Difference between revisions of "Psw673"

From Security Weekly Wiki
Jump to navigationJump to search
 
(23 intermediate revisions by the same user not shown)
Line 10: Line 10:
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
-->
 
-->
= 1. Sven Morgenroth, Netsparker - 06:00 PM-06:45 PM  =
+
= 1. Abusing JWT (JSON Web Tokens) - 06:00 PM-06:45 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
  
 +
<center>{{#ev:youtube|wt3UixCiPfo }}</center>
  
 +
 +
=== Sponsored By ===
 +
<gallery mode="packed" widths=150px heights=150px>
 +
Image:ns-logo-transparent_bw-1.png
 +
</gallery>
 +
<center><strong>Visit https://securityweekly.com/netsparker for more information!</strong></center>
 +
 +
 +
=== Announcements ===
 +
<ul style="margin-left: 50px;">
 +
 +
<li> <p>Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul&#8217;s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!</p></li>
 +
 +
</ul>
  
 
=== Description ===
 
=== Description ===
  
Segment Description Coming Soon! This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!
+
Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!
 +
 +
This segment is sponsored by Netsparker.
  
 +
Visit https://securityweekly.com/netsparker to learn more about them!
 +
 +
 +
Link to view Sven's slide deck: https://securityweekly.com/psw-673-json-web-token-security-sven-morgenroth-netsparker/
  
  
Line 39: Line 60:
  
 
<gallery mode="nolines" widths=175px heights=175px>
 
<gallery mode="nolines" widths=175px heights=175px>
 +
 +
Image:Doug_White-0.png|<center>[https://twitter.com/@dougwhitephd Doug White]  - Professor at Roger Williams University</center>
 +
 +
Image:Lee_Neely-0.jpg|<center>[https://twitter.com/@lelandneely Lee Neely]  - Senior Cyber Analyst  at Lawrence Livermore National Laboratory</center>
  
 
Image:Paul_Asadoorian-0.png|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>
 
Image:Paul_Asadoorian-0.png|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>
 +
 +
Image:Tyler_Robinson-0.png|<center>[https://twitter.com/@tyler_robinson Tyler Robinson]  - Managing Director of Network Operations at Nisos, Inc</center>
  
 
</gallery>
 
</gallery>
  
= 2. Dan DeCloss, Plextrac - 07:00 PM  =
+
= 2. Proactive Security Using Runbooks - 07:00 PM-07:45 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
  
 +
<center>{{#ev:youtube|E-KlVjPEMo4 }}</center>
 +
 +
 +
=== Sponsored By ===
 +
<gallery mode="packed" widths=150px heights=150px>
 +
Image:Plextrac2020Logo-2.jpg
 +
</gallery>
 +
<center><strong>Visit https://securityweekly.com/plextrac for more information!</strong></center>
 +
 +
 +
=== Announcements ===
 +
<ul style="margin-left: 50px;">
  
 +
<li> <p>Join Amit Bareket, Co-founder &amp; <span class="caps">CEO</span> of Perimeter 81 &amp; Paul Asadoorian for a technical deep-dive into the problems inherent in legacy <span class="caps">VPN</span> technology. Together they will explore solutions for the modern workforce &amp; how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81</p></li>
 +
 +
</ul>
  
 
=== Description ===
 
=== Description ===
  
 +
Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.
 +
 +
This segment is sponsored by PlexTrac.
 +
 +
Visit https://securityweekly.com/plextrac to learn more about them!
 +
 +
 +
 +
 +
==Guest(s)==
 +
 +
 +
===Dan DeCloss===
 +
<gallery mode="nolines" widths=175px heights=175px>
 +
 +
Image:DanDeCloss2-0.png|'''[https://twitter.com/@wh33lhouse Dan DeCloss]''' is President / CEO at PlexTrac<br>
 +
 +
</gallery>
 +
Dan DeCloss is the Founder and CEO of PlexTrac and has over 15 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies including serving as a Principal Consultant for Veracode on the penetration testing team. Dan's background is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.<br>
  
  
Line 58: Line 119:
  
 
<gallery mode="nolines" widths=175px heights=175px>
 
<gallery mode="nolines" widths=175px heights=175px>
 +
 +
Image:Doug_White-0.png|<center>[https://twitter.com/@dougwhitephd Doug White]  - Professor at Roger Williams University</center>
 +
 +
Image:Joff_Thyer-0.jpg|<center>[https://twitter.com/@joff_thyer Joff Thyer]  - Security Analyst at Black Hills Information Security</center>
 +
 +
Image:Lee_Neely-0.jpg|<center>[https://twitter.com/@lelandneely Lee Neely]  - Senior Cyber Analyst  at Lawrence Livermore National Laboratory</center>
  
 
Image:Paul_Asadoorian-0.png|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>
 
Image:Paul_Asadoorian-0.png|<center>[https://twitter.com/@securityweekly Paul Asadoorian]  - Founder & CTO at Security Weekly</center>
 +
 +
Image:Tyler_Robinson-0.png|<center>[https://twitter.com/@tyler_robinson Tyler Robinson]  - Managing Director of Network Operations at Nisos, Inc</center>
  
