BrakeSec Education Podcast

Brakeing Down Security tackles the 'Deep Web' this week... yep, we talk about Tor. If you don't have a lot of experience with this or wonder how it works, we give you a little history and help you understand the traffic flow works. We even give you some advice on de-identification and things you shouldn't allow when traveling the Deep Web, like Javascript, Flash, and Java. Show Notes: https://docs.google.com/document/d/1vBI_bg_0RzF_sSNMj84xQpEZGUrxtAkB8SxZ08MzUi0/edit?usp=sharing "Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Security's the same, the world around... and is a necessity in businesses of all sizes, from the mega-corporations, all the way down to the business with 10 employees in a garage in suburbia. This week, Mr. Boettcher and I discuss security in small businesses. What is needed to make security part of the culture of a new company. We discuss some open source tools to ensure that networks are monitored properly, logs are collected, collated, and analyzed. And better yet, these are on the cheap, which is helpful for a small business on a tight budget. QR code links directly to the episode... http://www.ihotdesk.co.uk/article/801717385/Most-small-businesses-have-faced-InfoSec-breach-recently https://blog.whitehatsec.com/infosec-europe-wrapup/ http://www.infosectoday.com/Articles/DRPlanning.htm "Dirty Rhodes" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This is a quick little podcast I did without Mr. Boettcher about a Twitter discussion that occurred when Dr. Neil Degrasse Tyson mentioned that we should just make computers 'unhackable'. The first episode of the 2015 season of Brakeing Down Security is here! Tweet from Dr. Neil Degrasse Tyson https://twitter.com/neiltyson/status/551378648578916353 Rebuttal from Kevin Johnson https://twitter.com/secureideas/status/551510885441998848 0 0 1 28 162 . 1 1 189 14.0 Normal 0 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;} "Dirt Rhodes" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 http://creativecommons.org/licenses/by/3.0/

We at Brakeing Down Security world headquarters don't understand the concept of 'End of the Year' podcast, so consider this the "End-End of the Year" podcast. We talked about the order of things... whether Compliance is a detriment to Security, and who should be running who. So pull up a glass of eggnog, grabbing another cookie, and put another log on the fire, cause Brakeing Down Security is throwing out one more for the year! Happy Holidays... all of them... :)

It's a Super Deluxe sized Brakeing Down Security this week... It's something you've dreamed of forever (or not), but Jerry Bell and Andrew Kalat from Defensive Security Podcast stopped by and we made ourselves a podcast baby... Boy, was it ugly :) I'm just kidding, we had a great time discussing some news, and going over what we learned... and any good end-of-year podcast must have predictions... We also discussed Sony, caused it's huge news of the year, and talked about Target, because we love dissing PCI... ;) There might be a few bad words, so if you have small ears around, be advised... When you're done, check out the other 96 episodes of Defensive Security, and check out our 55 other episodes.. http://www.defensivesecurity.org/ Twitter handles: Andrew Kalat: https://twitter.com/lerg Jerry Bell: https://twitter.com/Maliciouslink Icon provided by DefensiveSecurity.org... I'd imagine they'd let us use it, since they were on the podcast ;) Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This week, Tyler gave us a great deal of information on where to start if you wanted to become a malware researcher. He also gave us websites where you can get malware and ways to analyze it. We asked Tyler what blue teams can do when they are infected, and he gave us some excellent advice... I also recite some prose from a classic horror author, so come for the malware, stay for the prose! :) ***NOTE: I guess now would be a good time to mention that many of the links below have unsafe software and actual malware payloads, so use with extreme caution. Especially do not download anything from these sites unless it's in a VM that is not on your companies assets.*** http://www.hopperapp.com/ - Disassemble OSA binaries http://en.wikibooks.org/wiki/X86_Disassembly/Disassemblers_and_Decompilers - other Disassemblers http://vxheaven.org/ - Virus Heaven http://www.malwaredomainlist.com/ - Find websites serving malware http://oc.gtisc.gatech.edu:8080/ - Georgia Tech malware repository Sandboxie - http://www.sandboxie.com/ KoreLogic - http://www.korelogic.com/ (lots of great tools here) http://secshoggoth.blogspot.com/ - Tyler's Blog

