Difference between revisions of "Episode609"

From Paul's Security Weekly
Jump to: navigation, search
(Episode Audio)
 
Line 31: Line 31:
 
*Facebook: [https://www.facebook.com/ST.Trainings/ https://www.facebook.com/ST.Trainings/]
 
*Facebook: [https://www.facebook.com/ST.Trainings/ https://www.facebook.com/ST.Trainings/]
 
*LinkedIn: [https://www.linkedin.com/in/vivekramachandran https://www.linkedin.com/in/vivekramachandran]
 
*LinkedIn: [https://www.linkedin.com/in/vivekramachandran https://www.linkedin.com/in/vivekramachandran]
<!--<center>{{#ev:youtube|WJAiTXAvtRQ}}</center>-->
+
<center>{{#ev:youtube|Z-pueruvwyg}}</center>
  
 
<br>
 
<br>
Line 39: Line 39:
 
#Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
 
#Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
 
# Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
 
# Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
# Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?
+
# Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?<br><center>{{#ev:youtube|AWdOGx6o2_0}}</center>
<br><br>
+
<br>
  
 
= Security News - 7:30PM-8:30PM =
 
= Security News - 7:30PM-8:30PM =
 
+
<center>{{#ev:youtube|OrHzyLH42vE}}</center>
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
  
 
== Paul's Stories ==
 
== Paul's Stories ==

Latest revision as of 18:38, 10 July 2019

Recorded June 20, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Jack Daniel
    Works for Tenable Network Security and Co-Founder of Security BSides.
  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Lee Neely
    is the Sr Cyber Analyst at LLNL,SANS Analyst


  • Announcements

    • Register for our upcoming webcasts with ISC2 by going to securityweekly.com/webcasts . If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand. Also, you can now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!

    • Security Weekly is returning to Vegas this August for BlackHat and DefCon! If you would like to request a briefing or sponsor an interview on-site at BlackHat, please go to securityweekly.com/booking and submit your request!

    • Some of you told us that you are overwhelmed by the amount of content we distribute! To help you get selected topics you're interested in, join our new listener interest list! Sign up for a list and select your interests by visiting: securityweekly.com/subscribe and clicking the button to join the list! You can also now submit your suggestions for guests in our recently released guest suggestion form! Go to securityweekly.com/guests and enter your suggestions!

    • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a 15% discount to sit for any of their Bootcamp Courses or Workshops! Visit Securityweekly.com/hackerhalted to register now!


    Interview: AttackDefense Labs Platform - Vivek Ramachandran, Pentester Academy - 6:00-6:30PM

    Vivek Ramachandranis the Founder & CEO of Pentester Academy
    Topic: Pentester Academy, our AttackDefense Labs platform and other topics. Vivek will show a demo of their AttackDefense labs. We also have a free community security for your users to try out without requiring a subscription or credit card.

    Vivek Ramachandran has been researching Wi-Fi security for over a decade. He discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots) and others. He is the author of multiple five star rated books on Wi-Fi security which have together sold over 20,000+ copies worldwide and have been translated to multiple languages.
    Vivek’s work on wireless security (Caffe Latte attack) has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada and others. He has also spoken/trained at top conferences including BlackHat USA, Europe and Abu Dhabi, Defcon, Brucon, HITB, Hacktivity and others. Vivek is also the Founder, CEO of Pentester Academy, AttackDefense.com and Hacker Arsenal. Pentester Academy now trains thousands of customers from government agencies, Fortune 500 companies and smaller enterprises from over 90 countries.

    Links:


    Interview: Purple Teaming - Bryson Bort, Scythe - 6:30-7:00PM

    Bryson Bortis the Founder/CEO of GRIMM
    Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a boutique cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a National Security Institute Fellow and an Advisor to the Army Cyber Institute. Prior, Bryson led an elite offensive capabilities development group. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. Bryson received his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point. He holds a Master’s Degree in Telecommunications Management from the University of Maryland, a Master’s in Business Administration from the University of Florida, and completed graduate studies in Electrical Engineering and Computer Science at the University of Texas.

