OSINT stands for open-source intelligence, and it refers to all publicly available information on the open internet which has been obtained without any special requirements (paywalls, invitations, etc.). The post OSINT: How to Find, Use, and Control Open-Source Intelligence appeared first on Black Hills Information Security, Inc..

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Having assembled fundamental lab components, you now get to play! However, the ocean of potential projects can be intimidating. Where does one even start? The post What to Do with Your First Home Lab appeared first on Black Hills Information Security, Inc..

We are live from WWHF Mile High 2026 https://wildwesthackinfest.com/ Join us LIVE on Mondays, 4:30pm EST. (Except for this Special Wednesday Episode!) A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm 01:43 - PreShow Banter™ — LIVE from WWHF Denver 2026!! 03:41 - BHIS - Talkin' Bout [infosec] News 2026-02-11 04:44 - Story # 1: Critical Notepad vulnerability reignites criticism of Microsoft’s forced AI features https://cybernews.com/security/windows-notepad-vulnerable-to-remote-attacks-feature-creep-blamed/ 09:40 - Story #2: Discord will require a face scan or ID for full access next month https://www.theverge.com/tech/875309/discord-age-verification-global-roll-out 12:19 - Story #3: 2026-01-14: The Day the telnet Died https://www.labs.greynoise.io/grimoire/2026-02-10-telnet-falls-silent/ 17:02 - Story #4: BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution https://cybersecuritynews.com/beyondtrust-remote-access-products-0-day-vulnerability/ 18:29 - Story #5: GRITREP: 0APT and the Victims Who Weren’t https://www.guidepointsecurity.com/blog/gritrep-0apt-and-the-victims-who-werent/ 22:18 - Open Discussion 35:08 - Announcements Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat This episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption. 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com

We are live from WWHF Mile High 2026 https://wildwesthackinfest.com/ Join us LIVE on Mondays, 4:30pm EST. (Except for this Special Wednesday Episode!) A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat This episode breaks down recent reports of sensitive information being shared with AI tools and what that means for security and operations. The discussion covers OPSEC failures, common misuse of ChatGPT in professional environments, how data actually flows through AI systems, and what organizations should (and shouldn’t) worry about. The hosts focus on practical risk, realistic threat models, and actionable lessons for security teams navigating AI adoption. 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com

Hear a tale about the time the BHIS SOC team conducted a 14-hour overnight incident response... from the Wild West Hackin' Fest conference in Deadwood, South Dakota. The post When the SOC Goes to Deadwood: A Night to Remember  appeared first on Black Hills Information Security, Inc..

How quickly could you detect sensitive data being exfiltrated? Join us for a free one-hour BHIS webcast with Ashley Knowles on best practices for data loss prevention and keeping your most sensitive information safe. You’ll learn about common vulnerabilities, real-world scenarios, and practical, actionable strategies to protect the data you’ve been hired to safeguard.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Are you reviewing findings or managing chaos? 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/01/SLIDES_Simplify-Pentest-Workflows-Using-Cerno.pdf If you are a pentester, you have been there. Hundreds of findings. Critical vulns buried in noise. Too many terminal windows, lost context, and manual tracking slowing you down. On offensive work, time is everything, and disorganization wastes it fast. Join us for a free one-hour webcast with Chris Traynor, Security Consultant at Black Hills Infosec, as he introduces Cerno, a new free and open-source tool designed to bring order to pentest findings. Cerno is a Terminal User Interface tool that imports vulnerability data for structured review and validation. Navigate findings with keyboard shortcuts, launch tools with a single keystroke, track progress automatically, extract CVEs, look up related exploits, compare findings across hosts, and follow built-in or custom verification workflows. You'll learn how to use Cerno to organize, review, and validate pentest findings faster, reduce chaos during engagements, and stay efficient under real-world time pressure. Get familiar with Cerno: https://github.com/ridgebackinfosec/cerno Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis in the #🔴live-chat channel

This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks. The post Social Engineering and Microsoft SSPR: The Road to Pwnage is Paved with Good Intentions  appeared first on Black Hills Information Security, Inc..

