Episode611

From Paul's Security Weekly
Jump to: navigation, search

Recorded July 11, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Patrick Laverty
    is a Pentester for Rapid7
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • We're currently running our annual Listener Feedback Survey! Please visit securityweekly.com -> click the survey tab & select "2019 Listener Survey" to submit your responses!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Mark your calendars for our Security Weekly Holiday Extravaganza! On December 19th, Security Weekly will be live-streaming 5 one hour panel discussions with some of the most knowledgable professionals in the industry! To round out the evening, Ed Skoudis will be joining the Security Weekly hosts to give his annual announcement about the CounterHack Holiday Hack Challenge! You can view the live stream on our Youtube channel or by visiting securityweekly.com/live. We hope to see you there!

    Interview: Blue/Purple Teaming (defense) - Ben Ten, TrustedSec - 6:00-6:30PM

    Ben Mauchis the Team Lead, Defense & Countermeasures at TrustedSec

    Ben has been working in technology and development for over 20 years. He spent 13 years doing defense in the medical industry before moving over to the offense. He uses his knowledge of defense in order to refine his offensive skills and then uses this knowledge to equip customers with a better understanding of defensive methodologies.
    • Education & Certifications
    • GIAC Certified Penetration Tester (GPEN)
    • Professional Affiliations
    • Board Member for Secure Chicago, LLC
    • Passion for Security
    • Ben has dedicated himself to the security industry for the past 15 years.
      He speaks at several conferences a year across the US and he has presented in Oslo, Norway. Ben is active in the security community by offering talks, training, and encouraging new people to get involved. Ben has released open source tools including The PoshSec Framework, HoneyCreds, and Not PowerShell (nps) which are designed to help organizations refine their security posture.

      Topic:
    • Comes from defense, but is more focused on purple team. What exactly is a purple team? Training? Assessment, both? Aren’t the stupid users to blame?
    • Foreign language to avoid detection.
    • Speaking versus training? What have you been doing for training, as you’ve been pulling back from speaking.
    • PowerShell on non-Windows platforms. Are there any cool, non-obvious things we can do?
    • Have you encountered during a red team an environment that had Powershell so locked down it would compromise his C2 capabilities and how did he go about circumventing it.
    • nconventional C2 Frameworks that don't use powershell like Covenant or Silent Trinity, RTT (Silent Break)
    • The PoshSec Framework, HoneyCreds, and Not PowerShell (nps)


    Security News - 6:30 - 7:30PM

    Larry's Stories

    An open question: PGP vs Signal for e-mail secure communication? Adoption of PGP vs Signal?

    1. Malware on the High Seas - phishing being used against the US Cost Guard in an attempt to gain access to data on the vessels.
    2. Microsoft warns of file-less malware attack Astaroth, reminds me of what we do as red teasers
    3. Unattended, no click Zoom hacks
    4. Hate crime perps caught because they automatically connected to WiFi
    5. US weapon systems hacked in 9 second because of default passwords and other DoD cyber security folly
    6. GoBotKR botnet through pirate Korean videos
    7. Apple iMessage bug bricks phones, patch available
    8. Android apps harvest data, even though they were told not to

    Patrick's Stories

    1. Zoom RCE Vulnerability Found
    2. YouTube banning hacking videos, now admits mistake
    3. Android Won't Take No For an Answer More than 1000 Android apps still collect personal data even after user clicks no.
    4. Down Goes Twitter!

    Doug's Stories

    1. Porn Pirating Lawyers sentenced - A US lawyer who uploaded pornography on to file-sharing sites then sued people who downloaded it, has been sentenced to five years in jail.
    2. Crypto Peer-to-Peer Exchanges Grow in Popularity as Regulatory Scrutiny Rises - The uptick in regulatory scrutiny amid this year’s re-emergence of cryptocurrencies is driving some of the speculative asset classes’ biggest advocates further into the darkest corners of finance.
    3. Rhode Island Governor Cuts CISO Position from Cabinet - The controversial decision to eliminate the state's chief information security officer has inspired criticism, though state officials have promised a continued commitment to cybersecurity efforts.
    4. Cybersecurity Firm McAfee Preps for Public Market Return - The company's owners - private-equity firms TPG and Thoma Bravo, and chipmaker Intel - have been meeting with bankers this week to discuss plans for an initial public offering that could occur later this year, The Wall Street Journal reports.

    Lee's Stories

    1. Chinese Tourists forced to install Software at border Chinese border officials side-load JingWang application; primarily targeting Xinjiang's Uighur population; that sends device data to their servers, un-encrypted, for analysis also searches for 73,000 files of interest such as religious videos, images and electronic documents.
    2. 1TB Police Bodycam footage available online The police department IT service providers, who were collecting the videos were compromised. Make sure that your service provider is InfoSec aware. Should we expect the hackers to store the acquired content securely?
    3. Orvibo IoT management database insecure SmartMate device management database, with 2 Billion records for devices in 2 Million households had no protection and included usernames, non-salted MD5 Hashed passwords, password reset codes and device location data. How secure is your IoT management system?
    4. Russian hackers target banks Hacker group compromises IT systems, causes ATM to dispense any amount unchecked.
    5. U.S. Cyber Command warns of Outlook flaw exploited by Iranian Hackers Hckers exploit Microsoft Outlook vulnerability tracked as CVE-2017-11774 in an effort to deliver malware.
    6. Huawei Employees linked to China State Intel Agencies Look to the big picture - consider the alliances of your suppliers, at all levels. Who are they truly working for?
    7. Acedemics steal data from air-gapped systems via Keyboard's LEDs It is interesting how you can leverage system components to exfiltrate data across an air-gap. Ben-Gurion University has researched for years. Some other examples LCD Displays CPU fans for pickup as audio CPU Load for pickup as heat HDD Motor/Head noise
    8. It would take 50-year-old NASA computer more than a quintillion years to mine a single bitcoin block Relative comparison of Appolo-era computer compute speed to today's tech.



    Tech Segment: Reinhard Hochrieser, Jumio - 7:30PM-8:30PM

    Reinhard Hochrieser is Vice President of Product Management at Jumio, and responsible for the entire product experience, driving innovative ideas and solutions, and leading a global team of product managers. He previously served as Jumio’s director of product management and has been with the company since 2012. Reinhard has more than a decade of experience in enterprise solutions and held multiple product and engineering roles at Keba Group, a market leader of automation solutions for the banking and postal industries, before joining Jumio. He holds a Master of Science degree and Bachelor of Science degree in computer science from Johannes Kepler University Linz.

    Segment Title/Topic:
    Today’s State of Security Demands the Need for Biometric Authentication

    Segment Description:
    • Growth of account takeover and how to prevent it – Data breaches continue to threaten organizations and expose usernames and passwords on the Dark Web, enabling fraudsters to use stolen data to access a user’s existing account, tips to protect against account takeover
    • Death of traditional authentication methods & rise of biometric-based authentication – Two-factor authentication, passwords and knowledge-based authentication are no longer reliable or secure because they can be easily bypassed. Companies need to embrace emerging technology, such as artificial intelligence, augmented intelligence and machine learning, and adopt new authentication methods, like biometric-based authentication, to fight automated fraud and protect their online ecosystems.