploring MS Word features can pay you back immediately in saved time, reduced frustration, and improved consistency.







    If you want to better understand what makes a pentest valuable and how you can make your own work more sought-after, come join us for this webcast. Join us on the BLACK HILLS INFOSEC Discord server for live interaction with Jason and your fellow attendees: https://discord.gg/bhis







    Part 1 at BSides Cleveland: https://youtu.be/NUueNT1svb8







    00:00:00 – PreShow Banter™







    00:48:07 – FEATURE PRESENTATION







    01:44:37 – Closing, Questions & Answers

































    We are self-publishing free Infosec Zines called PROMPT#.







    PROMPT# will contain: 



    Infosec articles 

    Challenging puzzles 

    Comic book based on real-life hacking adventures 

    Coloring contests 

    Bonus Backdoors & Breaches Consultant Cards (print version only) 

    Other stuffs 



    You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ 

    • 1 hr 59 min

Customer Reviews

4.9 out of 5
66 Ratings

66 Ratings

[REDACTED] USER ,

My favorite infosec podcast

This podcast is informative and entertaining. BHIS is the best!

He5150 ,

Best cyber security news podcast

You guys are hilarious and it’s a great way to stay up to date on current events in this sector. Only thing I would recommend is if you are explaining some really technical stuff, also giving a dumbed down explanation would be great.

Or maybe I’m too dumb to listen to this, either way 5 stars

Top Podcasts In News

Tortoise Media
The New York Times
The Daily Wire
NPR
Serial Productions
MSNBC

You Might Also Like

Johannes B. Ullrich
Recorded Future
Cybereason
CyberWire, Inc.
CyberWire Inc.