Brakeing Down Security Podcast
Episodes
WISP.org donation page: https://wisporg.z2systems.com/np/clients/wisporg/donation.jsp
Mick Douglas (@bettersafetynet on Twitter)
Powercat: https://github.com/besimorhino/powercat
Netcat in a powershell environment
https://www.hackingarticles.in/powercat-a-powershell-netcat/
Defenses against powercat?
LolBins: http...
WISP.org PSA at 35m56s - 37m 19s
Agenda:
Bio/background
Why are you here (topic discussion)
What is the Linux Security Summit North America
Questions from the meeting invite:
This only affects people who want to use a custom kernel, correct? This doesn’t affect you if you are running bog-standard linux (debian, gentoo, Ubuntu) right?
What options do people have in cloud environments?
Does the use ...
Whitepaper: https://www.jsof-tech.com/ripple20/
[blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp
RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing
Agenda:
Part 1:
Background on the report
Why is it called RIPPLE20? What’s the RIPPLE about?
Communi...
Whitepaper: https://www.jsof-tech.com/ripple20/
[blog] Build your own custom TCP/IP stack: https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
Another custom TCP/IP stack: https://github.com/tass-belgium/picotcp
RIPPLE 20 Whitepaper: https://drive.google.com/file/d/1d3NNVCRPVFk0-V0HUO5CxWWVn9pYIvmF/view?usp=sharing
Agenda:
Part 1:
Background on the report
Why is it called RIPPLE20? What’s the RIPPLE about?
Commu...
1st: WISP.org PSA from Rachel Tobac (@racheltobac) & @wisporg talking about #shareTheMicInCyber
#SAML PAN-OS: https://twitter.com/RyanLNewington/status/1278074919092289537
F5 vulnerability:
https://www.wired.com/story/f5-big-ip-networking-vulnerability/
Thank you to Marcus Carey for his excellent guidance and leadership this week.
Cognizant breach: https://www.ehackingnews.com/2020/06/cognizant-reveals-employees-data.html
Maze ransomware write-up: https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
https://blog.xpnsec.com/hiding-your-dotnet-complus-etwenabled/
https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4657
https://www.blumira.com/logmira-windows-logging-policies-for-better-threat-detection/
How would we map this against the MITRE matrix?
Are there any MITRE attack types that are so similar that one attack...
James Nelson, VP of Infosec, Illumio
How has COVID-19 changed cybersecurity? Why is cyber resilience especially important now? What are the most important steps to ensure cyber-resiliency? How do you talk to business leaders about investing in cybersecurity to boost resiliency?
The best way for organizations to keep their ‘crown jewels’ secure is adopting a Zero Trust mindset. Organizations need to take advantage of adaptive securi...
Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.
What is FIDO?
“ open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple usern...
**If Derek told you about us at SANS, send a DM to @brakeSec or email bds.podcast@gmail.com for an invite to our slack**
OSCP/HtB/VulnHub is a game... designed to have a tester find a specific nugget of information to pivot or gain access to greater power on the system.
Far different in the 'real' world.
Privilege escalation in Windows:
*as of June 2020, many of these items still work, may not work completely in ...
Andrew Shikiar, executive director and CMO of the (Fast IDentity Online) FIDO Alliance.
What is FIDO?
“ open industry association launched in February 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. FIDO addresses the lack of interoperability among strong authentication devices and reduces the problems users face creating and remembering multiple user...
Masha Sedova - Founder, Elevate Security
Topic ideas from the PR company:
The secret is, security teams have installed tons of security tooling that can gi...
Masha Sedova - Founder, Elevate Security
Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this risk. But where do the vulnerabilities and strengths truly lie?
The secret is, security teams have installed tons of security tooling that can give insights into how our employees are ...
Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/)
https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
CMMC:https://info.summit7systems.com/blog/cmmc
https://www.comptia.org/certifications/project - Project+
Cameron’s Smith = www.twitter.com/secnomancer
Cybersmith.com - Up by 14 April
Layer8conference is virtual (https://layer8conference.com/layer-8-is-online-this-year/)
https://csrc.nist.gov/publications/detail/sp/800-171/rev-1/final
CMMC:https://info.summit7systems.com/blog/cmmc
https://www.comptia.org/certifications/project - Project+
Cameron’s Smith = www.twitter.com/secnomancer
Cybersmith.com - Up by 14 April
Github actions - https://github.com/features/actions
How are these written?
It looks like a marketplace format? How do they maintain code quality?
What does it take setup the actions?
It looks like IFTTT for DevOps?
What kind of integrations does it allow for? Will it handle logins or API calls for you?
Is it moderated in some way? What’s the acceptance criteria for these?
What are you trying to accomplish by using Github Actions?
...
Tanya's AppSec Course
https://www.shehackspurple.dev/server-side-request-forgery-ssrf-defenses
https://www.shehackspurple.dev
Server-side request forgery - https://portswigger.net/web-security/ssrf
What are differences between Stored XSS and SSRF?
This requires a MITM type of issue?
Doesn’t stored XSS get stored on the server?
What conditions must exist for SSRF to be possible?
What mitigations need to be in place for mitigat...
April Mardock - CISO - Seattle Public Schools
Jared Folkins - IT Engineer - Bend La Pine Schools
Nathan McNulty - Information Security Architect - Beaverton School District
OpSecEdu - https://www.opsecedu.com/
Slack
https://www.a4l.org/default.aspx
BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
https://www.k12cybersecurityconference.org/
April Mardock - CISO - Seattle Public Schools
Jared Folkins - IT Engineer - Bend La Pine Schools
Nathan McNulty - Information Security Architect - Beaverton School District
OpSecEdu - https://www.opsecedu.com/
Slack
https://www.a4l.org/default.aspx
BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)
https://www.k12cybersecurityconference.org/
https://twitter.com/AlyssaM_InfoSec/status/1159877471161839617?s=19
Looking forward to sharing my vision for ending the 60 year cycle of bad defense strategies in #infosec and my challenge to think about security in a more effective way. https://sched.co/TAqU
#DianaInitiative2019 #cdwsocial
1961 - MIT - CTSS - https://en.wikipedia.org/wiki/Compatible_Time-Sharing_System
Egg, coconut, ...
Chat About Brakeing Down Security Podcast