Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda

Intro to PAMSkeletonKey for Persistence w/ Ben Bowman

How does PAM abuse fit into a real‑world attack chain? 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/04/PAM_Tool_Slide_Deck.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/04/PAM_Tool_Slide_Deck.pdf] Join us for a free one‑hour BHIS webinar with Ben Bowman as he introduces PAMSkeletonKey, a tool designed for red teamers and CTF players to explore persistence, lateral movement, and privilege escalation on Linux systems. Ben will teach why the tool was created, how to use it safely in lab environments, and what this technique means for defenders working to detect or prevent authentication abuse. You'll learn a practical understanding of Linux PAM (Pluggable Authentication Modules) authentication and how it can be abused to create a skeleton‑key backdoor for persistence. Get started with PAMSkeletonKey: https://github.com/her3ticAVI/PAMSkeletonKey [https://github.com/her3ticAVI/PAMSkeletonKey] Chapters * (00:00) - Intro – 2026-04-02 Intro to PAMSkeletonKey for Persistence - Ben Bowman * (01:33) - What I Don't Know * (02:14) - Remember Mimikatz? Me neither. * (03:59) - What is PAM? * (04:43) - PAM Architecture Deep Dive * (06:54) - PAM Module Types * (08:25) - How PAM Authentication Works * (12:18) - What does this tell us? * (13:44) - What Code Changes Do We Make? * (17:28) - Pivoting & Attack Scenarios * (18:57) - The Topic of Stolen Valor * (21:14) - The Improvements * (25:50) - Demo Time * (41:57) - References * (45:39) - Q&A * (59:00) - Antisyphon Training's New LMS Walk Through Creators & Guests * Ben Bowman [https://bhispodcasts-webcasts.transistor.fm/people/ben-bowman] - Guest * Logan Bender [https://bhispodcasts-webcasts.transistor.fm/people/logan-bender] - Guest * Ryan Poirier [https://bhispodcasts-webcasts.transistor.fm/people/ryan-poirier] - Producer * Brett Jones [https://bhispodcasts-webcasts.transistor.fm/people/brett-jones] - Guest * John Strand [https://bhispodcasts-webcasts.transistor.fm/people/john-strand] - Host Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com/] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/9c9af1f5/transcript]

Learning to Trust AI Agents with Automation w/ Ethan and Derek

What if you could safely harness AI agents to automate real work, without spending a dime? Join us for a free one-hour BHIS webcast with Ethan Robish and Derek Banks to cut through the hype and learn what coding agents really are, why they’re not just for developers, and how to start for free. You’ll learn how tools like Opencode work, how to overcome security and trust barriers, and how to give agents the context, skills, and guardrails they need to safely plan, execute, and iterate. 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_Mar-26-Learning-to-Trust-AI-Agents-with-Automation-w-Ethan-Robish.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_Mar-26-Learning-to-Trust-AI-Agents-with-Automation-w-Ethan-Robish.pdf] Chapters * (00:00) - Intro - Learning to Trust AI Agents with Automation Ethan and Derek * (01:37) - Background * (05:26) - What is a coding agent? * (11:41) - Pick one and start learning * (12:31) - The Cost of AI * (15:26) - Opencode - Getting Started * (19:26) - Free Models - Never truely free * (22:21) - What can I do here? * (24:40) - Running models locally * (27:33) - Why would I need a coding agent? * (28:00) - Code Agent Examples * (35:48) - Openwork Demo * (38:49) - Ask the agent to help you use it better (Help me help you) * (41:07) - But AI always makes things up * (43:44) - Prompting an LLM * (46:37) - Concepts & Terminology * (49:25) - Context usage * (51:02) - Model Tokein Limits * (55:14) - Guiding an Agent : Best Practices * (57:18) - 80% planning 20% execution * (58:05) - Guardrails for command execution * (01:00:37) - Q&A Creators & Guests * Jason Blanchard [https://bhispodcasts-webcasts.transistor.fm/people/jason-blanchard] - Host * Deb Wigley [https://bhispodcasts-webcasts.transistor.fm/people/deb-wigley] - Host * Tom Smith [https://bhispodcasts-webcasts.transistor.fm/people/tom-smith] - Guest * Ethan Robish [https://bhispodcasts-webcasts.transistor.fm/people/ethan-robish] - Guest * William Corbin [https://bhispodcasts-webcasts.transistor.fm/people/william-corbin] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com/] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=KObmDor4OTA] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/08d46b5c/transcript]