Tyler Hudak (@secshoggoth) came to discuss with us the process of doing analysis on malware binaries. We talk about MASTIFF, his malware framework. We also discuss how to gain information from malware program headers, and some software that is used to safely analyze it. Helpful Links: Ida Pro: https://www.hex-rays.com/products/ida/ Process Monitor - http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Mastiff White Paper: http://digital-forensics.sans.org/blog/2013/05/07/mastiff-for-auto-static-malware-analysis Mastiff latest: http://sourceforge.net/projects/mastiff/files/mastiff/0.6.0/ cuckoo sandbox: www.cuckoosandbox.org Anubis: https://anubis.iseclab.org/ PE Headers: http://en.wikipedia.org/wiki/Portable_Executable ELF: http://fr.wikipedia.org/wiki/Executable_and_Linkable_Format REMnux- reverse engineering linux distro:https://remnux.org/ Inetsim: http://www.inetsim.org/ Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Last week, we talked with Ben Donnelly about ADHD (Active Defense Harbinger Distro). But Ben isn't a one trick pony, oh no... this young punk is trying to solve fundamental problems in the business industry, in particular securing passwords. That's why he's been working with Tim Tomes (@lanmaster53)invented 'Ball and Chain', which is a large (>2TB) file that can be used to help generate passwords and entropy. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

We snagged an interview with Benjamin Donnelly, a maintainer of the Active Defense Harbinger Distribution (ADHD). version 0.60 A thoroughly enjoyable conversation with a new up-and-coming security professional. He's the future, and he is already contributing a lot of great info to the infosec industry. Part 1 is all about ADHD, next week, we discuss his talk about a project he's working on that will remove the threat of password breaches using 'Ball and Chain'. And it's all open source... ADHD ISO: http://sourceforge.net/projects/adhd/ CryptoLocked: https://bitbucket.org/Zaeyx/cryptolocked Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

My man Mr. Boettcher posted up a video on how to install OWASP's WebGoat Vulnerable web application! He walks you through WebGoat 5.4, and even gives you some tips on solving issues that he'd found. And to make it even easier, he's given you some instructions below. Hope you enjoy, especially if you've had issues setting up WebGoat in the past. Webgoat 5.4 instructions========================1. search google and download the war file (From Bryan: Here's the link -- https://code.google.com/p/webgoat/downloads/list ) 2. install tomcat sudo apt-get install tomcat73. move the war file to tomcat webapp directory sudo mv ~/Downloads/WebGoat-5.4.war /var/lib/tomcat7/webapps/WebGoat.war4. edit tomcat-users.xml by adding the content below sudo vi /var/lib/tomcat7/conf/tomcat-users.xml 5. restart tomcat sudo /etc/init.d/tomcat7 restart6. in your browser, type localhost:8080/WebGoat/attack

Active Defense... It conjures images of the lowly admin turning the tables on the evil black hat hackers, and giving them a dose of their own medicine by hacking their boxes and getting sweet, sweet revenge... But did you know that kind of 'revenge' is also rife with legal rammifications, even bordering on being illegal?? This week, Mr. Boettcher and I tackle this prickly subject, and discuss some software you can use to 'deter, prevent, and dissuade' potential bad guys... ADHD Training (courtesy of Paul's Security Weekly Podcast): http://blip.tv/securityweekly/active-defense-harbinger-distribution-release-party-7096833 Artillery - https://www.binarydefense.com/project-artillery/ DenyHosts - http://denyhosts.sourceforge.net/ Nova: http://www.sans.org/reading-room/whitepapers/detection/implementing-active-defense-systems-private-networks-34312 Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

