Changes

From Security Weekly Wiki
Jump to navigationJump to search
8,308 bytes added ,  16:24, 6 June 2017
no edit summary
= Paul's Security Weekly - Episode 471 - 6:00PM =
Recorded
== Episode Audio ==
[] Coming Soon<div align="center">{{#widget:SoundCloud|id=271764314|width=75%|height=100|color=660202|visual=false}}</div>
= Interview: Mark Baggett =
Mark has more than 28 years of commercial and government experience ranging from Software Developer to CISO. He is a Senior Instructor for The SANS Institute and the author of SEC573. He is the founding president of The Greater Augusta ISSA chapter. Course Author and Instructor for SEC573 Python for Penetration Tester. Instructor for SEC504 Incident Handling and Hacker Techniques, SEC560 Penetration Testing, 561 Advanced Hands On Penetration Testing.
<center>{{#ev:youtube|MSqpIT9BUbQ}}</center>
CISO, IT Team Lead, Software Developer
Senior SANS Instructor
Founding President of Greater Augusta ISSA
BSidesAugusta Organizing Committee
 
1) GIAC now has the GPYC (Giac Python Coder) Certification. So if you know Python you now have a credential you can show to employers that proves you have that skill
 
2) Joff Thyer is teaching SEC573 at SANS Network Security in Las Vegas Monday Sep 12, 2016. This is the LAST OPPORTUNITY to take this course in its current form at a PUBLIC event (we run this course a lot privately). Today it is "Python for Penetration Tester" and the entire course is focused on developing Penetration Testing tools. Next year the course will be rewritten to reach a broader audience. Next year it will have approximately 1 day of forensics, 1 day of defense and 1 day of penetration testing. So if you want a 100% penetration testing focused class then you want to go see Joff Thyer this September.
 
https://www.sans.org/event/network-security-2016/course/python-for-pen-testers
 
 
I can bring these up and discuss them in context while discussing :
- The current SEC573 and the new SEC573 course,
- GPYC,
- how this relates to the LONG list of Python courses that are available on the web
- WHO should take the course? A beginners or someone who already knows how to code?
 
Older, but perhaps some of your listeners didn't see these. If you would like we can talk about these two forms of the same defenseive tactic. Deceiving attackers with fake or altered credentials.
 
