BHIS | #InfoSec Webcast - Available Now! Your 5 Year Plan into InfoSec w/ @strandjs Recorded: 8/9/2017 Watch: blackhillsinfosec.com/webcas…

Join us for this week's infosec-news stories with the Black Hills Infosec team live at 4:30pm ET on Mondays -- youtube.com/watch?v=JixLhIxi…

Last week Stephan Borosh gave us a live demo on a ClickOnce-based Command-and-Control (C2) framework. ClickOnce Commander is a powerful new tool for professional red team operators and offensive security researchers. Watch Steve demonstrates how Microsoft ClickOnce deployments can be analyzed, abused, and leveraged as a stealthy attack vector 👉 youtube.com/watch?v=acijx_Tb…

Patience, curiosity, and experimentation go a long way in exploit research. Learn more: blackhillsinfosec.com/how-to… How to Identify and Exploit New Vulnerabilities by: Matthew Eidelberg Published (in blog format): 05/13/2026

**NEW** BHIS | Blog A fake badge. A held door. A few assumptions. That’s all it can take to bypass physical security. The Art of the Badge: A Hard Truth About Physical Security by: Robert Boettger | Guest Author Published: 06/10/2026 Learn more: blackhillsinfosec.com/the-ar…

"[...] the common wisdom is: There are way more defensive security jobs than offensive jobs, so if you want to do X in cybersecurity, you should start with a blue team position..." Read more: blackhillsinfosec.com/gettin… Getting Started In Pentesting – Advice From The BHIS Pentest Lead by: @Josh Daniels Published: 04/08/2026

Join us for this week's infosec-news stories with the Black Hills Infosec team live at 4:30pm ET on Mondays -- youtube.com/watch?v=_o5hjjtf…

"There are a thousand (rough guess) different ways in Burp Suite to swap out session token values when using something like Intruder or the Scanner. But what about the edge cases?" Read more: blackhillsinfosec.com/swappe… Swapper - A Pure Regex Match/Replace Burp Extension by: Dave Blandford Published: 5/6/2026

**NEW** BHIS | Blog (It's 10pm. Do you know where your pipelines are?) How well do you know your Continuous Integration/Continuous Delivery (CI/CD) pipelines? Auditing GitLab: The CI/CD Kill Chain by: @ProOfConcept9 Published: 06/03/2026 Learn more: blackhillsinfosec.com/auditi…

Join us for this week's infosec-news stories with the Black Hills Infosec team live at 4:30pm ET on Mondays -- youtube.com/watch?v=gp5c-4lF…

Not all BloodHound data collection methods are created equal. Learn more: blackhillsinfosec.com/bloodh… A Practical Guide to BloodHound Data Collection by: Alyssa Snow Published: 4/29/2026

Bronwen Aker killed todays webcast! For those who missed it be on the lookout for the full webcast and slide deck to be posted here on Monday! For now last look back at last weeks webcast on Looking at A.I. Wrong with John Strand, Brian King, and Derek Banks1 No slide deck for this one so just hit that link, relax and listen: youtube.com/watch?v=CVdsY2aX…

Settle in class its time for Hayabusa 101 with Patterson Cake! Hayabusa is an open-source Windows event log fast forensics timeline generator and threat hunting tool by @SecurityYamato that you need in your belt. Learn how to install and setup Hayabusa so you enhance your Windows endpoint investigations! Download it here: github.com/Yamato-Security/h… Check out these additional resources to learn more: “Wrangling Windows Event Logs with Hayabusa and SOF-ELK – Part 1” blog: blackhillsinfosec.com/wrangl… “Wrangling Windows Event Logs with Hayabusa and SOF-ELK – Part 2” blog: blackhillsinfosec.com/wrangl…

**NEW** BHIS | Blog One password reset. One bad habit. One very long day for the security team. This story, originally from the ANTISOC PROMPT# zine, follows how one helpdesk password shortcut turned into more than 100 compromised accounts during a continuous pentesting operation. Bad Habits: An ANTISOC Operation by: Corey Ham Published (in blog format): 5/27/2026 Learn more: blackhillsinfosec.com/antiso…

Join us for this week's infosec-news stories with the Black Hills Infosec team live at 4:30pm ET on Tuesday??? Crazy right? -- youtube.com/watch?v=zDLB_01f…

Hey folks! Let's look at what's happening with @Antisy_Training Training and Black Hills Information Security! Ant-Cast: Wed, May 27, 2026 12:00 PM Threat Hunting in the Agentic Age w/ Faan Rossouw Join Faan Rossouw, creator of aionsec.ai, as he walks you through how agentic AI removes the constraint that limited threat hunting's impact for over a decade and what that means for how you build, design, and hunt. Register:events.zoom.us/ev/AiCbW1-ns_… Webcast: The next BHIS webcast is on The Paranoid Prompter - Prompt Engineering for Infosec with Bronwen Aker Join us for a free one hour webcast and go deep into specific realities cybersecurity professionals face around client data and liability, tackling challenges that most prompt engineering tutorials, even those for security professionals, do not address. Thu, May 28, 2026 1:00 PM EDT Register: events.zoom.us/ev/Aj1Hv75wMO…

"The databases have since been secured, but the incident highlights a critical issue for businesses that think AI chatbots are a silver bullet or a turnkey replacement for humans." Lessons From A Chatbot Incident: When AI Becomes a Data Liabilit by: Jeremiah Fowler Originally Published (In blog format): 03/25/2026 Learn more: blackhillsinfosec.com/lesson…

"Tabletop exercises have long been a staple of security and BCDR activities, designed to simulate real-world scenarios for team training and preparedness." How to Lead Effective Tabletops by: Glen Sorenson Originally Published (In blog format): 03/18/2026 Learn more: blackhillsinfosec.com/how-to…

**NEW** BHIS | Blog “You can’t detect what you don’t know exists.” In this new BHIS interview, Hayden Covington and Beau Bullock discuss how a culture comfortable with knowledge sharing between offensive and defensive teams helps close that gap. Same Problem, Different Angles: When Red Team and Blue Team Actually Talk to Each Other by: Melissa Lauro Published: 5/20/2026 Learn more: blackhillsinfosec.com/same-p…

"Risk management is what GRC is all about." Read more: blackhillsinfosec.com/unders… Understanding GRC: How to Navigate Risks and Compliance Standards by: Sean Reilly Published (in blog format): 03/18/2026

Join us for this week's infosec-news stories with the Black Hills Infosec team live at 4:30pm ET on Mondays -- youtube.com/live/U_JzndcNmWE