Black Hills Information Security
@BHinfoSecurity
Followers
47,246
Following
2,523
Media
2,334
Statuses
11,680
Specializing in pen testing, red teaming, and Active SOC. We share our knowledge through blogs, webcasts, open-source tools, and Backdoors & Breaches game.
Joined May 2013
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#خلصوا_صفقات_الهلال1
• 679538 Tweets
ラピュタ
• 400960 Tweets
Atatürk
• 378690 Tweets
#พรชีวันEP15
• 262598 Tweets
Johnny
• 211552 Tweets
Megan
• 208387 Tweets
Sancho
• 144476 Tweets
MEGTAN IS COMING
• 124393 Tweets
RM IS COMING
• 117515 Tweets
olivia
• 116132 Tweets
namjoon
• 113028 Tweets
#初音ミク誕生祭2024
• 99083 Tweets
#4MINUTES_EP6
• 78959 Tweets
#バルス祭り
• 60562 Tweets
Labor Day
• 47215 Tweets
كاس العالم
• 45542 Tweets
CHERISH TWENTY WITH WONYOUNG
• 45148 Tweets
ミクさん
• 44503 Tweets
ムスカ大佐
• 40176 Tweets
#フロイニ
• 30348 Tweets
ŹOOĻ記念日
• 23985 Tweets
ミクちゃん
• 21751 Tweets
Día Internacional
• 19189 Tweets
滅びの呪文
• 17882 Tweets
Javier Acosta
• 16877 Tweets
Ramírez
• 16338 Tweets
ロボット兵
• 13588 Tweets
ナウシカ
• 13577 Tweets
Lolla
• 13199 Tweets
Lo Celso
• 11040 Tweets
We did a thing yesterday. We did a low-key release of Backdoors & Breaches on our Amazon storefront.
We only let the people who've made an early request know it was available.
23 hours later... all 2,000 decks have sold out.
Should we make more available?
108
72
566
Pentester's tears make the best wine. Read stories of blue teams stopping our testers.
14
93
465
We asked if
@notshenetworks
wants to takeover the BHIS Twitter account for a day and she posts this in our internal chat...
10
26
438
A one-day. six-hour, session on Threat Hunting from
@Chris_Brenton
of
@ActiveCmeasures
... live... with Q&A... and downloadable labs... totally free!
Sat, Jan 18th | 11am-5pm EST
Register:
17
181
326
What color shirt should we put this design on?
103
20
264
John
@strandjs
is teaching a new "pay what you can" training course on -- SOC Core Skills w/ John Strand (16 Hours)
It's the skills all SOC analyst should have to get started.
@WWHackinFest
is running the training course on Dec 14-17.
Learn more:
11
101
256
OMG! There is a legit research paper written on how well Backdoors & Breaches aids in teaching cybersecurity in the classroom.
Lots of science words and stuff...
5
73
238
Thank you for sharing your knowledge with each other in 2021, we're looking forward to it continuing in 2022.
We're better together.
4
25
221
Hey folks!
In this 1-hour, Black Hills Information Security (BHIS) webcast, Gabriel Prudhomme will cover various SCCM exploitation techniques, research, and abuses. Learn how to exploit, audit, and defend SCCM ecosystems. From reconnaissance to privilege escalation that leads
4
61
209
Next BHIS Webcast -- Networking for Pentesters: Beginner w/
@notshenetworks
Thursday, 2/9 - 1pm ET (show up early for pre-show banter)
Register:
Topics include:
- IP addressing
- Layer 2 broadcasts
- Subnets
- VLANs
- ARP
- NAT
- DNS
- DHCP
- And more!
5
59
210
New to infosec?
Take a 16-hour 'pay what you want' introduction to infosec training course w/
@strandjs
in July.
4-days, 4-hour sessions
Learn more:
Pay between $0 - $395. We and
@WWHackinFest
want to remove barriers and gates to infosec knowledge.
6
98
206
Coming in March, we have community built free open source solutions for Backdoors & Breaches that will be available so you can play remotely with your teams.
4
61
203
The new -- The Infosec Survival Guide -- was created by the
#infosec
community for the infosec community and you can now download the whole PDF for free -- no paywall, no registering.
Get physical copies for $1 each + shipping. United States only.
2
73
204
We think we finally nailed the Purple Team shirt.
Potentially coming this summer in the BHIS Summer2022! Collection.
Essentially what we're saying, would you want to wear this? Let us know in the replies...Yes or No?
