ES Episode80

From Paul's Security Weekly
Jump to: navigation, search

Enterprise Security Weekly #80

Recorded February 14, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Enterprise News

    1. Atos unveils new managed service built on Red Hat OpenShift platform
    2. Argus and Ericsson to offer cyber security solutions for vehicles
    3. GrammaTech Extends the Reach of Static Analysis - CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to help software developers improve efficiency,
    4. Trustwave launches proactive Threat Hunting service
    5. Radware Neutralizes Evasive Zero-Day Malware Threats with Cloud Malware Protection Service
    6. Demisto : Brings Unparalleled Visibility Into SOC Metrics to Enable SOC Efficiency and Improve Mean Time to Response
    7. Phantom Cyber Fetches $350 Million in Acquisition by Splunk
    8. Phishing Security Firm PhishMe Rebrands as Cofense After Acquisition
    9. CrowdStrike Reveals Time to Breakout as Key Cyber-Security Metric - "The breakout time is the time that it takes for an attacker to escape the initial beachhead machine that they were able to compromise," Okay, so lateral movement?

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+

    Enterprise Defender Tech Segment: Domain Persistence, Javelin Networks

    Guy Franco is a security consultant for Javelin Networks
    Today Guy is going to talk about different scenarios where a threat actor can act inside a domain environment to gain persistent for a long period of time without anyone from the IT noticing it. He will cover different vectors - either by attacking the DC, changing special permission to hide privileges and using various of AD attributes to create persistency. The first thing he is going to talk about is the AdminSDHolder and SDPROP mechanism that goes along with it. How we can we manipulate it to give admin rights when we need it. Then he will talk about different credentials persistence - golden ticket, replication users and smart card manipulation. Afterwards, he will talk about different ways to hide permissions and privileged accounts we create. At the end, He'll talk about attacking the DC to gain persistence through skeleton key and security providers. Guy is a highly experienced Security Researcher & Developer. He performed as both Red Team and Blue Team attack and defense, in the Israeli intelligence unit of the cyber division and worked commercially as a security consultant. He is highly skilled in the field of Forensics and Security Analysis, with special development and research of cyber defense tools and offensive techniques for networks.

    JavelinTechSeg.jpg