Thursday, July 19, 2018

2015-025-BsidesSPFD, threathunting, assessing risk

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...

2018-024- Pacu, a tool for pentesting AWS environments

Ben Caudill @rhinosecurity Spencer Gietzen @spengietz   Rhino Security - https://rhinosecuritylabs.com/blog/   AWS escalation and mitigation blog - https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/   What is the difference between this and something like Scout or Lynis?   Is it a forensic or...

2018-023: Cydefe interview-DNS enumeration-CTF setup & prep

Raymond Evans - CTF organizer for nolacon and Founder of CyDefe Labs     @cydefe CTF setup / challenges of setting up a CTF. Beginners & CTFs Types tips/tricks Biggest downfalls of CTF development   https://www.heroku.com/ www.exploit-db.com BrakeSec DerbyCon...

2018-022-preventing_insider_threat

After the recent Tesla insider threat event, BrakeSec decided to discuss some of the indicators of insider threat, what can be done to mitigate it, and why it happens.   news stories referenced: https://www.infosecurity-magazine.com/news/teslas-tough-lesson-on-malicious/   https://www.scmagazine.com/tesla-hit-by-insider-saboteur-who-changed-code-exfiltrated-data/article/774472/  ...

2018-021-TLS 1.3 discussion, Area41 report, wireshark goodness

Area41 Zurich report Book Club - 4th Tuesday of the month https://www.owasp.org/images/d/d3/TLS_v1.3_Overview_OWASP_Final.pdf   https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet TLS_DHE_RSA_AES_256_GCM_SHA256   TLS = Protocol DHE = Diffie-Hellman ephemeral (provides Perfect Forward Secrecy)     Perfect Forward Secrecy = session keys won’t be compromised,...

2018-020: NIST’s new password reqs, Ms. Berlin talks about ShowMeCon, Pwned Passwords

https://nostarch.com/packetanalysis3  -- Excellent Book! You must buy it.   DetSEC mention   ShowMe Con panel and keynote   SeaSec East standing room only. Crispin gave a great toalk about running as Standard user   Bsides Cleveland -   ...

2018-019-50 good ways to protect your network, brakesec summer reading program

Ms. Berlin’s mega tweet on protecting your network   https://twitter.com/InfoSystir/status/1000109571598364672   Utica College CYB617     I tweeted “utica university” many pardons   Mr. Childress’ high school class Laurens, South Carolina   Probably spent as much as a daily...

2018-018-Jack Rhysider, Cryptowars of the 90s, OSINT techniques, and hacking MMOs

https://darknetdiaries.com/   Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when...

2018-017- threat models, vuln triage, useless scores, and analysis tools

Vuln mgmt tools CVE scores suck.   Threat modeling is good.   Forces  you to know your environment   https://en.wikipedia.org/wiki/Kanban   https://blog.jeremiahgrossman.com/2018/05/all-these-vulnerabilities-rarely-matter.html   https://twitter.com/lnxdork/status/998559649271025664 https://www.google.com/search?q=house+centipede&rlz=1C5CHFA_enUS759US759&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiypKyfpZjbAhWJjlkKHd0lASYQ_AUICigB&biw=1920&bih=983 https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html   https://www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/   Join our #Slack Channel! Email us at bds.podcast@gmail.com...

2018-016- Jack Rhysider, DarkNet Diaries, and a bit of infosec history (Part 1)

Converge Detroit Jack Rhysider- Podcaster, DarkNet Diaries https://darknetdiaries.com/   Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymous attacks your hospital   The oldest known vulnerability is still a...

2018-015-Data labeling, data classification, and GDPR issues

GDPR will affect any information system that processes or will process people… like it or not.   Derby Tickets     CTF and auction Keynote     Converge Detroit I’ll be at nolacon too Boettcher     Recap BDIR #3 https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/...

2018-014- Container Security with Jay Beale

    Container security   Jay Beale  @inguardians , @jaybeale   Containers What the heck is a container? Linux distribution with a kernel Containers run on top of that, sharing the kernel, but not the filesystem ...

2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees

Report from Bsides Nash - Ms. Berlin New Job Keynote at Bsides Springfield, MO Mr. Boettcher talks about Sigma Malware infection.   http://www.securitybsides.com/w/page/116970567/BSidesSpfd **new website upcoming** Registration is coming and will be updated on next show (hopefully) DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf...

2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?

Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this week... We discuss SIEM logging, and tuning... How do SIEM deal with disparate log file types? What logs should be the first to be gathered? Is a...

2018-011: Creating a Culture of Neurodiversity

Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism. Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3   Matt Miller's Assembly and Reverse Engineering Class:...

2018-010 – The ransoming of Atlanta, Facebook slurping PII, Dridex variants

  Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both...

2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-009-internships-mentorships-retooling-finding-that-unicorn-pentester.mp3 Topics discussed: How Jay Beale (@jaybeale @inguardians) and Brad A. (@sno0ose) do mentorship and apprenticeship in their respective orgs. Best methods to retool yourself if you are trying to move to a new industry Why 'hitting the...

BDIR-001: Credential stealing emails, How do you protect against it?

BDIR Episode - 001 Our guests will be: Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry Topic of the Day: CREDENTIAL STEALING EMAILS WHAT CAN YOU DO   Join us for Episode-001,...

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.