Difference between revisions of "Episode595"

From Security Weekly Wiki
Jump to navigationJump to search
Line 77: Line 77:
== Matt's Stories ==
== Matt's Stories ==
== Larry's Stories ==  
== Larry's Stories ==
#[https://apple.news/A0vKjJrm_S72QPjayn5OPeQ ATM hacking, gamified]
#[https://blog.cobaltstrike.com/2019/02/19/cobalt-strike-team-server-population-study/ Cobalt Strike Team server study...]
#[https://www.newsweek.com/hacked-sex-robots-could-murder-people-767386 Hacked Sex robots can kill you]
#[https://digi.ninja/blog/cloudflare_example.php Domain fronting with CloudFlare and others]
#[https://github.com/inguardians/Invoke-Clipboard/ Pwning with the clipboard and copy/paste]
== Jason's Stories ==  
== Jason's Stories ==  

Revision as of 23:14, 21 February 2019

Recorded February 21, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Jason Wood
    Threat hunter at CrowdStrike, penetration tester, sysadmin, and Founder of Paladin Security.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor

  • Announcements

    • RSA Conference 2019 is coming up March 4 – 8 in San Francisco! Go to rsaconference.com/securityweekly-us19 to register now using the discount code 5U9SWFD to receive $100 off a full conference pass! If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to securityweekly.com/conferencerequest to submit your request!
    • Registration is now open for the first Security Weekly webcast of 2019! You can register for our "Rise Above Complex Workflows: Practical Ways To Accelerate Incident Response" webcast now by going to securityweekly.com/webcasts.

    Interview: Marcello Salvati, BHIS (SilentTrinity Updates) - 6:00-6:30PM

    Marcello Salvati
    is a security analyst at BHIS.

    Marcello Salvati is a senior security consultant at Coalfire Labs by day and by night a tool developer who discovered a novel technique to turn tea, sushi and dank memes into somewhat functioning code. He is an active member of the InfoSec community who has created numerous open-source tools (CrackMapExec, DeathStar, MITMf), has presented at multiple security conferences such as Defcon, BlackHat, 44Con, DerbyCon, and contributed articles to security publications.

    No PowerShell? No Problem! Red Teaming using the BYOI (Bring Your Own Interpreter) lifestyle.

    Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box?

    Turns out, by harnessing the powah of C# and the .NET framework you can embed entire interpreters inside of a C# binary. This allows you to dynamically access all of the .NET API from a scripting language of your choosing without going through Powershell in any way! In this tech segment I’ll be demoing SILENTTRINITY, a post-exploitation tool I’ve developed that attempts to weaponize some of the BYOI concepts I’ll be explaining how it works at a high level & talking about some of the updates in the 0.1.0 version which is fresh off the presses!

    As for the updates:

    - Out of the PoC stage and into alpha! 0.0.1 -> 0.1.0

    - Completely encrypted c2 communication & staging

    - Boolang support

    - CLI autocompletes all the things

    - You can now customize the checkin interval for each session

    - A handy dandy help menu command

    Here are the all the links:

    - To the SILENTTRINITY code itself on Github : https://github.com/byt3bl33d3r/SILENTTRINITY - My twitters: https://twitter.com/byt3bl33d3r

    Interview: Steve Brown, SecureWorld Boston Keynote - 6:30 - 7:30PM

    Steve Brownis the CEO of Possibility & Purpose and is aka The Bald Futurist

    If you are downloading Steve's biography to use in promotional materials for an event at which he is speaking, please feel free to edit it to fit your needs. Former Futurist and Chief Evangelist at Intel Corporation, Steve Brown is an energetic speaker, author, strategist and advisor with over 30 years of experience in high tech.

    Speaking at events all over the world, Steve helps his audiences to understand the business and societal impacts of new technologies and how they will shape the future five, ten, and fifteen years from now.

    Steve is passionate about helping people to imagine and build a better future; To create new value, to optimize operations, and to delight customers in new ways, all by taking full advantage of the latest that technology has to offer. Whether talking about the future of work in a post-automation world, doing a deep dive on artificial intelligence, or discussing the future of flying cars, Steve always inspires his audiences to think beyond the current status quo and to reimagine their businesses, and their lives, for the better. He then helps his audiences to develop new strategies to navigate through, and thrive amidst, coming change.

    Steve speaks and writes in plain language about the continued advances in technology and how they will combine with business, cultural and human trends to create both new opportunities and new challenges. Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, CBS, and in The Wall Street Journal, Wired Magazine, and many other media outlets.

    Steve serves a broad spectrum of organizations from small non-profits to Fortune 100s, spanning almost every industrial sector, including manufacturing, transportation, retail, hospitality, government, education, agriculture, healthcare, energy, media and entertainment. He offers a rich menu of services including speaking, consulting, and Futurecasting workshops.

