Recorded February 21, 2019 at G-Unit Studios in Rhode Island!
- 1 Episode Audio
- 2 Announcements
- 3 Tech Segment: Marcello Salvati, BHIS (SilentTrinity Updates) - 6:00-6:30PM
- 4 Interview: Steve Brown, SecureWorld Boston Keynote - 6:30 - 7:00PM
- 5 Security News - 7:05PM-8:00PM
- RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
- Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to securityweekly.com/webcasts.
Tech Segment: Marcello Salvati, BHIS (SilentTrinity Updates) - 6:00-6:30PM
No PowerShell? No Problem! Red Teaming using the BYOI (Bring Your Own Interpreter) lifestyle.
Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?
Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! In this tech segment I’ll be demoing SILENTTRINITY, a post-exploitation tool I’ve developed that attempts to weaponize some of the BYOI concepts I’ll be explaining how it works at a high level & talking about some of the updates in the 0.1.0 version which is fresh off the presses!
As for the updates:
- Out of the PoC stage and into alpha! 0.0.1 -> 0.1.0
- Completely encrypted c2 communication & staging
- Boolang support
- CLI autocompletes all the things
- You can now customize the checkin interval for each session
- A handy dandy help menu command
Here are the all the links:
Interview: Steve Brown, SecureWorld Boston Keynote - 6:30 - 7:00PM
Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.
Steve is passionate about helping people to imagine and build a better future; To create new value, to optimize operations, and to delight customers in new ways, all by taking full advantage of the latest that technology has to offer. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve always inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better. He then helps his audiences to develop new strategies to navigate through, and thrive amidst, coming change.
Steve speaks and writes in plain language about the continued advances in technology and how they will combine with business, cultural and human trends to create both new opportunities and new challenges. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, CBS, and in The Wall Street Journal, Wired Magazine, and many other media outlets.
Steve serves a broad spectrum of organizations from small non-profits to Fortune 100s, spanning almost every industrial sector, including manufacturing, transportation, retail, hospitality, government, education, agriculture, healthcare, energy, media and entertainment. He offers a rich menu of services including speaking, consulting, and Futurecasting workshops.
Steve holds Bachelor of Science and Master of Engineering degrees in Micro-Electronic Systems Engineering from Manchester University. He was born in the U.K. and became a U.S. citizen in 2008. He serves on the board of the Brian Grant Foundation, a non-profit devoted to helping people with Parkinson’s Disease to live the best life possible. He lives with his wife in Portland, Oregon.
Security News - 7:05PM-8:00PM
- Password managers leaking data in memory, but you should still use one - Clearly, if passwords – especially master passwords – are hanging around in memory when the application is locked, this raises the possibility that malware could steal this data after infecting a computer. Two-factor FTW, use it on your password managers.
- Security Analysts Are Only Human - SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
- Drupal Releases Security Updates | US-CERT - To immediately mitigate the vulnerability, you can disable all web services modules, or configure your web server(s) to not allow PUT/PATCH/POST requests to web services resources. Note that web services resources may be available on multiple paths depending on the configuration of your server(s). For Drupal 7, resources are for example typically available via paths (clean URLs) and via arguments to the "q" query argument. For Drupal 8, paths may still function when prefixed with index.php/.
- New Free Tool Scans for Chrome Extension Safety - The CRXcavator scans a set of factors including permissions, external calls, third-party libraries, content security, and metadata to give security and IT staff insight into the safety of the browsers on their companies' computers. According to the blog post announcing the tool's availability, Duo researchers scanned 120,463 extensions and apps in January and found that many developers have used poor programming practices in their software. For example, 38,289 extensions " ... used third-party libraries that contain publicly known vulnerabilities," wrote the researchers.
- Why Cybersecurity Burnout Is Real (and What to Do About It) - The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
- No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Companys Wi-Fi Network - Security Boulevard - Make sure your network users understand the risk of connecting to open access points and are well aware of the techniques mentioned. Running simulations of the above attacks is also recommended. I believe Pwnie Express has a great solution for this.
- Jenkins - Remote Code Execution
- Kerberoasting Revisited
- Experts found a Remote Code Execution flaw in WordPress 5.0.0 - The experts discovered that the flaw could be exploited by an attacker who gains access to an account with at least ‘author‘ privileges on a WordPress install to execute arbitrary PHP code on the underlying server.
- GitHub bug bounty: Microsoft ramps up payouts to $30,000-plus | ZDNet
- Nasty code-execution bug in WinRAR threatened millions of users for 14 years - The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.
- Google admits error over hidden microphone - In response to criticism, Google said on Tuesday: "The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.” It added: “The microphone has never been on and is only activated when users specifically enable the option. "Security systems often use microphones to provide features that rely on sound sensing. We included the mic on the device so that we can potentially offer additional features to our users in the future, such as the ability to detect broken glass.” - Turn off features you are not using!
- Researcher: Not Hard for a Hacker to Capsize a Ship at Sea - Once the hacker is able to reach the control systems, it would for instance be possible to replay the Hoegh Osaka incident, where a car carrier’s ballast tanks weren’t properly filled, which resulted in the ship developing a heavy list during a tight turn out of the port. It narrowly avoided capsize, thanks only to a favorable wind blowing.
- Group FaceTime bug prevents adding users to existing call While you can initiate a Group FaceTime call, you cannot add a user to one.
- Stratcom study on Cognative Cyber Challenges (Social Engineering) OSINT, Social Engineering, Social Media very effective at gathering OPSEC data from military personnel. Social media fake group/org detection and removal less effective than expected.
- Crowdstrike released 2019 global threat report
- Splunk changes position on Russian customers Splunk is no longer selling or renewing licenses to customers in Russia - threat response or a political ploy?
- Swedish Healthcare Hotline exposes sensitive calls Repository of call recordings available without authentication. Twist: this appears to be a GDPR violation - will there be a penality?
- LPG Company leaked Aadhaar details of 6.7M Indian customers Weakness in gas dealer portal could be used to enumerate dealers and their customers. Company denies vulnerability, researchers have provided dumps. The Aadhaar details of Indian citizens is a unique number assigned to each citizen as part of India's biometric identity program maintained by the government's Unique Identification Authority of India (UIDAI).
- ATM hacking, gamified
- Cobalt Strike Team server study...
- Hacked Sex robots can kill you
- Domain fronting with CloudFlare and others
- Pwning with the clipboard and copy/paste