From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 520

Episode Audio

Recorded on June 29, 2017


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jack Daniel
    Works for Tenable Network Security and Co-Founder of Security BSides.
  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Announcements

    Interview: Moses Hernandez, Cisco Systems - 6:00PM-7:00PM

    Moses Hernandez [1]

    Moses returns to the show to discuss his background in technology and security (which is eerily similar to Paul's!). The crew then got into a deep discussion of the history of many different technologies (Solaris Firewalls, IDS, Java and more!). Moses talked at length about serialization bugs in both PHP and Java. Then we dove right into JavaScript. It was a nerdfest, not to be missed!

    Moses is a Consulting Systems Engineer for Cisco Systems, an instructor for the Penetration Testing Courses at SANS, and provides several days of Content for SEC642: Advanced Web Application Penetration Testing. He has been loosely involved in all things ‘computer’ since the mid 90 were when he ran bulletins boards as a teenager. Other than the regular types of jobs an info sec pro can hold, he has also worked as a platform operator automating application delivery and has given talks on working in the trenches with developers and operations. You can find him twittering and occasionally blogging at http://renegade.blog.

    Tech Segment: Domain Persistence, Javelin Networks

    Guy came on the show and gave a live demo on how to become Domain Admin in an Active Directory environment, and keep those privileges for 20+ years. Today Guy is going to talk about different scenarios where a threat actor can act inside a domain environment to gain persistent for a long period of time without anyone from the IT noticing it.

    He will cover different vectors - either by attacking the DC, changing special permission to hide privileges and using various of AD attributes to create persistency. The first thing he is going to talk about is the AdminSDHolder and SDPROP mechanism that goes along with it. How we can we manipulate it to give admin rights when we need it. Then he will talk about different credentials persistence - golden ticket, replication users and smart card manipulation. Afterwards, he will talk about different ways to hide permissions and privileged accounts we create. At the end, He'll talk about attacking the DC to gain persistence through skeleton key and security providers.

    Guy is a highly experienced Security Researcher & Developer. He performed as both Red Team and Blue Team attack and defense, in the Israeli intelligence unit of the cyber division and worked commercially as a security consultant. He is highly skilled in the field of Forensics and Security Analysis, with special development and research of cyber defense tools and offensive techniques for networks.

    Security News - 7:30-8:30PM

    Paul's Stories

    1. Separating the Paranoid from the Hacked
    2. Choosing Windows for your organization should get you fired - I love this because it is to controvertial of a viewpoint, and rocks the boat: In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops: You are doing a terrible job and should probably be fired. I know. That’s harsh. But it’s true. If you haven’t yet replaced Windows, across the board, you absolutely stink at your job.
    3. Virus (cough, cough, Petya) goes postal at FedEx, shares halted - FedEx has suspended trading of its shares on the New York stock exchange after admitting that its subsidiary TNT Express has been hit by "an information system virus."
    4. US reveals new airport security measures to avoid expanding laptop ban
    5. IoT Vulns Draw Biggest Bug Bounty Payouts - Finding vulnerabilities tied to the Internet of Things (IoT) carries the potential to capture payouts that are considered among the most lucrative for bug hunters, according to reports released Wednesday by Bugcrowd and HackerOne. IoT and hardware bugs found in such devices as routers, webcams, wearables, and automobiles pay an average of $724 per submission, which is substantially higher than the overall average of $451 per submission last year, according to Bugcrowd. As a result, IoT and hardware targets are viewed as the targets with the highest value.'
    6. Your Linux Machine Can Be Hacked Remotely With Just A Malicious DNS Response
    7. The Life, Death, And Legacy Of iPhone Jailbreaking - Awesome article: Things, however, have changed. The jailbreaking community is fractured, with many of its former members having joined private security firms or Apple itself. The few people still doing it privately are able to hold out for big payouts for finding iPhone vulnerabilities. And users themselves have stopped demanding jailbreaks, because Apple simply took jailbreakers' best ideas and implemented them into iOS. I mean, you can also just buy a phone from Google and run Android...
    8. Doxing, DoS & Defacement: Today's Mainstream Hacktivism Tools
    9. Hacking nuclear submarines how likely is the nightmare scenario?
    10. Linux Systemd Bug Could Have Led to Crash, Code Execution
    11. WikiLeaks Reveals How CIA Malware Tracks Geo-Location of its Targeted
    12. Enterprises just as vulnerable to IT risk as SMBs, Netwrix survey finds

    Jeff's Stories

    1. How an Entire Nation Became Russia’s Test Lab for Cyberwar
    2. British Navy’s Advanced New Aircraft Carrier Reportedly Runs on Windows XP
    3. Nato warns cyber attacks 'could trigger Article 5' as world reels from Ukraine hack
    4. Latest Ransomware Wave Never Intended to Make Money