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

In today’s interconnected digital world, information security has become a critical concern for individuals, businesses, and governments alike. Cyber threats, which encompass a wide range of malicious activities targeting information systems, pose significant risks to the confidentiality, integrity, and availability of data. The post Common Cyber Threats appeared first on Black Hills Information Security, Inc..

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Are you reviewing findings or managing chaos? If you are a pentester, you have been there. Hundreds of findings. Critical vulns buried in noise. Too many terminal windows, lost context, and manual tracking slowing you down. On offensive work, time is everything, and disorganization wastes it fast. Join us for a free one-hour webcast with Chris Traynor, Security Consultant at Black Hills Infosec, as he introduces Cerno, a new free and open-source tool designed to bring order to pentest findings. Cerno is a Terminal User Interface tool that imports vulnerability data for structured review and validation. Navigate findings with keyboard shortcuts, launch tools with a single keystroke, track progress automatically, extract CVEs, look up related exploits, compare findings across hosts, and follow built-in or custom verification workflows. You'll learn how to use Cerno to organize, review, and validate pentest findings faster, reduce chaos during engagements, and stay efficient under real-world time pressure. Get familiar with Cerno: https://github.com/ridgebackinfosec/cerno Chat with your fellow attendees in the Antisyphon Discord server: https://discord.gg/bhis in the #🔴live-chat channel

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

This blog is for anyone who is interested in finding a good penetration testing company. The post Finding the Right Penetration Testing Company appeared first on Black Hills Information Security, Inc..

Ready to dive into the fundamentals of network penetration testing? 🔍 Join BHIS Security Consultant Ashley Knowles for a free, one-hour webcast introducing the core concepts every aspiring pentester needs to know. You’ll learn: ✅ Proper engagement scoping ✅ OSINT techniques ✅ Industry frameworks like NIST CSF & PTES ✅ How to conduct a penetration test ✅ When to exploit vs. document findings ✅ Avoiding time-wasting rabbit holes Plus: ✔ Reporting best practices ✔ Recommended lab environments for hands-on experience ✔ Resources to stay ahead of emerging attack vectors #CyberSecurity #PenTesting #OSINT #NIST #PTES /// 🔗 Register for webcasts, summits, and workshops - https://poweredbybhis.com ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Are small Active Directory misconfigurations putting you at risk? Join Kaitlyn Wimberley and Alyssa Snow (Black Hills Infosec – Continuous Penetration Testers) for a free one-hour webcast where they’ll walk through an example Active Directory attack path, from uncredentialed network access to Domain Administrator. You’ll learn how attackers can escalate from uncredentialed access to Domain Admin, identify common misconfigurations, and understand how small weaknesses can combine to compromise your network. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots. The post Deceptive-Auditing: An Active Directory Honeypots Tool appeared first on Black Hills Information Security, Inc..

Ready to dive into the fundamentals of network penetration testing? 🔍 Join BHIS Security Consultant Ashley Knowles for a free, one-hour webcast introducing the core concepts every aspiring pentester needs to know. You’ll learn: ✅ Proper engagement scoping ✅ OSINT techniques ✅ Industry frameworks like NIST CSF & PTES ✅ How to conduct a penetration test ✅ When to exploit vs. document findings ✅ Avoiding time-wasting rabbit holes Plus: ✔ Reporting best practices ✔ Recommended lab environments for hands-on experience ✔ Resources to stay ahead of emerging attack vectors #CyberSecurity #PenTesting #OSINT #NIST #PTES /// 🔗 Register for webcasts, summits, and workshops - https://poweredbybhis.com ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

