Difference between revisions of "PSWEpisode639"

From Paul's Security Weekly
Jump to: navigation, search
m (Lee's Stories)
(Interview: - 6:00-6:45PM)
Line 22: Line 22:
  
  
= Interview: - 6:00-6:45PM =
+
= Interview: O'Shea Bowens, Null Hat Security - 6:00-6:45PM =
<!-- [[File:KatelynBowden.jpg|right|250px|thumb|<center>'''[https://twitter.com/badassbowden Katelyn Bowden]'''is the CEO of [https://badassarmy.org/ BADASS Army]</center>]] -->
+
[[File:OSheaBowens.jpg|right|250px|thumb|<center>'''[https://twitter.com/sirmudbl00d O'Shea Bowens]'''is the CEO of [https://nullhatsecurity.org/ Null Hat Security]</center>]] O'Shea Bowens is a cyber security enthusiast with a decade of experience. He is the founder of Null Hat Security, which focuses in the areas of incident response, threat hunting, SOC operations and cloud security. Null Hat Security also address workforce issues with skills and gap assessments via cyber security training. He is also the SOC manager for Toast Inc. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast and the founder of SkiCon Conference, advisor to SANS Blue Team Summit and advisor to Layer8 Conference.<br><br>'''Segment Topic:'''<br>Living in Blue Team Land and Skicon<br><br>'''Segment Description:'''<br>I'd like to discuss why I think blue teaming is as essential now as our red brothers. Mistakenly calling out APT's. A new type of security conference I've created, SKICON. If there is time, diversity in cyber.<br><br>'''Segment Resources:'''<br>
 +
* https://www.skiconne.org
 +
* https://www.nullhatsecurity.org
  
 
<br>
 
<br>

Revision as of 21:07, 11 February 2020

Recorded February 13, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Larry Pesce
    Senior Managing Consultant and Director of Research at InGuardians, SANS Instructor.
  • Lee Neely
    is a Sr. Cyber Analyst at LLNL,SANS Analyst, SANS NewsBites Editor


  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: O'Shea Bowens, Null Hat Security - 6:00-6:45PM

    O'Shea Bowens is a cyber security enthusiast with a decade of experience. He is the founder of Null Hat Security, which focuses in the areas of incident response, threat hunting, SOC operations and cloud security. Null Hat Security also address workforce issues with skills and gap assessments via cyber security training. He is also the SOC manager for Toast Inc. O'Shea is also the co-founder of "Intrusion Diversity System", a bi-monthly hosted cyber security podcast and the founder of SkiCon Conference, advisor to SANS Blue Team Summit and advisor to Layer8 Conference.

    Segment Topic:
    Living in Blue Team Land and Skicon

    Segment Description:
    I'd like to discuss why I think blue teaming is as essential now as our red brothers. Mistakenly calling out APT's. A new type of security conference I've created, SKICON. If there is time, diversity in cyber.

    Segment Resources:


    Tech Segment: John Loucaides, Eclypsium - 6:45PM-7:30PM

    John Loucaidesis the VP of Research & Development at Eclypsium.
    John Loucaides is VP of Research & Development at Eclypsium, the industry's leading firmware protection platform. John has extensive history in hardware and firmware threats from experience at Intel and the United States government. At Intel he served as the Director of Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government. John has presented and provided training on the topic of firmware security many times at venues including DEFCON, CanSecWest, Recon, UEFI Forum and Ruxcon.

    Segment Topic:
    Hacking Firmware: The Unprotected Attack Surface of the Enterprise

    Segment Description:
    Hackers are using firmware implants and backdoors to compromise enterprise security with attacks that are stealthy and persistent. It’s time for information security specialists to learn how to attack and defend enterprise infrastructure. John will provide a preview of his upcoming presentation at InfoSec World where he will demonstrate attacks on firmware that are invisible to traditional security platforms, and show how to detect and defend against them.

    Segment Resources:
    Two reports John will reference in podcast:


    Security News - 7:30-8:30PM

    Paul's Stories

    1. ASSET Research Group: SweynTooth - SweynTooth captures a family of 12 vulnerabilities (more under non-disclosure) across different BLE software development kits (SDKs) of six major system-on-a-chip (SoC) vendors. The vulnerabilities expose flaws in specific BLE SoC implementations that allow an attacker in radio range to trigger deadlocks, crashes and buffer overflows or completely bypass security depending on the circumstances.
    2. Misconfigured Docker Registries Expose Thousands of Repositories - “With all the source code and historical tags, malicious actors can design tailored exploits to compromise the systems. If the push operation is allowed, benign application images may be replaced with images with backdoors. These registries may also be used for hosting malware. If the delete operation is allowed, hackers could encrypt or delete the images and ask for ransom,” they note in a blog post. but as of tonight, only 940, at least one person got the memo. But there are probably more in other hosted providers.
    3. top-ten-password-cracking-techniques-used-hackers
    4. Mac malware reportedly grew faster than Windows malware in 2019 - Mac threats increased by more than 400% in 2019, with 11 threats per Mac endpoint compared to 5.8 threats per Windows endpoint.
    5. Forgotten motherboard driver turns out to be perfect for slipping Windows ransomware past antivirus checks - criminals have used the Gigabyte driver as a wedge so they could load a second, unsigned driver into Windows. This second driver then goes to great lengths to kill processes and files belonging to endpoint security products, bypassing tamper protection, to enable the ransomware to attack without interference.
    6. Dell SupportAssist flaw exposes computers to hack, patch it asap!
    7. Jail Software Left Inmate Data Exposed Online - The storage bucket containing JailCore’s data was seemingly completely unsecured, and could be accessed by anyone who stumbled across its URL. After the research team contacted the company responsible for the software on January 5, the issue was finally resolved on January 15 and the S3 bucket now appears to be properly secured.
    8. Why Ransomware Will Soon Target the Cloud - This is a valid point: Third, the cloud offers an attractive aggregation point that allows attackers to access a much larger population of victims. Encrypting a single physical Amazon Web Server could lock up data for dozens of companies that have rented space on that server.
    9. Hackers could shut down satellites or turn them into weapons
    10. Emotet Evolves With new Wi-Fi Spreader - Binary Defense
    11. CIA Secretly Owned Global Encryption Provider, Built Backdoors, Spied On 100+ Foreign Governments: Report

    Larry's Stories

    Lee's Stories

    1. The war against space hackers: how the JPL works to secure its missions from nation-state adversaries


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+