From Paul's Security Weekly
Recorded June 20, 2019 at G-Unit Studios in Rhode Island!
- 1 Episode Audio
- 2 Announcements
- 3 Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM
- 4 Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM
- 5 Security News - 7:30PM-8:30PM
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!
- Have you been trying your hardest to get a ticket to DerbyCon FinishLine?! We know that tickets sold out almost immediately, as they do almost every year, and we have an exciting announcement: Security Weekly is giving away 7 tickets to DerbyCon! Here's what you need to do - subscribe to the Security Weekly YouTube channel and send an email to firstname.lastname@example.org with either a written or video testimonial about what Security Weekly means to you! That's it, it's really that simple! First 7 people to complete this will receive a ticket to DerbyCon! You will also be invited to participate in our Security Weekly DerbyCon interview series that Sam and Mark will be running at the conference!
Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM
Vivek Ramachandran has been researching Wi-Fi security for over a decade. He discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots) and others. He is the author of multiple five star rated books on Wi-Fi security which have together sold over 20,000+ copies worldwide and have been translated to multiple languages.
Vivek’s work on wireless security (Caffe Latte attack) has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada and others. He has also spoken/trained at top conferences including BlackHat USA, Europe and Abu Dhabi, Defcon, Brucon, HITB, Hacktivity and others. Vivek is also the Founder, CEO of Pentester Academy, AttackDefense.com and Hacker Arsenal. Pentester Academy now trains thousands of customers from government agencies, Fortune 500 companies and smaller enterprises from over 90 countries.
- Online Training: https://www.PentesterAcademy.com
- Cyber Range: https://www.AttackDefense.com
- Twitter: https://twitter.com/SecurityTube
- Facebook: https://www.facebook.com/ST.Trainings/
- LinkedIn: https://www.linkedin.com/in/vivekramachandran
Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM
- Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
- Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
- Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?
Security News - 7:30PM-8:30PM
- 5 Keys to Improve Your Cybersecurity
- Censorship vs. the memes
- Engineer's 'Smart Speaker Firewall' isolates Alexa devices in a snap
- How Not To Prevent a Cyberwar With Russia
- A Plan to Stop Breaches With Dead Simple Database Encryption
- Antivirus Evasion with Python
- The case against knee-jerk installation of Windows patches - Does applying patches as soon as they come out really help today? Some think not: With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.
- Hacker conference speaker axed over abortion views - Jennifer's comments are very interesting: Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference. In a tweet, she asked: "Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don't know?" Two sides: 1) Are speakers political views criteria for being accepted to speak or not? 2) In this case its not only the person's views but a documented track record of voting against Women's rights, therefore justifiable to be asked not to speak at a conference? Also, Jennifer is questioning the access to the information, so as long as we don't share or publicize our views, thats okay and you can speak regardless of your views?
- The Backdoor in your Living Room - Apparently, the code is bad: For the Tizen OS, Amihai Neiderman recently defined that: “It may be the worst code I’ve ever seen,” “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.” Uhm, so our new developer is 15 and doing just fine.
- Designers built an AI penis detector to protest Googles prudish doodles
- Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
- Massive Blackout Leaves Most of Argentina, Uruguay Without Power
- How To Test Drive 200+ Linux Distributions Without Ever Downloading Or Installing Them
- Data breach forces medical debt collector AMCA to file for bankruptcy protection
- U.S. Customs and Border Protection Data Breach Result of Supply Chain Attack
- A Method for Establishing Liability for Data Breaches Make 'em pay!
- Personal data of 2.7 million people leaked from Desjardins That's like, the entire population of Canada
- Phishing scam hacks 2FA Phishing email sends user to fake site, which passes username, password and one-time-token to real site.
- XSS Flaw exposes Google employees to attack. Flaw in Google site can be used to attack existing users of system.
- US-CERT AA19-168A: Microsoft OS BlueKeep Vulnerability Alert CUSA issues guidance regarding BlueKeep for Windows 2000, Vista, 7, 2003, 2003R2, 2008 & 2008R2.
- Google researcher finds weakness in MS SymCrypt Library used for Symmetric encryption on Windows 8 and beyond, flaw results in infinite loop/reboot, trigger able by benign looking X.509 certificate.
- Exim worm spreading through Azure Prevent worm spread by updating Exim service to 4.92 on linux.
- US Hacks Russian Grid Very difficult to verify as details classified. US Cyber Command reportedly using new powers to establish foothold on Russian Power Grid.
- Researcher scrapes 7 million Venmo transactions Make sure your Venmo account is set to private.
- A Duie Pyle goes Extra Mile after Ransomware A Duie Pyle went above and beyond to communicate status after Ransomware incident. Failed back to taking orders over the phone.