    Topic:

    1. Purple Teaming - What is it? Why is it important? What are the top objectives for a purple team test? Who should be involved? What types of conditions should you test? What are the goals of a purple team?
    2. Top Attack Simulation Scenarios - While there are hundreds, if not thousands, of conditions and exposures to test for in our organization, where should I start? Perhaps you have a vulnerability scanning program and have had a pen test or two in the past, but now its time to start running attack simulations against the network and systems. What are the top 5 (or 10) tests to begin with? MITRE ATT&CK is great, but there are over 200 tests, what should I focus on first? Granted, every environment is different, however it would be helpful to give folks a starting point, starting with a few basic tests for common techniques used in various scenarios, e.g. defending MS Active Directory.
    3. Testing Command & Control Channels - Attackers, at some point, must communicate across the network either to issue commands to various backdoors/malware running on your systems. What are the most common methods of communication? What are the best ways to test for this in your environment? What communication channels are the most popular? How should I prioritize the remediation? Detecting attackers is even more difficult when they use techniques and protocols that closely emulate "normal" behavior on your network. How do we emulate, and ultimately detect, this behavior accurately to test our defenses?


    Security News - 7:30PM-8:30PM

    Paul's Stories

    1. 5 Keys to Improve Your Cybersecurity
    2. Censorship vs. the memes
    3. Engineer's 'Smart Speaker Firewall' isolates Alexa devices in a snap
    4. How Not To Prevent a Cyberwar With Russia
    5. A Plan to Stop Breaches With Dead Simple Database Encryption
    6. Antivirus Evasion with Python
    7. The case against knee-jerk installation of Windows patches - Does applying patches as soon as they come out really help today? Some think not: With a few notable exceptions, in the real world, the risks of getting clobbered by a bad patch far, far outweigh the risks of getting hit with a just-patched exploit. Many security “experts” huff and puff at that assertion. The poohbahs preach Automatic Update for the unwashed masses, while frequently exempting themselves from the edict.
    8. Hacker conference speaker axed over abortion views - Jennifer's comments are very interesting: Jennifer Granick, legal counsel for the American Civil Liberties Union, asked what other views would disqualify someone from speaking at the conference. In a tweet, she asked: "Should Black Hat now ask potential speakers for their views on abortion, or is it fine so long as we don't know?" Two sides: 1) Are speakers political views criteria for being accepted to speak or not? 2) In this case its not only the person's views but a documented track record of voting against Women's rights, therefore justifiable to be asked not to speak at a conference? Also, Jennifer is questioning the access to the information, so as long as we don't share or publicize our views, thats okay and you can speak regardless of your views?
    9. The Backdoor in your Living Room - Apparently, the code is bad: For the Tizen OS, Amihai Neiderman recently defined that: “It may be the worst code I’ve ever seen,” “Everything you can do wrong there, they do it. You can see that nobody with any understanding of security looked at this code or wrote it. It’s like taking an undergraduate and letting him program your software.” Uhm, so our new developer is 15 and doing just fine.
    10. Designers built an AI penis detector to protest Googles prudish doodles
    11. Warning Issued For Apple's 1.4 Billion iPad And iPhone Users
    12. Massive Blackout Leaves Most of Argentina, Uruguay Without Power
    13. How To Test Drive 200+ Linux Distributions Without Ever Downloading Or Installing Them

    Jeff's Stories

    1. Data breach forces medical debt collector AMCA to file for bankruptcy protection
    2. U.S. Customs and Border Protection Data Breach Result of Supply Chain Attack
    3. A Method for Establishing Liability for Data Breaches Make 'em pay!
    4. Personal data of 2.7 million people leaked from Desjardins That's like, the entire population of Canada

    Doug's Stories

    1. https://www.zdnet.com/article/mozilla-patches-firefox-zero-day-abused-in-the-wild/
    2. https://www.washingtonpost.com/business/2019/06/20/florida-city-will-pay-hackers-get-its-computer-systems-back/?utm_term=.44f823c01712

    Lee's Stories

    1. Phishing scam hacks 2FA Phishing email sends user to fake site, which passes username, password and one-time-token to real site.
    2. XSS Flaw exposes Google employees to attack. Flaw in Google site can be used to attack existing users of system.
    3. US-CERT AA19-168A: Microsoft OS BlueKeep Vulnerability Alert CUSA issues guidance regarding BlueKeep for Windows 2000, Vista, 7, 2003, 2003R2, 2008 & 2008R2.
    4. Google researcher finds weakness in MS SymCrypt Library used for Symmetric encryption on Windows 8 and beyond, flaw results in infinite loop/reboot, trigger able by benign looking X.509 certificate.
    5. Exim worm spreading through Azure Prevent worm spread by updating Exim service to 4.92 on linux.
    6. US Hacks Russian Grid Very difficult to verify as details classified. US Cyber Command reportedly using new powers to establish foothold on Russian Power Grid.
    7. Researcher scrapes 7 million Venmo transactions Make sure your Venmo account is set to private.
    8. A Duie Pyle goes Extra Mile after Ransomware A Duie Pyle went above and beyond to communicate status after Ransomware incident. Failed back to taking orders over the phone.