What is MCP, and why does it matter for AI security? 🤔 Agentic AI is changing how LLMs interact with external services, but Anthropic’s Model Context Protocol (MCP) introduces new security challenges you need to know about. Join AI security researcher Joff Thyer from Black Hills InfoSec as he breaks down: ✅ What MCP is ✅ How it connects AI agents to real-world actions ✅ The critical security risks you can’t ignore AI security is the Wild West; Are you ready to be the deputy? #AI #CyberSecurity #MCP #LLM #AIagents Sign up for the next workshop: AI Foundation: Cyber Security Workflow Optimization using AI Technology with Joff Thyer and Derek Banks: https://www.antisyphontraining.com/product/workshop-ai-foundation-cyber-security-workflow-optimization-using-ai-technology-with-joff-thyer-and-derek-banks/ /// 🔗 Register for webcasts, summits, and workshops - https://poweredbybhis.com ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com What if world-class network monitoring didn’t require being a Linux expert? Join Antisyphon instructor Troy Wojewoda (Black Hills Infosec – Incident Response) for a free one-hour training session on how to standup a Zeek sensor in as little as three commands...maybe four. Troy will teach you how to quickly deploy and customize a powerful network visibility sensor without needing Linux expertise.  You'll learn to adjust log formats, reduce noisy traffic, and tune the sensor for richer, higher-quality event data. Don't let Linux be the barrier to outstanding insight into your network. Register now and gain the power of Zeek today! Chat with your fellow attendees in the Antisyphon Discord server: https://discord.gg/bhis in the #🔴live-chat channel

By Troy Wojewoda During a recent Breach Assessment engagement, BHIS discovered a highly stealthy and persistent intrusion technique utilized by a threat actor to maintain Command-and-Control (C2) within the client’s […] The post The Curious Case of the Comburglar appeared first on Black Hills Information Security, Inc..

What is MCP, and why does it matter for AI security? 🤔 Agentic AI is changing how LLMs interact with external services, but Anthropic’s Model Context Protocol (MCP) introduces new security challenges you need to know about. Join AI security researcher Joff Thyer from Black Hills InfoSec as he breaks down: ✅ What MCP is ✅ How it connects AI agents to real-world actions ✅ The critical security risks you can’t ignore AI security is the Wild West; Are you ready to be the deputy? #AI #CyberSecurity #MCP #LLM #AIagents Sign up for the next workshop: AI Foundation: Cyber Security Workflow Optimization using AI Technology with Joff Thyer and Derek Banks: https://www.antisyphontraining.com/product/workshop-ai-foundation-cyber-security-workflow-optimization-using-ai-technology-with-joff-thyer-and-derek-banks/ /// 🔗 Register for webcasts, summits, and workshops - https://poweredbybhis.com ///Black Hills Infosec Socials Twitter: https://twitter.com/BHinfoSecurity Mastodon: https://infosec.exchange/@blackhillsinfosec LinkedIn: https://www.linkedin.com/company/antisyphon-training Discord: https://discord.gg/ffzdt3WUDe ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.myshopify.com/collections/bhis-shirt-collections ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/services/active-soc/ Penetration Testing: https://www.blackhillsinfosec.com/services/ Incident Response: https://www.blackhillsinfosec.com/services/incident-response/ ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pay-what-you-can/ Live Training: https://www.antisyphontraining.com/course-catalog/ On Demand Training: https://www.antisyphontraining.com/on-demand-course-catalog/ Antisyphon Discord: https://discord.gg/antisyphon Antisyphon Mastodon: https://infosec.exchange/@Antisy_Training ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube: https://www.youtube.com/wildwesthackinfest Antisyphon Training YouTube: https://www.youtube.com/antisyphontraining Active Countermeasures YouTube: https://youtube.com/activecountermeasures Threat Hunter Community Discord: https://discord.gg/threathunter Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com Antisyphon Training https://www.antisyphontraining.com/ Active Countermeasures https://www.activecountermeasures.com Wild West Hackin Fest https://wildwesthackinfest.com #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews