Episode538

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly #538

Episode Audio

Recorded November 30, 2017 at G-Unit Studios in Rhode Island!

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Not Kevin
    Senior Security Engineer at Barkly, Co-Founder of Vermont Hackspaces, definitely Not Kevin.
  • Interview: Allison Miller​ - 6:00PM-6:45PM

    Allison Miller
    Security innovator and leader in the security community.

    Allison Miller has been working in the intersection of cybersecurity, human behavior, and predictive analytics for almost two decades. A proven innovator in the security industry, she has pioneered the use of data-driven detection technologies within security, anti-fraud/anti-abuse, and payments/commerce systems around the world. In addition, Allison is active in the security community as an advisor and leader, and continues to conduct and share research on topics in risk, cybersecurity, and economics — both locally in the SF Bay and internationally.

    Tech Segment: Network Telemetry with Mick Douglas, SANS Institute - 6:45-7:45PM

    Mick Douglas
    Certified SANS Institute instructor, Managing Partner at InfoSec Innovations, lateral movement detector.

    Even when his job title has indicated otherwise, Mick Douglas has been doing information security work for over 10 years. He received a bachelor's degree in communications from Ohio State University. He is the managing partner for InfoSec Innovations. He is always excited for the opportunity to share with others so they do not have to learn the hard way! By studying with Mick, security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find Mick indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.

    Outline

    I am planning on showing a *hella* cool lab from SANS 555. We'll be showing how to feed common and default logs into an ELK stack, so you can instantly generate an asset inventory... and use network telemetry to find unauthorized hosts. This is a **CRITICAL** problem at many organizations, so much so that it's the very first entry on the 20 Critical Controls. Yes, you're reading this right... simply looking for NTP traffic can help you find unauthorized systems.

    • Very quick overview of ELK
    • Finding unauthorized NTP use
    • Validating hosts through Nessus scan results
    • Going forward... next steps.

    Security News - 7:45PM-8:30PM

    Paul's Stories

    1. Pay Attention to SD-WAN Security
    2. WordPress 4.9.1 Debuts with Updates to Harden Security
    3. Cisco Patches Critical Playback Bugs in WebEx Players
    4. The History and Reinvention of NAC
    5. Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser
    6. HP Silently Installs Telemetry Bloatware On Your PCHere's How to Remove It
    7. Why <blank> Gets You Root
    8. NSA "Red Disk" Data Leak
    9. Cisco Releases Security Updates
    10. Apple Releases Security Update for macOS High Sierra

    Larry's Stories

    1. NSA Contractor, Who was it? - I'm particularly proud and humbled by this one...
    2. Hey, I forgot the root password

    Jeff's Stories

    1. Why <blank> Gets You Root #iamroot
    2. Who Was the NSA Contractor Arrested for Leaking the Shadow Brokers Hacking Tools?
    3. NSA Hit by Yet Another Leak
    4. Uber...
    5. Hackers are Taking Advantage of Uber's Security Breach
    6. 1.7M Accounts Breached in Imgur Attack that Occurred in 2014
    7. Sexual Assault Also Impacts the Hacker Community


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+