Do it, do it NOW! - A Pre-Incident Checklist w/ Patterson

Post-incident “lessons learned” are extremely valuable and very, very expensive! But you don’t have to wait until “right of boom” to make meaningful improvements to your cybersecurity resilience!   Join us for a free one-hour webcast with Patterson Cake from Black Hills Information Security: Do it, do it NOW!! A Pre-Incident Checklist.   You’ll learn the top 10 low-effort, high-impact lessons every business should review and fix before a cybersecurity incident. 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_IR-Preparedness-Checklist-03032026.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_IR-Preparedness-Checklist-03032026.pdf] Chapters * (00:00) - Intro - Do it, do it NOW! - A Pre-Incident Checklist - Patterson * (06:27) - Presuppositions * (08:28) - In the event of an Emergency... * (10:04) - YOUR INCIDENT RESPONSE PLAN IS USELESS * (12:47) - YOUR CYBER INSURANCE PROVIDER SHOULD NOT BE YOUR ADVERSARY * (15:44) - YOUR LOG DETAIL & RETENTION ARE INADEQUATE * (18:51) - YOUR MOST IMPORTANT ASSET IS __________ * (20:48) - IMPLEMENT OUT-OF-BAND COMMS BEFORE CRISIS & TEST REGULARLY * (23:34) - YOUR STAFF ARE AWESOME BUT NOT SUPERHUMAN * (25:45) - EFFECTIVE IR TAKES TRAINING & PRACTICE * (28:04) - YOU MUST HAVE IMMUTABLE BACKUPS * (31:45) - YOU HAVE 0 HOURS TO FIX INTERNET-FACING VULNERABILITIES * (35:11) - THE TWO IR PLAYBOOKS YOU NEED MOST * (43:48) - 10 Things * (50:49) - Q&A * (57:37) - The "Working with BHIS" part Creators & Guests * Jason Blanchard [https://bhispodcasts-webcasts.transistor.fm/people/jason-blanchard] - Host * Deb Wigley [https://bhispodcasts-webcasts.transistor.fm/people/deb-wigley] - Host * Ryan Poirier [https://bhispodcasts-webcasts.transistor.fm/people/ryan-poirier] - Producer * Bryan Strand [https://bhispodcasts-webcasts.transistor.fm/people/bryan-strand] - Guest * Patterson Cake [https://bhispodcasts-webcasts.transistor.fm/people/patterson-cake] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com/] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=jYaMkv56xSk] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/aa25dcc1/transcript]

Breach Assessment - The Curious Case of the Comburglar w/ Troy Wojewoda

What if an attacker lived inside your network for seven months and your tools never noticed?   During a real breach assessment, Black Hills Information Security uncovered a stealthy intrusion using a COM-based persistence technique hidden in native Windows scheduled tasks. There were no obvious indicators of compromise. No suspicious process names. No malicious file hashes.   Just a quiet foothold designed to stay invisible. 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_CuriousCaseOfTheComburglar_BreachAssessment-2026-03-12.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_CuriousCaseOfTheComburglar_BreachAssessment-2026-03-12.pdf] Chapters * (00:00) - Intro - Breach Assessment - The Curious Case of the Comburglar - Troy Wojewoda * (02:15) - Agenda * (03:02) - What Is a Breach Assessment? * (10:50) - 5 Pillars of Data Telemetry * (16:23) - The Hunt Begins * (29:15) - Attack Chain * (38:39) - Timeline & Scope * (45:21) - Threat Hunting Playbook * (51:29) - Key Takeaways * (53:52) - Q&A Creators & Guests * Troy Wojewoda [https://bhispodcasts-webcasts.transistor.fm/people/troy-wojewoda] - Guest * Jason Blanchard [https://bhispodcasts-webcasts.transistor.fm/people/jason-blanchard] - Host * Deb Wigley [https://bhispodcasts-webcasts.transistor.fm/people/deb-wigley] - Host * Logan Bender [https://bhispodcasts-webcasts.transistor.fm/people/logan-bender] - Guest * Keith Chew [https://bhispodcasts-webcasts.transistor.fm/people/keith-chew] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com/] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=u8rRyTVopmI] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/8be9ade7/transcript]