51
17
201
BHIS | Tester's Blog
How to Phish for User Passwords with PowerShell
by:
@tokyoneon_
Published: 7/27/2021
Learn More:
0
89
189
Free resource for defenders from our ACTIVE SOC team --
5
77
174
Getting Started in Infosec?
@strandjs
is teaching an introductory/practical application course on the fundamentals of infosec w/
@WWHackinFest
on Nov 16-19.
It is a "pay what you can" training course... including $0 if you choose.
Details:
1
73
173
Would you be interested in getting this hoodie from our Spearphish General Store?
We're trying to figure out how many to order and have available.
55
15
170
We are discussing the Cloud Pentesting Cheatsheets that
@dafthack
has compiled on his webcast --
0
62
173
We're proofing the next print run of our Backdoors & Breaches cards.
It's cool getting to see all the cards at once.
Looking for errors.
We fixed a small font error that made "r n" look like "m" in a URL on the Social Engineering card.
6
23
166
"Creating your own lab can sound like a daunting task. By the end of this blog post, you'll be able to deploy your own Active Directory environment in minutes!"
Read more:
Deploy an Active Directory Lab Within Minutes
by: Alyssa Snow
Published: 4/25/2024
0
64
165
We're offering a free 4-hour online training class on -- Active Defense & Cyber Deception -- w/
@strandjs
Thursday, April 9th | Noon-4pm EDT
Register:
2
77
167
"Way back in 2017, two researchers at Black Hills Information Security disclosed how a vulnerability in the Google Calendar app was leaving more than a billion users open to a credential-stealing exploit."
The two researchers:
@dafthack
@ustayready
7
86
165
It wasn't a difficult decision. We may need to order a lot more.
I somehow convinced work that we needed these pencils. We ordered 1000.
43
43
1K
7
6
155
What size would you want in this long sleeve shirt coming in the BHIS Winter2023! Collection, in January 2023?
82
8
153
Today was a good day.
And... that's a wrap on today's one-day, six-hour free training session on Cyber Threat Hunting Training.
To the 2,600+ of you that joined us live, and then joined us live after the system crash, thank you so much for spending your day learning with us.
Until next time!
36
17
141
22
18
147
If you're looking for a team to conduct the physical pentest of this building, we know some people.
I can't believe this is actually happening soon.. from the basement of our house and only have one month of mortgage payments left in the bank to ...this is just crazy to think about...
#TrustedSec
213
60
2K
12
8
146
We're working on self-published a new zine that is part infosec magazine and part fun activity book and part graphic novel (true hacking stories in comic form) that is coming this summer.
It is called... prompt#
What topics would you like us to cover?
26
19
143
Sneak peak of a special project coming soon.
PROMPT#
+
@DarknetDiaries
+
@REKCAHComics
= OOOOOOOooooooooooooo
11
20
143
Leave a comment below if you want one of these...👇👇
161
12
144
🧵pt 1. Need a refresher on recon techniques or brand-new techniques to add to your arsenal?
👀 this slide deck on weaponizing corporate intel from
@ustayready
&
@dafthack
to go from 0 knowledge of an organization to stalker status 🕵 !!
Watch here:
2
44
138
Backdoors & Breaches is online and totally free for all --
This is a great way to play remotely with your team.
1
49
138
**NEW** BHIS | Tester's Blog
Buckle up for this one, because
@notshenetworks
is about to give you A LOT of information.
Shenetworks’ Guide to Landing Your First Tech Job
by:
@notshenetworks
Published: 7/20/2023
Read more:
3
34
130
🧵Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky.
Checkout out this 🧵 that take a top-down look at how a phishing engagement is designed.
Check out the FREE webinar by
@ralphte1
👇
.:
2
37
128
REKCAH HOODIES.
We are trying to figure out how many of these to order and in what sizes?
They will be $45 in our Spearphish General Store, near the end of February.
54
11
127
Still need to make a few modifications, but we're excited about the first draft of the Tabletop Simulator edition of Backdoors & Breaches.
This will be available for anyone that has Steam > Tabletop Simulator.
Should be available to play on March 4th (hopefully).
5
30
123
Are you looking for an
#infosec
Twitter alternative?
Over 33,000+ members have joined the Discord server we created to help you share your knowledge and learn from us and others...
You are welcome any time.
4
33
121
Left or right?
Help us decide which version of the Purple Team shirt we should order for the Summer2022! Collection.