 
</gallery>
 
</gallery>
  
= 3. Security News - 08:00 PM-09:30 PM  =
+
= 3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - 08:00 PM-09:30 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
  
 +
<center>{{#ev:youtube|97F4l_oEoBg }}</center>
 +
 +
 +
 +
=== Announcements ===
 +
<ul style="margin-left: 50px;">
 +
 +
<li> <p>Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam &amp; Andrea when we have upcoming webcasts &amp; technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could &#8220;hang&#8221; out with the Security Weekly crew &amp; community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe</p></li>
 +
 +
<li> <p>In our upcoming webcasts &amp; technical trainings, you will learn why you should stop trying to discover &amp; classify data, how to thwart attackers using deception &amp; how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!</p></li>
  
 +
</ul>
  
 
=== Description ===
 
=== Description ===
  
Segment Description Coming Soon!
+
In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!
 +
 
  
  
Line 78: Line 159:
 
==Hosts==
 
==Hosts==
  
 +
 +
==[https://twitter.com/@dougwhitephd Doug White]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Doug_White-0.png
 +
</gallery>
 +
{{Template:PSW673NewsDougWhite}}
 +
 +
==[https://twitter.com/@joff_thyer Joff Thyer]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Joff_Thyer-0.jpg
 +
</gallery>
 +
{{Template:PSW673NewsJoffThyer}}
 +
 +
==[https://twitter.com/@lelandneely Lee Neely]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Lee_Neely-0.jpg
 +
</gallery>
 +
{{Template:PSW673NewsLeeNeely}}
  
 
==[https://twitter.com/@securityweekly Paul Asadoorian]'s Content: ==
 
==[https://twitter.com/@securityweekly Paul Asadoorian]'s Content: ==
Line 84: Line 183:
 
</gallery>
 
</gallery>
 
{{Template:PSW673NewsPaulAsadoorian}}
 
{{Template:PSW673NewsPaulAsadoorian}}
 +
 +
==[https://twitter.com/@tyler_robinson Tyler Robinson]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:Tyler_Robinson-0.png
 +
</gallery>
 +
{{Template:PSW673NewsTylerRobinson}}

Latest revision as of 06:08, 6 November 2020

Paul's Security Weekly Episode #673 - November 05, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Abusing JWT (JSON Web Tokens) - 06:00 PM-06:45 PM


Visit https://securityweekly.com/netsparker for more information!


Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Description

Learn how JWTs are implemented, both the correct way and the insecure way. Spoiler alert, most implement them insecurely. Sven will also show you some of the common attacks against JWTs, for use in your next penetration test, bug bounty, or conversation with your developers!

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!


Link to view Sven's slide deck: https://securityweekly.com/psw-673-json-web-token-security-sven-morgenroth-netsparker/


Guest(s)

Sven Morgenroth

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome's XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.


Hosts

2. Proactive Security Using Runbooks - 07:00 PM-07:45 PM


Visit https://securityweekly.com/plextrac for more information!


Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

Description

Runbooks can be a game changer when it comes to executing proactive security assessments and tabletop exercises. This segment will highlight how to use runbooks to enhance your proactive security assessment program and highlight their different use cases.

This segment is sponsored by PlexTrac.

Visit https://securityweekly.com/plextrac to learn more about them!



Guest(s)

Dan DeCloss

Dan DeCloss is the Founder and CEO of PlexTrac and has over 15 years of experience in Cybersecurity. Dan started his career in the Department of Defense and then moved on to consulting where he worked for various companies including serving as a Principal Consultant for Veracode on the penetration testing team. Dan's background is in application security and penetration testing, involving hacking networks, websites, and mobile applications for clients. He has also served as a Principal Security Engineer for the Mayo Clinic and a Sr. Security Advisor for Anthem. Prior to PlexTrac, Dan was the Director of Cybersecurity for Scentsy where he and his team built the security program out of its infancy into a best-in-class program. Dan has a master’s degree in Computer Science from the Naval Postgraduate School with an emphasis in Information Security. Additionally, Dan holds the OSCP and CISSP certifications. Dan has a passion for helping everyone understand cybersecurity at a practical level, ensuring that there is a good understanding of how to reduce their overall risk.


Hosts

3. Multiple iOS 0-Days, Intel Malware Defense, & Windows 0-Day Under Attack - 08:00 PM-09:30 PM


Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

In the Security News, Deception Technology: No Longer Only A Fortune 2000 Solution, Windows 10 zero-day could allow hackers to seize control of your computer, A Nameless Hiker and the Case the Internet Can't Crack, New Chrome Zero-Day Under Active Attacks, PornHub Has Been Blocked In Thailand, 3 actively exploited zero days on iOS, and Someone Just Emptied Out a $1 Billion Bitcoin Wallet!