    Steve holds Bachelor of Science and Master of Engineering degrees in Micro-Electronic Systems Engineering from Manchester University. He was born in the U.K. and became a U.S. citizen in 2008. He serves on the board of the Brian Grant Foundation, a non-profit devoted to helping people with Parkinson’s Disease to live the best life possible. He lives with his wife in Portland, Oregon.

    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. Password managers leaking data in memory, but you should still use one - Clearly, if passwords – especially master passwords – are hanging around in memory when the application is locked, this raises the possibility that malware could steal this data after infecting a computer. Two-factor FTW, use it on your password managers.
    2. Security Analysts Are Only Human - SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
    3. Drupal Releases Security Updates | US-CERT - To immediately mitigate the vulnerability, you can disable all web services modules, or configure your web server(s) to not allow PUT/PATCH/POST requests to web services resources. Note that web services resources may be available on multiple paths depending on the configuration of your server(s). For Drupal 7, resources are for example typically available via paths (clean URLs) and via arguments to the "q" query argument. For Drupal 8, paths may still function when prefixed with index.php/.
    4. New Free Tool Scans for Chrome Extension Safety - The CRXcavator scans a set of factors including permissions, external calls, third-party libraries, content security, and metadata to give security and IT staff insight into the safety of the browsers on their companies' computers. According to the blog post announcing the tool's availability, Duo researchers scanned 120,463 extensions and apps in January and found that many developers have used poor programming practices in their software. For example, 38,289 extensions " ... used third-party libraries that contain publicly known vulnerabilities," wrote the researchers.
    5. Why Cybersecurity Burnout Is Real (and What to Do About It) - The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
    6. No One is Safe: the Five Most Popular Social Engineering Attacks Against Your Companys Wi-Fi Network - Security Boulevard - Make sure your network users understand the risk of connecting to open access points and are well aware of the techniques mentioned. Running simulations of the above attacks is also recommended. I believe Pwnie Express has a great solution for this.
    7. Jenkins - Remote Code Execution
    8. Kerberoasting Revisited
    9. Experts found a Remote Code Execution flaw in WordPress 5.0.0 - The experts discovered that the flaw could be exploited by an attacker who gains access to an account with at least ‘author‘ privileges on a WordPress install to execute arbitrary PHP code on the underlying server.
    10. GitHub bug bounty: Microsoft ramps up payouts to $30,000-plus | ZDNet
    11. Nasty code-execution bug in WinRAR threatened millions of users for 14 years - The vulnerability was the result of an absolute path traversal flaw that resided in UNACEV2.DLL, a third-party code library that hasn’t been updated since 2005. The traversal made it possible for archive files to extract to a folder of the archive creator’s choosing rather than the folder chosen by the person using the program. Because the third-party library doesn’t make use of exploit mitigations such as address space layout randomization, there was little preventing exploits.
    12. Google admits error over hidden microphone - In response to criticism, Google said on Tuesday: "The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part.” It added: “The microphone has never been on and is only activated when users specifically enable the option. "Security systems often use microphones to provide features that rely on sound sensing. We included the mic on the device so that we can potentially offer additional features to our users in the future, such as the ability to detect broken glass.” - Turn off features you are not using!
    13. Researcher: Not Hard for a Hacker to Capsize a Ship at Sea - Once the hacker is able to reach the control systems, it would for instance be possible to replay the Hoegh Osaka incident, where a car carrier’s ballast tanks weren’t properly filled, which resulted in the ship developing a heavy list during a tight turn out of the port. It narrowly avoided capsize, thanks only to a favorable wind blowing.

    Lee's Stories

    1. Group FaceTime bug prevents adding users to existing call While you can initiate a Group FaceTime call, you cannot add a user to one.
    2. Stratcom study on Cognative Cyber Challenges (Social Engineering) OSINT, Social Engineering, Social Media very effective at gathering OPSEC data from military personnel. Social media fake group/org detection and removal less effective than expected.
    3. Crowdstrike released 2019 global threat report
    4. Splunk changes position on Russian customers Splunk is no longer selling or renewing licenses to customers in Russia - threat response or a political ploy?
    5. Swedish Healthcare Hotline exposes sensitive calls Repository of call recordings available without authentication. Twist: this appears to be a GDPR violation - will there be a penality?
    6. LPG Company leaked Aadhaar details of 6.7M Indian customers Weakness in gas dealer portal could be used to enumerate dealers and their customers. Company denies vulnerability, researchers have provided dumps. The Aadhaar details of Indian citizens is a unique number assigned to each citizen as part of India's biometric identity program maintained by the government's Unique Identification Authority of India (UIDAI).

    Matt's Stories

    Larry's Stories

    1. ATM hacking, gamified
    2. Cobalt Strike Team server study...
    3. Hacked Sex robots can kill you
    4. Domain fronting with CloudFlare and others
    5. Pwning with the clipboard and copy/paste

    Jason's Stories