169
10
120
This will be our most popular webcast so far this year! Join us next Thursday!
How to Build a Home Lab
w/
@ActiveCmeasures
&
@strandjs
Apr 16, 2020 1:00 PM EDT
Register:
4
45
118
**NEW** BHIS | Blog
Do you want to learn to set up your own Active Directory lab?
Deploy an Active Directory Lab Within Minutes
by: Alyssa Snow
Published: 4/25/2024
Learn more:
1
37
119
BHIS - Red Team Shirt // Raccoons | Sneak Preview
Draft
#1
Thoughts?
We are working on a Blue Team and a Threat Hunter version too.
20
18
115
**NEW** BHIS | Tester's Blog
Are you using ADCS ? If so, have you reviewed the ADCS configurations in your environment?
Abusing Active Directory Certificate Services (Part 1)
by: Alyssa Snow
Published: 10/5/2023
1
34
112
The online MEGA DECK of Backdoors & Breaches is available for free now on --
Thanks to
@redcanary
@HuntressLabs
@TrimarcSecurity
@DragosInc
@wolfandcompany
(DenSecure) for creating expansion decks with us.
All the cards in one deck with a scenario
0
50
114
We said once, and we’ll say it again, DISABLE LLMNR!
Read this blog post on how and why you want to disable LLMNR.
3
34
113
Welcome to the BHIS team
@notshenetworks
- looking forward to creating a lot of content together to help the community learn as much as they can about
#infosec
.
0
4
113
Help us decide the color of the Backdoors & Breaches - Incident Response Card Game card box.
Blue
Purple
Red
Teal
Not final design.
148
19
114
Backdoors & Breaches: Community-Built Open Source Tool
An online version of the game that allows for remote play through the site :
Play for free with your teams, orgs, classes.
Special thanks to Firm Guardian.
2
48
114
Have you heard of RITA (Real Intelligence Threat Analytics) yet? If not, definitely check it out! Did we mention it's FREE?
4
41
113
BHIS | Upcoming Tester's Webcast
No PowerShell? No Problem! Red Teaming using the BYOI (Bring Your Own Interpreter) lifestyle.
by
@byt3bl33d3r
@byt3bl33d3r
is dropping a huge update to SILENTTRINITY on webcast
Register:
4
51
111
PAY WHAT YOU WANT! John Strand
@strandjs
is teaching a paid ($0 - $395)
@WWHackinFest
4-day, 4-Hour sessions (16-hours), training course on — Getting Started in Security with BHIS and MITRE ATT&CK
Nov 16-19
Learn more:
4
53
111
Here's the recording from last week's 2-hour BHIS webcast with
@vendetce
-- Coercions and Relays – The First Cred is the Deepest with Gabriel Prud'homme
Watch now:
SO MANY DEMOS!
1
35
112
**NEW**
BHIS | Tester's Blog
Spoofing Microsoft 365 Like It’s 1995
by:
@424f424f
Published: 5/24/2022
Learn More:
0
58
110
Security Tip: Close your laptop even if you work from home. Your pets might be planning something
9
14
109
We're having playmats printed so we can play Competitive Backdoors & Breaches at future in-person conferences.
9
14
107
We are developing a new card game about Incident Response -- Backdoors & Breaches -- and we're doing a dry-run on a BHIS webcast tomorrow. Wanna join us...give feedback?
Jun 5, 2019 3:00 PM EDT
13
37
105
The Backdoors & Breaches, Incident Response Card Game - Core Decks, have arrived at the
@DerbyCon
hotel.
We are officially handing these out at our booth on Sat!
First come, first serve.
9
20
105
2
41
104
Our Spearphish General Store is closed until May 9th.
When we launch...we should have the new ICS/OT Backdoors & Breaches deck from
@DragosInc
and
@BHinfoSecurity
8
26
106
We hate ransomware, we hate it so much we dedicated an entire 🧵 about how what you can do to prepare and mitigate damages and what tools can help!
Watch the full webinar for free on our YouTube
here:
2
36
104
"In order to complete a detection lab, we need a framework to reference cyber attacks to our specific environment..."
Read more:
At Home Detection Engineering Lab for Beginners
by: Niccolo Arboleda
Published: 5/2/2024
1
34
103
If you're looking for an alternative to
#infosec
twitter, might we suggest joining the BHIS Discord, to discuss infosec with the other 29,000+ members?
