From Security Weekly Wiki
Jump to navigationJump to search

Paul's Security Weekly - Episode 513

Episode Audio

Recorded on May 11, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jack Daniel
    Co-Founder of Security BSides and certified security wizard.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
    • Announcements

      Interview: Steven Lipner, SAFEcode - 6:00PM-7:00PM

      Steven Lipner,@SAFECode,Executive Director of SAFECode
      Steven B. Lipner is the Executive Director of SAFECode, a non-profit organization dedicated to increasing trust in ICT products and services through the advancement of effective software assurance methods. He retired in 2015 as Partner Director of Software Security at Microsoft where he was the creator and long-time leader of the Microsoft Security Development Lifecycle (SDL). Prior to his retirement, Lipner served as board chair of SAFECode. Lipner was also responsible for Microsoft’s policies and strategies for security evaluation of products by governments, and for Microsoft’s approach to supply chain security and product integrity. He holds twelve U.S. patents in computer and network security, and served two terms, a total of ten years, on the United States Information Security and Privacy Advisory Board. Lipner was elected in 2010 to the Information Systems Security Association Hall of Fame, in 2015 to the National Cybersecurity Hall of Fame, and in 2017 to the United States National Academy of Engineering.

      Tech Segment: Roi Abutbul and Guy Franco, Javelin Networks - 7:00-7:30PM

      Why is it so important to protect AD? Did you know that from any machine connected to the domain, with no special privileges, you can get 100% visibility into the entire corporation, without any risk of detection?

      How? With a simple query to the AD.

      Let me give you some examples:

      Attackers can ask the AD for a list of all servers and computers that are registered in the corporation along with a list of all the powerful identities. Attackers can be more specific and ask the AD to provide a list of servers with a particular application running. They can also learn when the last time someone logged into the server! (This helps them determine if it is worth their time, or if it’s a honeypot.)

      These queries take a few seconds and requires no special tools or malicious binaries. To add insult to injury, there is no solution today that can prevent this from happening.

      To reiterate, all attackers need is just one compromised endpoint that is connected to the domain, and they have 100% visibility of your entire corporate environment. And, as you know, there are endless ways to break through the perimeter—from phishing emails to an infected website to even an insider.

      Now I can’t sleep! Why is Microsoft not doing anything about it? Because it is by design; and as far as they’re concerned, it is not a vulnerability that needs a solution.

      How common is AD in the corporate world? 9 out of 10 companies around the world are using AD to manage their resources—from governments to hospitals to banks and even retailers. According to Gartner, almost 100% of their computers are connected to the domain.

      When attackers have 100% visibility of the entire corporation, what happens next? There is a misconception about what’s next. A lot of people think that attackers use exploits and zero-days to move laterally to the next machine. That is simply not true.

      In reality, they obtain valid domain credentials and move laterally to the next target undetected, using legitimate tools and protocols. (There are many stealthy attack methodologies that aid the

      Security News - 7:30-8:30PM

      Paul's Stories

      1. Password Magic Numbers Rob 'mubix' Fuller
      2. scanless A Public Port Scan Scraper
      3. Coming together to address Encapsulated PostScript (EPS) attacks
      4. SSA.GOV To Require Stronger Authentication
      5. Android Permissions Flaw Will Linger Until O Release
      6. Cisco Patches IOS XE Vulnerability Leaked in Vault 7 Dump
      7. Session Hijacking, Cookie-Stealing WordPress Malware Spotted
      8. ASUS Patches RT Router Vulnerabilities
      9. Attention, Asus RT wireless router owners: Patch your gear now to squash web hijack bugs
      10. Oh, great: There's a new Same Origin Policy exploit for Edge
      11. Avast blocks the entire internet again
      12. 120,000 IoT Cameras Vulnerable To New Persirai Botnet
      13. Adobe Patches Critical Vulnerabilities In Flash, OEM
      14. Trump Fires FBI Director Comey