From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 489

Episode Audio

Recorded: November 10, 2016


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.


  • Make sure you visit http://securityweekly.com/subscribe and subscribe to our new shows including Enterprise Security Weekly and Startup Security Weekly. You can also subscribe to all shows individually, as well as a main feed which contains this show, Hack Naked TV and Enterprise Security Weekly.
  • Take our super cool survey! http://www.securityweekly.com/survey

Interview: Greg Foss, LogRhythm - 6:00-7:00PM

Greg Foss is LogRhythm’s Head of Global Security Operations, where he is tasked with leading both offensive and defensive aspects of corporate security. Previously, he was a Senior Researcher with the Labs Threat Intelligence team – presenting research at various information security conferences, such as Black Hat, DerbyCon, AppSecUSA, BSidesLV, and others. Greg is a very active member of the Denver information security community. He started out in the industry as a contract web developer, and then he branched out into security operations with the Department of Energy. After learning about continuous monitoring, he delved into penetration testing, and was eventually placed in charge of one of the DOE National Laboratory Red Team's. With just under a decade of experience in the industry he's always looking for new ways to attack and defend networks.

https://blog.logrhythm.com/ https://github.com/gfoss/ https://github.com/logrhythm-labs/

Phishing Intelligence Engine (PIE) – This is a project that we put together for a recent hackathon (quarterly competition within the company, to create whatever we want within the SIEM, NetMon, or otherwise). Essentially, the goal is in attempt to dynamically track, investigate, quarantine, and report on phishing attacks across the organization.

· Home Network Monitor – Another hackathon project around deploying the LogRhythm network monitor product to a microPC, allowing people to gain insight into their home network traffic quickly and effectively. Blog on this topic: https://logrhythm.com/blog/how-to-build-a-miniature-network-monitor-device/

· Endpoint Agent integration into the SIEM – This is a project where we’ve been working with Carbon Black and Cylance to integrate with the SIEM, provide automated actions via a single pane of glass. We also did an assessment of around 20 endpoint agents, gauging their effectiveness, manageability, and other information. That said, I don’t think I can really talk about the latter. That said, all solutions could be bypassed, some more easily than others. :-)

· General enterprise security and log management – Being a log company, there are various topics we could cover here. One of the items we’ve been working on lately is collecting data from cloud sources and using machine learning analytics to detect anomalous activity.

  1. Three words to describe yourself.
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Technical Segment: Outlook Web Access Two-Factor Authentication Bypass - 7:00PM-7:30PM



Security News - 7:30PM-8:30PM

Paul's Stories

  1. Kautilya Human Interface Device Hacking Toolkit
  2. Furthering our commitment to security updates
  3. Research into IoT Security Is Finally Legal
  4. Self-Propagating Smart Light Bulb Worm
  5. Regulation of the Internet of Things - Perhaps one of the smartest observations: An additional market failure illustrated by the Dyn attack is that neither the seller nor the buyer of those devices cares about fixing the vulnerability. The owners of those devices don't care. They wanted a webcam —­ or thermostat, or refrigerator ­— with nice features at a good price. Even after they were recruited into this botnet, they still work fine ­— you can't even tell they were used in the attack. The sellers of those devices don't care: They've already moved on to selling newer and better models. There is no market solution because the insecurity primarily affects other people. It's a form of invisible pollution. Wow, dropping some wisdom: . Our choice isn't between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement.
  6. Packet Capture Options, (Thu, Nov 10th)
  7. Hackers hijack Philips Hue lights with a drone - "The malicious firmware can disable additional downloads, and thus any effect caused by the worm, blackout, constant flickering, etc.) will be permanent." What's more, the attack is a worm, and can jump from connected device to connected device through the air. It could potentially knock out an entire city with just one infected bulb at the root "within minutes."
  8. These researchers are modifying CPUs to detect security threats
  9. Facebook buys black market passwords for user account safety
  10. Yahoo hacked again? Probe launched on data breach claims
  11. Google Releases Supplemental Patch for Dirty Cow Vulnerability
  12. OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
  13. Outlook Web Access Two-Factor Authentication Bypass Exists
  14. Tesco Bank Attack: What Do We Know?
  15. Netflix Addresses Account Takeover Bug

Larry's Stories