- LIAM NEESON. https://isc.sans.edu/diary/Offensive+Countermeasures+against+stolen+passswords/20455
- Honey hashes: https://isc.sans.edu/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
{{FiveQuestions}}
= Tech Segment: Building A PfSense Firewall - Part 1 - The Hardware =
<center>{{#ev:youtube|70VbvZ87Wb4}}</center>
==About & Why==
* [https://www.amazon.com/gp/product/B005O65JXI/ Cooler Master Hyper 212 EVO - CPU Cooler with 120mm PWM Fan] - $29.95
Here's Larry's build:
* Motherboard: [http://www.newegg.com/Product/Product.aspx?Item=N82E16813157614 ASRockJ1900D2Y] Mini ITX, 2 gig ethernet, Intel Quad Core J1900 at 2Ghz processor on board. $169.99
* Memory: I had some 4Gig DDR3 1333 sticks hanging round from some Mac upgrades, so I used what I had on hand. One could likely use [http://www.newegg.com/Product/Product.aspx?Item=N82E16820148813 this] at a total of $17.99
* Drive: [http://www.newegg.com/Product/Product.aspx?Item=N82E16820173035 SanDisk 64GB 3.0 Flash Drive] I has some issues getting this to boot off of USB 3.0, so it is in the INTERNAL USB 2.0 port with no ill effects. $16.59
* Case: [http://www.newegg.com/Product/Product.aspx?Item=N82E16811321018 Habey EMC-800BL] - This one appears to have been discontinued, but one could substitute an equally specced mini-itx, fanless case with power supply. $40
= Security News - 7:00PM-8:00PM =
<center>{{#ev:youtube|Phq_OJNgJhA}}</center>
== Paul's Stories ==
#[http://www.darknet.org.uk/2016/06/openioc-sharing-threat-intelligence/ OpenIOC – Sharing Threat Intelligence] - Can something like this work?
#[https://www.schneier.com/blog/archives/2016/06/facebook_using_.html Facebook Using Physical Location to Suggest Friends]- Well Duh, ever wonder why when you search for someone FB tends to suggest the correct person? It did this when I added my fellow Little League coaches, its based on location.
#[https://isc.sans.edu%2Fdiary%2FWhat%2Bis%2Byour%2Bmost%2Bunusual%2BUser-Agent%3F%2F21203 "What is your most unusual User-Agent?]
#[https://www.schneier.com/blog/archives/2016/06/interview_with_.html Interview with an NSA Hacker] - TLDR, but I plan too.
#[https://threatpost.com/google-play-hit-with-rash-of-auto-rooting-malware/118938/ Google Play Hit with Rash of Auto-Rooting Malware] - This app, which claims to be a level, jailbreaks your device and installs malicious apps.
#[https://threatpost.com/trains-planes-autos-increasingly-in-cybercriminals-bullseye/118956/ "Planes] - For, you guessed it, Ransomeware.
#[https://threatpost.com/conficker-used-in-new-wave-of-hospital-iot-device-attacks/118985/ Conficker Used in New Wave of Hospital IoT Device Attacks]
#[http://news.hitb.org/content/ransomware-targets-corporate-office-365-users-0-day-campaign Ransomware targets corporate Office 365 users in 0-day campaign] - If you guessed Macros as the attack vector, you guessed right. And yes, Macros are still a thing that people use...
#[http://news.hitb.org/content/hacker-wants-sell-10-million-patient-records-black-market A hacker wants to sell 10 million patient records on the black market] - MS08-067 is profitable...
#[http://www.cnet.com/news/one-picture-can-unlock-all-your-apps/ One Picture Can Unlock All Your Apps] - This sounded really bad, until this: ''Instead of relying on a computer to figure out if the photo is accurate, LogMeOnce sends the photo to you on another device and asks if it's OK. You say yes, and you're in.''
#[http://www.theregister.co.uk/2016/06/28/medjack/ US Hospitals Hacked With Ancient Exploits] - Ah yes, some MS08-067 in our healthcare system, what could possibly go wrong?
#[https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html/ CCTV DVR systems Hacked, Used in DDoS Attack
#[http://www.v3.co.uk/v3-uk/news/2463269/the-top-5-security-threats-and-how-to-defend-against-them "The Top 5 Security Threats] - TL;DL: XSS, SQLi, social engineering, "APTs", Insider Threat. More fluff from a news site that wants me to disable my ad blocker to read the rest of the article.
#[http://www.bbc.com/news/technology-36661557 Facebook 'Hack' Victim Exposes Passport Scam] - Apparently you can fake a photo of a Passport, and use that to gain access to someone's Facebook account. No matter how much OPSEC you got, you are vulnerable to this. This is clearly Facebook's problem, however, I will give shout outs to Facebook's internal security and incident response team for helping us this week.
#[http://www.theinquirer.net/inquirer/news/2463219/symantec-security-flaws-are-as-bad-as-it-gets-claims-googles-project-zero "Symantec Flaws As Bad As It Gets] - ''Because no interaction is necessary to exploit it, this is a wormable vulnerability with potentially devastating consequences to Norton and Symantec customers. An attacker could easily compromise an entire enterprise fleet using a vulnerability like this.'' Whoa. Turns out the unpacking of executables is really error prone and vulnerable.
#[http://www.theregister.co.uk/2016/06/30/hackers_ditch_malware_to_move_around_networks/ Hackers Note That Most Breaches Just Need Normal Admin Tools] - Oh, captain obvious reports that after attackers break into networks they use Nmap, Angry IP scanner, TeamViewer and VNC. Not sure why this is news... Begs the question though, do you blend if you use the same tools as the local admins?
#[https://www.engadget.com/2016/06/24/fbi-no-warrant-hack-computer/ Judge says the FBI can hack your computer without a warrant] - Okay, getting the IP address of a computer is NOT hacking, and does not require a warrant according to the judge. This is the same as your phone number, in fact often time law enforcement does not need a warrant to obtain your phone number.
#[https://github.com/RedBalloonShenanigans/MonitorDarkly "GitHub - RedBalloonShenanigans/MonitorDarkly: Poc] - Hacking monitors, still trying to figure out how this works and what is gained by doing so.
== Larry's Stories ==
#[http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html?m=1 Tavis at AV again] - This time unpackers in the kernel? always a good idea, right? Only if it is wormable. Oh, it is? GREAT!
#[https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/ Uber Bug bounty submissions] - I love this write up on some submissions to Uber’s Bug Bounty program. Not only did they find some interesting things at Uber, the showed us how they did it. great things to think about with any web/mobile app testing, and some good methodology to put in the toolbox.
#[http://www.darkreading.com/endpoint/passwords-to-be-phased-out-by-2025-say-infosec-pros/d/d-id/1326112 No more passwords!] - It is ok, because studies say they will be gone by 2025, to be replaced by “biometrics “behavioral and otherwise”. To qopte every Star Wars Character ever: “I’ve got a bad feeling about this."
#[https://theintercept.com/2016/06/30/official-tally-of-wiretaps-belies-government-scare-stories-about-encryption/ Unofficial count of wiretaps indicate 1% use encryption] - Hrm. Dumb.
== Joff's Stories ==
1,595

edits

Navigation menu