Data Loss Prevention (DLP) Survival Guide - Ashley Knowles

How quickly could you detect sensitive data being exfiltrated?   Join us for a free one-hour BHIS webcast with Ashley Knowles on best practices for data loss prevention and keeping your most sensitive information safe.   You’ll learn about common vulnerabilities, real-world scenarios, and practical, actionable strategies to protect the data you’ve been hired to safeguard. 🛝 Webcast Slides https://www.blackhillsinfosec.com/wp-content/uploads/2026/02/SLIDES_Data-Loss-Protection-Survival-Guide.pdf [https://www.blackhillsinfosec.com/wp-content/uploads/2026/02/SLIDES_Data-Loss-Protection-Survival-Guide.pdf] Chapters * (00:00) - Intro * (02:57) - About Ashley Knowles * (03:26) - Why DLP Shouldn't Terrify You (Too Much) * (08:10) - Understanding Your Data Landscape * (10:23) - Data Classification Framework * (11:49) - Where Does Your Data Live? * (14:24) - Understanding Data Exfiltration * (18:34) - Advanced Exfiltration Methods * (22:20) - The Insider Threat Reality * (24:19) - How to Stop Data Loss: The Basics * (25:51) - Technical Controls That Work * (27:44) - Recommended Layered Approach * (30:56) - Cloud & Modern Workplace Protection * (32:01) - The Purple Team Process * (34:18) - Purple Team Testing: Scenario 1 * (36:38) - Purple Team Testing: Scenario 2 * (39:13) - Purple Team Testing: Scenario 3 * (40:12) - Purple Team Testing: Scenario 4 * (40:40) - Purple Team Testing: Scenario 5 * (42:03) - Starting Your DLP Journey * (43:50) - Key Takeaways & Action Items * (44:16) - Questions & Resources * (55:59) - The "What it's like to work with Black Hills Information Security" segment Creators & Guests * Jason Blanchard [https://bhispodcasts-webcasts.transistor.fm/people/jason-blanchard] - Host * Ryan Poirier [https://bhispodcasts-webcasts.transistor.fm/people/ryan-poirier] - Producer * Deb Wigley [https://bhispodcasts-webcasts.transistor.fm/people/deb-wigley] - Host * Bryan Strand [https://bhispodcasts-webcasts.transistor.fm/people/bryan-strand] - Guest * Ashley Knowles [https://bhispodcasts-webcasts.transistor.fm/people/ashley-knowles] - Guest Chat with your fellow attendees in the BHIS Discord server: https://discord.gg/bhis [https://discord.gg/bhis] in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com [https://poweredbybhis.com/] Click here to watch a video of this episode. [https://www.youtube.com/watch?v=5vj9e6B3I0Y] Brought to you by: Black Hills Information Security  https://www.blackhillsinfosec.com [https://www.blackhillsinfosec.com/] Antisyphon Training https://www.antisyphontraining.com/ [https://www.antisyphontraining.com/] Active Countermeasures https://www.activecountermeasures.com [https://www.activecountermeasures.com/] Wild West Hackin Fest https://wildwesthackinfest.com [https://wildwesthackinfest.com/] Click here to view the episode transcript. [https://share.transistor.fm/s/d0fa6726/transcript]