Recorded December 19, 2019 at G-Unit Studios in Rhode Island!
- 1 Introduction
- 2 Segment 1: Blue Team Tactics and Techniques
- 3 Segment 2: The State of Penetration Testing
- 4 Segment 3 : Holiday Hack Challenge
In this episode, we kick things off with the Blue Team round table and discuss defensive techniques that actually work, and ones that don't. Then we will switch teams and transition to the state of penetration testing round table where we'll discuss the evolution of penetration testing and how to get the most value from the different types of assessments. In our final segment, we welcome back long-time friend of the show Ed Skoudis to discuss this year's Counterhack Holiday Hack Challenge, a holiday tradition here at Security Weekly and one of the community's favorite hacking challenges. Stay tuned for all that and more on the episode of Paul's Security Weekly.
Segment 1: Blue Team Tactics and Techniques
It's often said that attackers need only to get it right once, where defenders have to be right all of the time. Those of us who have worked in a security role as a defender know we don't always get it right, in fact, there are often many exposures in our defenses. This segment will aim to help defenders learn tactics and techniques that are effective and try to answer some of the following questions:
- How do you prioritize your defensive efforts?
- How do you best detect attacks?
- How do you best protect against attacks?
- We always say "patch your stuff" but how often should you patch? Which systems should you patch?
- What techniques work best to defend against email phishing?
- How do you provide a "good enough" level of security for your Active Directory?
- What are the fundamentals of defense? How do they differ per environment and organization?
- How do you get management to buy-in to your security plans and spending?
- Bill Swearingen
- Trent Lo
- Jim Nitterauer
- Jason Nester
- Michael Gough
- Chris Kubecka
Segment 2: The State of Penetration Testing
Penetration testing has evolved quite a bit in the past year. As defenses shift, and in some cases get much better, attack techniques and landscapes have changed as well.
- What has changed in the past year with regards to penetration testing?
- What is adversary simulation? What are the benefits? Is the offering and consumption of this service an indication that organizations are getting better at building effective security programs?
- How has the increased popularity of breach and attack simulation tools impacted penetration testing?
- Has the MITRE attack framework impacted penetration testing? If so, how?
- Many advanced penetration testers seem to be keeping their tools private as to avoid detection by endpoint security products. Is this happening, and if so what is the impact? Should we share more? Less?
- With so many tools available today for penetration testing, what can blue teams and internal red teams do to prep for an external penetration test?
- Will the attack surface begin to shift as email phishing defenses get better? Or, will all organizations still have exposures due to email phishing and users trusting an email/link/attachment?
- Chris Hadnagy
- Tom Liston
Segment 3 : Holiday Hack Challenge
Each year the team at Counterhack Challenges makes available the Holiday Hack Challenge. Led by Ed Skoudis, and created by some of the most talented security professionals in the industry, it is not to be missed. Tune in to hear the details, or at least some information, about this year's Holiday Hack Challenge!
Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).