Hosts

Doug White's Content:

Articles

Joff Thyer's Content:

Articles

  1. Intel Malware Defenses Directly on Chip
  2. Protecting against Pwned Passwords in Your AD

Lee Neely's Content:

Articles

  1. Infamous Hacking Network Shut Down by Microsoft Resurfaces in Time for US Presidential Election The infamous "TrickBot" hacking network taken down by Microsoft last month has reemerged just in time for the U.S. presidential election.
  2. Google Reveals a New Windows Zero-Day Bug It Says Is Under Active Attack CVE-2020-17087, exploited by attackers to elevate their level of user access in Windows, leveraging Google Chrome vulnerability (CVE-2020-15999). MS fix will be released November 10th.
  3. US Cyber Command Exposes New Russian Malware Six of the eight samples uploaded by CNMF to its VirusTotal account are for "Turla" group's ComRAT malware, and the other two samples are for APT28's Zebrocy malware.
  4. Hackers Stole Credit Card Data from JM Bullion Online Bullion Dealer Attack stole PII/card data. Data offered for sale on Dark Web. Customers need to secure their credit.
  5. REvil Ransomware Gang Claims over $100 Million Profit in a Year They assert they have netted more than $100 million USD from their ransomware campaigns and strive to make at least $2 billion USD from their ransomware service by adopting the most profitable approaches of infecting targeted organizations' systems, including ransomware as a service, and payments for exfiltrated data.
  6. About the security content of iOS 14.2 and iPadOS 14.2 Apple drops iOS & iPadOS 14.2, multiple CVEs addressed. Also Catalina 10.15.7, tvOS 14.2, watchOS 7.1
  7. Someone Just Emptied Out a $1 Billion Bitcoin Wallet leaving just $1.38 USD in the account. Alon Gal had been watching this wallet since 2015 and suspects the outgoing transaction was conducted by the original owner of the wallet or by someone who was able to crack the password.
  8. Apple fixes three iOS zero-days exploited in the wild iOS & iPadOS 14.2 address these exploits.

Paul Asadoorian's Content:

Articles

  1. WordPress Pushes Out Multiple Flawed Security Updates
  2. Ryuk ransomware behind one third of all ransomware attacks in 2020 - Help Net Security
  3. 6 Cybersecurity Lessons From 2020
  4. Changing Cybersecurity Culture
  5. Games in Microsoft Store Can Be Abused for Privilege Escalation on Windows | SecurityWeek.Com
  6. What Keyboard Trackers Are For - Latest Hacking News
  7. Deception Technology: No Longer Only A Fortune 2000 Solution
  8. Git LFS vulnerability allows attackers to compromise targets' Windows systems (CVE-2020-27955) - Help Net Security
  9. Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
  10. California Proposition 24 Passes - Schneier on Security
  11. GitHub denies getting hacked | ZDNet
  12. Hackers are exploiting unpatched VoIP flaws to compromise business accounts | ZDNet
  13. Customers Are Demanding Privacy
  14. Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file
  15. Pornhub Has Been Blocked In Thailand, And People Arent Happy
  16. One Clear Message From Voters This Election? More Privacy
  17. Russian authorities make rare arrest of malware author | ZDNet
  18. Massachusetts voters pass a right-to-repair measure, giving them unprecedented access to their car data TechCrunch
  19. Back to Basics: Make Cocktails Normal Again - The Bulwark
  20. Google to GitHub: Time's up this unfixed 'high-severity' security bug affects developers | ZDNet
  21. New Chrome Zero-Day Under Active Attacks Update Your Browser
  22. Mark Cuban: The World's First Trillionaire Is Learning This Skill and Discovering How to Use It in Now Unimaginable Ways
  23. Windows 10 zero-day could allow hackers to seize control of your computer
  24. A Nameless Hiker and the Case the Internet Cant Crack
  25. Hacker group uses Solaris zero-day to breach corporate networks | ZDNet
  26. Google patches second Chrome zero-day in two weeks | ZDNet

Tyler Robinson's Content:

Articles

  1. 3 actively exploited 0-days on Apple iOS, so patch now/soon! Apple has patched iOS against three zero-day vulnerabilities that attackers were actively exploiting in the wild. The attacks were discovered by Google’s Project Zero vulnerability research group, which over the past few weeks has detected four other zero-day exploits—three against Chrome and a third against Windows. The security flaws affect iPhone 6s and later, seventh-generation iPod touches, iPad Air 2s and later, and iPad mini 4s and later. The flaws are: CVE-2020-27930, a code-execution vulnerability that attackers can trigger using maliciously crafted fonts CVE-2020-27950, which allows a malicious app to obtain the locations in kernel memory, and CVE-2020-27932, a bug that allows code to run with highly privileged system rights. Apple has fixed the zero-days and other vulnerabilities with the release of iOS 14.2 earlier. Project Zero leader Ben Hawkes provided his own bare-bones disclosure here.
  2. 3-actively-exploited-0days-found-by-google
  3. hackers-are-on-the-hunt-for-oracle-servers-vulnerable-to-potent-exploit
  4. Vladimir Marugov murder: Russian 'Sausage King' killed in sauna with a crossbow
  5. billions-stolen-credentials-defunct-breach-index-site-leaked-online
  6. fireeye-releases-threatpursuit-a-windows-vm-for-threat-intel-analysts