From Paul's Security Weekly
Recorded June 20, 2019 at G-Unit Studios in Rhode Island!
- 1 Episode Audio
- 2 Announcements
- 3 Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM
- 4 Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM
- 5 Security News - 7:30PM-8:30PM
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Mark your calendars for our Security Weekly Holiday Extravaganza! On December 19th, Security Weekly will be live-streaming 5 one hour panel discussions with some of the most knowledgable professionals in the industry! To round out the evening, Ed Skoudis will be joining the Security Weekly hosts to give his annual announcement about the CounterHack Holiday Hack Challenge! You can view the live stream on our Youtube channel or by visiting securityweekly.com/live. We hope to see you there!
Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM
Vivek Ramachandran has been researching Wi-Fi security for over a decade. He discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots) and others. He is the author of multiple five star rated books on Wi-Fi security which have together sold over 20,000+ copies worldwide and have been translated to multiple languages.
Vivek’s work on wireless security (Caffe Latte attack) has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada and others. He has also spoken/trained at top conferences including BlackHat USA, Europe and Abu Dhabi, Defcon, Brucon, HITB, Hacktivity and others. Vivek is also the Founder, CEO of Pentester Academy, AttackDefense.com and Hacker Arsenal. Pentester Academy now trains thousands of customers from government agencies, Fortune 500 companies and smaller enterprises from over 90 countries.
- Online Training: https://www.PentesterAcademy.com
- Cyber Range: https://www.AttackDefense.com
- Twitter: https://twitter.com/SecurityTube
- Facebook: https://www.facebook.com/ST.Trainings/
- LinkedIn: https://www.linkedin.com/in/vivekramachandran
Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM
- Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
- Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
- Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?
Security News - 7:30PM-8:30PM
- 5 Keys to Improve Your Cybersecurity
- Censorship vs. the memes
- Engineer's 'Smart Speaker Firewall' isolates Alexa devices in a snap
- How Not To Prevent a Cyberwar With Russia
- A Plan to Stop Breaches With Dead Simple Database Encryption
- Antivirus Evasion with Python
- The case against knee-jerk installation of Windows patches - Does applying patches as soon as they come out really help today? Some think not: With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.
- Hacker conference speaker axed over abortion views - Jennifer's comments are very interesting: Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference. In a tweet, she asked: "Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don't know?" Two sides: 1) Are speakers political views criteria for being accepted to speak or not? 2) In this case its not only the person's views but a documented track record of voting against Women's rights, therefore justifiable to be asked not to speak at a conference? Also, Jennifer is questioning the access to the information, so as long as we don't share or publicize our views, thats okay and you can speak regardless of your views?
- The Backdoor in your Living Room - Apparently, the code is bad: For the Tizen OS, Amihai Neiderman recently defined that: “It may be the worst code I’ve ever seen,” “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.” Uhm, so our new developer is 15 and doing just fine.
- Designers built an AI penis detector to protest Googles prudish doodles
- Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
- Massive Blackout Leaves Most of Argentina, Uruguay Without Power
- How To Test Drive 200+ Linux Distributions Without Ever Downloading Or Installing Them
- Data breach forces medical debt collector AMCA to file for bankruptcy protection
- U.S. Customs and Border Protection Data Breach Result of Supply Chain Attack
- A Method for Establishing Liability for Data Breaches Make 'em pay!
- Personal data of 2.7 million people leaked from Desjardins That's like, the entire population of Canada
- Phishing scam hacks 2FA Phishing email sends user to fake site, which passes username, password and one-time-token to real site.
- XSS Flaw exposes Google employees to attack. Flaw in Google site can be used to attack existing users of system.
- US-CERT AA19-168A: Microsoft OS BlueKeep Vulnerability Alert CUSA issues guidance regarding BlueKeep for Windows 2000, Vista, 7, 2003, 2003R2, 2008 & 2008R2.
- Google researcher finds weakness in MS SymCrypt Library used for Symmetric encryption on Windows 8 and beyond, flaw results in infinite loop/reboot, trigger able by benign looking X.509 certificate.
- Exim worm spreading through Azure Prevent worm spread by updating Exim service to 4.92 on linux.
- US Hacks Russian Grid Very difficult to verify as details classified. US Cyber Command reportedly using new powers to establish foothold on Russian Power Grid.
- Researcher scrapes 7 million Venmo transactions Make sure your Venmo account is set to private.
- A Duie Pyle goes Extra Mile after Ransomware A Duie Pyle went above and beyond to communicate status after Ransomware incident. Failed back to taking orders over the phone.