4
27
104
Limited to 1,000 registered attendees -- workshop w/ hands-on labs
Atomic Red Team: Hands-on Getting Started Guide
w/
Carrie
@OrOneEqualsOne
Darin
@MrOrOneEquals1
April 8th, 6pm ET (UTC -4)
No recording will be available.
Register:
7
56
102
We are so thankful for your help in raising over $30,000 for
@InnocentOrg
at the BHIS 24-Hour PreShowBanterCon-A-Thon 2021.
Thank you to everyone who donated, watched, shared, joined us live, sent messages, helped, and supported.
We are grateful and exhausted.
2
22
104
We are now offering many Blue Team consulting services.
Need Pen Test, Red Team, Blue Team, and/or Threat Hunt Services, let us know at
*NEW*
1
29
102
Getting started w/ TCPDump
w/
@strandjs
John is making shorter how to videos covering a single technique or tool.
Which topic should he do next?
7min:
7
36
96
Currently finishing up the Expansion Pack v1.0 for Backdoors & Breaches.
36 new Attack Cards, Procedures, Inject Cards
Coming in May.
1
26
99
NEW COMIC BOOK SERIES LAUNCHING!!
The 30-day pre-order Kickstarter Campaign for THE FUTURE IS ****** is live and we'd love your support if this is a project you want to own.
Back it!
Thank you in advanced for your financial and moral support on this
5
27
99
.
@dafthack
is giving the final review on today's free 4-hour online training session on -- Breaching the Cloud Perimeter.
Thanks to the 1,500+ people that joined us from all over the world for today's session.
6
16
99
BHIS |
#InfoSec
Webcast - Available Now!
Pretty Little Python Secrets - Episode 1 - Installing Python Tools and Libraries the Right Way
w/
@byt3bl33d3r
Recorded: 8/13/2020
Watch:
0
26
95
The BHIS Fall2020! Collection -- coming soon from the Spearphish General Store!
5
12
97
🃏🛡️🌲🦌🕵️♂️
Join us for an exciting webcast on April 20th and learn how to play Backdoors & Breaches with your teams! 🎉
Our friends at
@HuntressLabs
have teamed up with us to create a new expansion deck for the incident response card game. 💪🃏
During the webcast, we'll teach
4
28
97
New to InfoSec? Mentoring someone new to the industry? Here's advice from
@strandjs
if he did it all over again:
3
46
93
We're going to do a webcast soon on how our team has run a virtual
#infosec
conference, like we did with the in-person/virtual AwarenessCon, and the upcoming virtual
@WWHackinFest
.
What topics would you like us to discuss in the webcast?
14
32
95
Do you use DomainPasswordSpray by
@dafthack
?
A tool written in PowerShell to perform a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
Absolutely!
69
Nah...
36
I will now!
114
5
27
94
DomainPasswordSpray by
@dafthack
DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS!
1
33
94
The super soft
@Antisy_Training
"Malware Finds a Way" shirt is available in our Spearphish General Store --
6
18
95
***NEW***
BHIS | Tester's Blog
Azure Security Basics: Log Analytics, Security Center, and Sentinel
by:
@Rev10D
Published: 11/24/2020
Learn more:
0
33
94
BHIS | Tester's Blog
Powershell Without Powershell - How To Bypass Application Whitelisting, Environment Restrictions & AV
by:
@fullmetalcache
Published: 8/31/2016
Learn more:
1
65
93
This.
This is a good day.
A very good day.
We're going to do a lot of good together.
Today I joined the
@BHinfoSecurity
security team! Super excited to join this League of Extraordinary Hackers. Thanks to everyone who reached out and sent DMs about positions.
155
47
1K
1
4
93
Backdoors & Breaches Card Game is back on Amazon! The decks are available for pre-order now.
$10/deck covers production, distribution, and helps us offset the expense of giving them away to educators.
How to Play Video:
7
59
92
Just approved the print proof for the 35 new Expansion Deck cards for Backdoors & Breaches!
The printed cards, available in May.
The virtual cards, available by the end of the week in the Tabletop Simulator edition of the game.
Join the B&B Discord --
4
29
91
Some really great tips from someone who's been with our company since its beginning:
2
29
92
🔗 Watch this short clip from
@notshenetworks
webcast on Gathering Credentials Through Network Based Attacks:!
🎥 Dive deeper and watch the full webcast ➡️
🔒🌐🔑🕵️♀️📡🔓💻
1
16
86