Black Hills Information Security (BHIS)
Practical offensive security and Kerberos abuse

Black Hills Information Security (BHIS) has become a cornerstone of the security community through their commitment to education, tool development, and accessible training. Founded by John Strand, BHIS is known for democratizing offensive security knowledge.
Why Follow This Blog
BHIS stands out for making complex security topics accessible while maintaining technical depth. Their “pay what you can” training model and extensive free content have helped countless security professionals advance their careers.
Key Topics Covered
Kerberos Security
- Kerberoasting: Comprehensive guides to service account attacks
- AS-REP Roasting: Attacking accounts without pre-authentication
- Delegation Attacks: Constrained and unconstrained delegation abuse
- Golden/Silver Tickets: Persistence through Kerberos ticket forgery
- Diamond Tickets: Advanced ticket forging techniques
Active Defense
BHIS pioneered the “active defense” concept:
- Honeypots: Deployment and monitoring strategies
- Honeytokens: Detecting unauthorized access
- Deception Technologies: Confusing and tracking attackers
- DVWA (Deceptive Virtual Web Application): Web-based honeypots
Penetration Testing
- Methodology: Structured approaches to engagements
- Reporting: Effective communication of findings
- Scope Management: Defining and managing test boundaries
- Client Communication: Professional engagement handling
Blue Team Operations
- Log Analysis: Finding evil in security logs
- Threat Hunting: Proactive threat discovery
- SIEM Optimization: Getting value from security tools
- Incident Response: Handling security incidents
Tool Development
Bloodhound Related
- Attack path visualization contributions
- Custom queries and analysis techniques
- Integration with other tools
DVWA and Deception
- Deceptive technologies
- Honeypot frameworks
- Attribution capabilities
Community Tools
- Scripts and utilities for common tasks
- Automation tools for testing
- Detection rule sets
Webcasts and Education
Webcast Series
BHIS hosts regular free webcasts covering:
- Current attack techniques
- Tool demonstrations
- Career development
- Industry trends
Antisyphon Training
Pay-what-you-can training covering:
- SOC Core Skills
- Active Defense and Cyber Deception
- Attack Emulation Tools
- Network Traffic Analysis
- And many more courses
Hack-A-Thons
Regular events combining:
- Hands-on challenges
- Community building
- Prize opportunities
- Skill development