Difference between revisions of "PSWEpisode631"

From Paul's Security Weekly
Jump to: navigation, search
(Segment 1: Blue Team Tactics and Techniques)
(Segment 2: The State of Penetration Testing)
Line 58: Line 58:
 
= Segment 2: '''The State of Penetration Testing''' =
 
= Segment 2: '''The State of Penetration Testing''' =
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 
<!-- <center>{{#ev:youtube|iPHM80z9D9k}}</center>-->
 +
== Introduction ==
 +
 +
Welcome to the state of penetration testing round table discussion. A quick reminder for our audience to join our mailing list and receive notifications about upcoming webcasts, virtual training, and events where Security Weekly will be distributing awesome swag. Visit securityweekly.com/subscribe to join today!
  
 
== Description ==
 
== Description ==

Revision as of 17:01, 13 December 2019

Recorded December 19, 2019 at G-Unit Studios in Rhode Island!

Introduction

In this episode, we kick things off with the Blue Team round table and discuss defensive techniques that actually work, and ones that don't. Then we will switch teams and transition to the state of penetration testing round table where we'll discuss the evolution of penetration testing and how to get the most value from the different types of assessments. In our final segment, we welcome back long-time friend of the show Ed Skoudis to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly and one of the community's favorite hacking challenges. Stay tuned for all that and more on the episode of Paul's Security Weekly.

Episode Audio

Segment 1: Blue Team Tactics and Techniques

Announcements

Welcome to Paul's Security Weekly Blue Team Tactics and Techniques. First, a quick reminder for our audience to join the Security Weekly mailing list and subscribe to all of the shows on the network. You can do that by visiting securityweekly.com/subscribe. And now please adorn your blue team attire as the hosts and our special guests discuss how to best defend your organization from attacks, in the cybers, er, from cyber-attacks, maybe cyber security attacks, evil attackers? Something like that...

Description

It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions:

  1. How do you prioritize your defensive efforts?
  2. How do you best detect attacks?
  3. How do you best protect against attacks?
  4. We always say "patch your stuff" but how often should you patch? Which systems should you patch?
  5. What techniques work best to defend against email phishing?
  6. How do you provide a "good enough" level of security for your Active Directory?
  7. What are the fundamentals of defense? How do they differ per environment and organization?
  8. How do you get management to buy-in to your security plans and spending?

Guests

  • Bill Swearingen
  • Trent Lo
  • Ron Gula
    is the President at Gula Tech Adventures.
    Ron is President at Gula Tech Adventures which focuses on cyber technology, strategy and policy. Since 2017, GTA has invested in dozens of cyber start-ups and supported multiple cyber funds. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation's first cyber exercises. Ron is involved in a variety of cyber nonprofits and think tanks including Defending Digital Campaigns, the Cyber Moonshot, the National Security Institute and the Wilson Center.


  • Jim Nitterauer
  • Jason Nester
  • Michael Gough
  • Chris Kubecka

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor

  • Resources




    Segment 2: The State of Penetration Testing

    Introduction

    Welcome to the state of penetration testing round table discussion. A quick reminder for our audience to join our mailing list and receive notifications about upcoming webcasts, virtual training, and events where Security Weekly will be distributing awesome swag. Visit securityweekly.com/subscribe to join today!

    Description

    Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well.

    • What has changed in the past year with regards to penetration testing?
    • What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs?
    • How has the increased popularity of breach and attack simulation tools impacted penetration testing?
    • Has the MITRE attack framework impacted penetration testing? If so, how?
    • Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less?
    • With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test?
    • Will the attack surface begin to shift as email phishing defenses get better? Or, will all organizations still have exposures due to email phishing and users trusting an email/link/attachment?

    Guests

    • Dave Kennedy
      is the Founder/CEO of TrustedSec and Binary Defense.
      David Kennedy is founder of Binary Defense and TrustedSec. Both organizations focus on the betterment of the security industry. David also serves as a board of director for the ISC2 organization. David was the former CSO for a Diebold Incorporated where he ran the entire INFOSEC program. David is a co-author of the book "Metasploit: The Penetration Testers Guide", the creator of the Social-Engineer Toolkit (SET), Artillery, and several popular open source tools. David has been interviewed by several news organizations including CNN, Fox News, MSNBC, CNBC, Katie Couric, and BBC World News. David is the co-host of the social-engineer podcast and on several additional podcasts. David has testified in front of Congress on two occasions on the security around government websites. David is one of the founding authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. David is the co-founder of DerbyCon, a large-scale conference in Louisville, Kentucky. Prior to the private sector, David worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions.


    • Chris Hadnagy
    • Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security.
    • Tom Liston


    Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Tyler Robinson
    Managing Director of Network Operations at Nisos, Inc .
  • Resources




    Segment 3 : Holiday Hack Challenge

    Description

    Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge!

    Guests

    Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).


    Hosts

  • Jeff Man
    Cryptanalyst,
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Joff Thyer
    SANS Instructor, penetration tester, and Security Researcher at Black Hills Information Security.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Resources

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+