Changes

From Security Weekly Wiki
Jump to navigationJump to search
3,791 bytes added ,  20:16, 31 October 2017
= Paul's Security Weekly Episode #524 =<!--
<div align="center">
{{#widget:SoundCloud
|id=334296074336565718
|width=75%
|height=100
}}
</div>
-->
''Recorded August 3, 2017 at G-Unit Studios in Rhode Island!''
{{Template:Paul}}
{{Template:Larry}}
{{Template:Joff}}
{{Template:Jeff}}
= Interview: Danny Miller, Ericom Software - 6:00PM-7:00PM =
[[File:Danny MIller.jpg|right|250px|thumb|<center>'''[https://twitter.com/dannydyn Danny Miller] '''</center>]]<!-- <center>{{#ev:youtube|EqVEM6kwaFsIKa9xwz6HMg}}</center> --> Danny Miller of Ericom Software joins us to discuss how enterprises can protect themselves utilizing new approaches to security, such as isolated browsing techniques!
Daniel Miller Danny is the Director of Product Marketing at Ericom Software. He has more than 15 years of industry experience in corporate and product marketing, business development, and product management supporting an array of technology services, hardware and software solutions – with a strong focus on cybersecurity in recent years. Daniel holds a Bachelor's degree in Behavioral Sciences, a Master's degree in Psychology, and an Executive MBA.
= Tech Segment : VaporTrail with Larry Pesce and Galen Alderson, InGuardians - 7:00-7:30PM =
<!-- [[File: SvenMorgenrothGalen Alderson.jpg|right|200px|thumb|<center>'''[https://twitter.com/asdizzle_ Sven Morgenrothunknownloner Galen Alderson], Security Researcher at Netsparker'''</center>]] -->
<!-- <center>{{#ev:youtube|HOnu6yJvFqM_PY2KzyP8Z4}}</center>   Fresh outta high school, Galen still has the new car smell. Galen has many years to become a curmudgeon by getting broken in as an intern at InGuardians. As red team members and even "evil attackers", we've been finding numerous ways to exfiltrate data from networks with inexpensive hardware: Ethernet, WiFi and cellular (2G, 3G and LTE). The first two are highly detectable, while the latter is expensive and both leave a paper trail. We found a way to use a medium that is right under everypony's nose; low power, broadcast FM radio. With a Raspberry Pi and a length of wire, we can send text and raw binary data with a method nopony (until now) would think to look for. We receive the data with an RTL-->SDR, putting our overall hardware budget at $20. In this demo, we will show you how to build and use this system. We'll share tales of the custom software and transmission protocols. You want to see it in action? We've got demos. You want the software? Yep, you can have that too. We're excited to offer Vapor Trail to you, the first FM radio data exfiltration tool. Sure, HAM radio folks have had digital modes for years, but we've done better AND cheaper. We've effectively created our own RF digital mode for pwnage, HAM radio data transfer and redundant communication methods. Why? Because we can. We want to go undetected with current capabilities. Turns out, our approach is quite novel for pulling data right from a network via pcaps or tool output. === Links ===http://vaportrail.io
= Security News - 7:30-8:30PM =
<!-- <center>{{#ev:youtube|kdWMiVSnsRsip_CtcQ9TPE}}</center> -->
== Paul's Stories ==
{{Template:PSWPaul524}}
 
== Larry's Stories ==
#[https://arstechnica.com/gadgets/2017/07/sounds-bad-researchers-demonstrate-sonic-gun-threat-against-smart-devices/ Sonic attacks against GPS/gimbal, etc]
#[https://www.grahamcluley.com/trojan-found-pre-installed-on-android-phones-being-sold-on-amazon/ Pre-pwned android phones for sale on Amazon] - There is a time to buy name brand stuff folks...
#[https://www.grahamcluley.com/hackers-hijack-central-cardiff-billboard-display-swastikas/ Billboard hax] - We drink because you don't change your default passwords.
#[http://www.kitploit.com/2017/07/asto-iot-network-security-analysis-tool.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+PentestTools+(PenTest+Tools)&m=1 IoT security analysis tool]- Um, I am confused....
#[https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con?utm_source=mbtwitter Malwarebyteblog arrested at DEF CON] - yeah the guy that "stopped" wanna cry by registering the killswitch domain...
##BREAKING NEWS [https://www.theguardian.com/technology/2017/aug/03/researcher-who-stopped-wannacry-ransomware-detained-in-us He's tied to the Kronos Banking trojan.]
##[https://twitter.com/actual_ransom MOAR BREAKING NEWS:] The funds from the WannaCry malware are being transferred out of the assigned wallets.
#[https://www.revics-security.com/2017/08/02/wirelesshart-for-wireshark-and-killerbee/ Updates to killlerbee and Wireshark for more functionality to include WirelessHART]
#[http://money.cnn.com/2017/07/27/technology/hack-smart-gun/index.html Hacking a smart gun with high tech and low tech attacks] - This one is damned neat one WiFi based attack, the other with....cheap magnets. The vendor response is also priceless.
 
== Joff's Stories ==
 
#[https://arstechnica.com/information-technology/2017/07/microsoft-expands-bug-bounty-program-to-cover-any-windows-flaw/ Microsoft Expands Bug Bounty Program]
#[https://www.blackhillsinfosec.com/endpoint-monitoring-shoestring-budget-webcast-write/ Endpoint Monitoring on a Shoestring Budget]

Navigation menu