Episode589

From Paul's Security Weekly
Jump to: navigation, search

Recorded January 10, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist & certified security curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Lee Neely
    is the Sr Cyber Analyst at LLNL,SANS Analyst


  • Announcements

    • RSA Conference 2019 is the place to be for the latest in cybersecurity data, innovation and thought leadership. From March 4 – 8, San Francisco will come alive with cybersecurity’s brightest minds as they gather together to discuss the industry’s newest developments. Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass!
    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.


    Interview: Bryson Bort, Scythe - 6:00-6:45PM

    Bryson Bortis the Founder/CEO of GRIMM
    Bryson is the Founder and CEO of SCYTHE and Founder of GRIMM. Prior to launching SCYTHE and GRIMM, Bryson led an elite research & development (R&D) division that directly contributed towards National Security priorities and interest. Prior to that he developed an enterprise R&D program and supported creation of a cybersecurity strategy as a Deputy CTO and Program Director focused on supporting technology research and global infrastructure for the DoD and the Intelligence Community.


    Tech Segment: Kory Findley - 6:45 - 7:30PM

    Kory Findley
    is an Offensive Security Engineer.
    Kory Findley started his information security career in July of 2014 as a Junior Security Engineer for Gaikai, the Sony-owned company responsible for creating PlayStation Remote Play and PlayStation Now. Kory was tasked primarily with security automation and creating custom offensive and defensive security tools. After spending almost 2 years with Gaikai, Kory joined InGuardians, Inc. as a Security Consultant, continuing to create new security tools while performing external network, internal network, wireless and red team security engagements. Kory is now an Offensive Security Engineer and lead penetration tester for a Fortune 500 E-Commerce company.

    Topic:

    Internal network segment reconnaissance using packets captured from broadcast and service discovery protocol traffic. pktrecon is a tool for internal network segment reconnaissance using broadcast and service discovery protocol traffic. Individual pieces of data collected from these protocols include hostnames, IPv4 and IPv6 addresses, router addresses, gateways and firewalls, Windows OS fingerprints, and much more. This data is correlated and normalized with attackers in mind, and provides an effective method of initiating an engagement and obtaining as much target data as possible before resorting to more active methods.

    Link to GitHub: https://github.com/k0fin/pktrecon

    Pktrecon.jpg



    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Why Hyatt Is Launching a Public Bug Bounty Program - They had a small private bounty program, but now its public. Also this: The Hyatt bug bounty program prohibits the use of social engineering tactics for the program. Social engineering could include the use of phishing emails to trick a user to click on something malicious as well as fraudulent voice phone calls. Additionally, the program does not include point-of-sale (PoS) terminals at the hotel. PoS attacks at hotel chains have led to data breaches at multiple hotels in the past, including a 2015 incident in hotels operated by Hyatt.
    2. Consumers Demand Security from Smart Device Makers - I just don't believe it: When asked what factors play into their shopping decisions, security came on top at 21%, followed by value for money (20%), ease of use (11%), trusted brand (9%), and ease of setup (7%). Ninety percent of consumers think any piece of smart tech can be hacked, according to the survey. Galen's post is here: https://azure.microsoft.com/en-us/blog/new-smart-device-security-research-consumers-call-on-manufacturers-to-do-more/
    3. Reddit Alerts Users to Possible Account Breaches - Some security experts noted that the reported activity fit the profile of a specific attack. In an emailed statement to Dark Reading, Jarrod Overson, director of engineering at Shape Security, wrote, "Whenever there is a massive account takeover wave unrelated to a system compromise, it is very likely it is due to a credential stuffing attack." He explained that credential stuffing involves using automated tools to use usernames and passwords stolen from one site to try to gain access to another.
    4. Heathrow flights disrupted by yet another drone
    5. Enterprise iPhones will soon be able to use security dongles - iPhone users will hate this, enterprises don't want to manage mobile devices and when they do it fails often, yet here we are: What’s really important here isn’t just the news that enterprises can now look to deploy hardware-based security around their mobile systems, but also that this development reflects how important Apple’s products are becoming to the enterprise. While no one really likes using dongles, they do enhance Apple’s already industry-leading reputation for security, making it possible to deploy these devices in even more mission-critical situations.
    6. The Promise and Peril or 5G - Don't believe we will see security issues at scale until the cost comes down, much like WiFi: The immense buzz around 5G makes sense given what it promises: It aims to deliver 10 to 100 times faster throughput than existing 4G networks, allowing tens of thousands of simultaneous users to receive at least 1Gbps, which is as fast as the top tier of a cable connection at home. But 5G isn’t just a bigger, better version of LTE—its view is broader than that.
    7. Cutting Through the Jargon of AI & ML: 5 Key Issues
    8. Web Vulnerabilities Up, IoT Flaws Down - Ugh, now Dark Reading tells me I've hit my limit of articles, too bad as this was likely a sponsored post, all we have to go on is that a web security vendor says there are more web vulnerabilities than IoT: The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.
    9. Ironic turn Kaspersky Labs helped NSA to catch alleged data thief
    10. Google DNS Service (8.8.8.8) Now Supports DNS-over-TLS Security
    11. New Systemd Privilege Escalation Flaws Affect Most Linux Distributions - I miss init: The first two flaws are memory corruptions issues, while the third one is an out-of-bounds read issue in systemd-journald that can leak sensitive process memory data. Researchers have successfully created proof-of-concept exploits, which they are planning to release in the near future. "We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64, on average," the researchers write in an advisory published Wednesday.
    12. Who cracked El Chapo's encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager - Whew, this dude has some cojones, or did the feds have something on him? I have no proof, just love of conspiracy theories: Prosecutors told the court earlier in the trial that a key witness – which turns out to be Rodriguez – had suffered a "nervous breakdown" in 2013 because of "stress" of working for El Chapo – although the stress was more likely due to the fact that he was working undercover for the Feds while in charge of the comms network of an extremely violent criminal enterprise. Eventually, Rodriguez left the cartel – it's not clear under what circumstances or if the Feds helped. But by then Guzman and Cifuentes had grown suspicious that their IT guy may have flipped and various enforcers turned up looking for Rodriguez – something that didn't exactly improve his sense of personal safety. Rodriguez is still expected to appear as a witness at some point in the trial: The sysadmin who took down a drug lord.
    13. Security Matters When It Comes to Mergers & Acquisitions

    Joff's Stories

    1. [https://arstechnica.com/gadgets/2019/01/latest-windows-10-build-makes-setup-quieter-passwords-optional/ Windows 10 with Password-Less Accounts

    Larry's Stories

    1. Fake messages via Australian early warning system, thanks hackers
    2. DC Metro as a spy device. Closer than you think…
    3. RCE in Windows DHCP client…..oh my

    Lee Neely's Stories

    1. Amazon Key partners with myQ Amazon is venturing into enabling Key to open your garage door, including an optional camera.
    2. Adobe releases emergency fixes for Acrobat Reader Bugs let an attacker execute arbitrary code and allowed privilege escalation via six iterations of the software
    3. China is hacking America's Secrets. Can Legislation stop it? This is about proposed legislation to create an office to track these activities.
    4. NCSC launches program to help US firms guard against foreign hackers This is an information sharing project under ODNI to provide information othewise not available to businesses about the threats and mitigations.
    5. US telcos caught selling people's location data yet again Legislators threatened to create legislation limiting sale of location data, cell providers promised to address to avoid new regulations, and that didn't work out. The information is being sold to organizations that resell it to iffy miscreants.

    Jeff's Stories

    Jason's Stories