If you think Halloween was scary, Paul Coggin gives us another reason to curl up in the fetal position as he goes explains Lawful Intercept, and Route Maps. And what's worse, your 3rd party auditors are starting to get the tools that will make you address network protocol issues. Lots of great material here below in our show notes, including some tools (free) that you can use to get yourself schooled on network protocols http://www.zdnet.com/researcher-describes-ease-to-detect-derail-and-exploit-nsas-lawful-interception-7000025073/ BGPmon - http://www.bgpmon.net/ Renesys (now Dyn Research) http://research.dyn.com/ BGP Play - http://bgplay.routeviews.org/ BGP Looking glass servers - http://www.bgp4.as/looking-glasses yersinia - http://www.yersinia.net/ Fx Twitter handle - https://twitter.com/41414141 ernw - https://www.ernw.de/ Cisco Route Maps - http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/49111-route-map-bestp.html Paul's Bsides Nashville talk - http://www.irongeek.com/i.php?page=videos/bsidesnashville2014/300-bending-and-twisting-networks-paul-coggin Huawei ENSP - http://enterprise.huawei.com/en/products/network-management/automation-tools/tools/hw-201999.htm NRL Core - http://www.nrl.navy.mil/itd/ncs/products/core NRL Mgen - http://www.nrl.navy.mil/itd/ncs/products/mgen Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

One of the talks my colleague got to see was Paul Coggin's talk about Internetworking routing and protocols. In this interview, we dicsuss some tools of the trade, how MPLS isn't secure, and why you should be doing end-to-end encryption without allowing your VPN or circuit provider to do it for you... If you have any interest in network security, including the higher order network protocols like BGP, MPLS, ATM, etc... You'll want to check out his DerbyCon talk, and our interview... Paul's Derbycon 2014 talk - http://www.irongeek.com/i.php?page=videos/derbycon4/t319-bending-and-twisting-networks-paul-coggins Hacking SNMP tips and tricks: http://securityreliks.securegossip.com/2011/04/hacking-snmp-in-a-few-simple-steps/ SNMPBlow: http://www.stoptheplague.com/?p=19 ERNW: https://www.ernw.de/research-community/index.html Fx paper on Lawful Intercept: http://phenoelit.org/stuff/CSLI.pdf Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

In an effort to educate ourselves for an upcoming interview, we sat down and talked about SNMP (Simple Network Management Protocol). We get into the basics, the ins and outs of the protocol, the different tools that use (or exploit) SNMP, and we talk about how to better secure your SNMP implementation. YOu should listen to this, because next week's interview will knock your socks off. :) Finally, We end with a DerbyCon interview Mr. Boettcher snagged with our friend Mr. Kevin Johnson about how we need to regulate ourselves with regard to a code of ethics, before someone regulates us... When one 'white hat' can run code on a server he/she doesn't control (unpatched Shellshock) and thinks it's okay, where do we draw the line from what is right, and what violates the CFAA? Mr. Johnson looks for an answer with our Mr. Boettcher. Wikipedia SNMP article:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol SNMP Primer: http://www.tcpipguide.com/free/t_SNMPProtocolOverviewHistoryandGeneralConcepts.htm SNMP OIDS and MIBS: http://kb.paessler.com/en/topic/653-how-do-snmp-mibs-and-oids-work SNMP vulnserabilities - http://packetstormsecurity.com/search/?q=snmp SNMP Primer (IBM):http://pic.dhe.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=%2Fcom.ibm.ztpf-ztpfdf.doc_put.cur%2Fgtpc1%2Fpdus.html SNMP amplification attacks: http://www.pcworld.com/article/2159060/ddos-attacks-using-snmp-amplification-on-the-rise.html Securing SNMPv3: http://www.sans.org/reading-room/whitepapers/networkdevs/securing-snmp-net-snmp-snmpv3-1051 Kevin Johnson/James Jardine DerbyCon Talk: http://www.irongeek.com/i.php?page=videos/derbycon4/t308-ethical-control-ethics-and-privacy-in-a-target-rich-environment-kevin-johnson-and-james-jardine Image courtesy of Wikipedia.de Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Tcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host all that much easier. This podcast is to help you understand the Tcpdump program, and how powerful it is... http://danielmiessler.com/study/tcpdump/ http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/ http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/ http://www.amazon.com/TCP-Illustrated-Vol-Addison-Wesley-Professional/dp/0201633469 http://www.computerhope.com/unix/tcpdump.htm http://www.commandlinefu.com/commands/using/tcpdump -- excellent examples http://www.amazon.com/Practical-Packet-Analysis-Wireshark-Real-World/dp/1593272669/ Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Part 2 of our interview with Jarrod Frates (FRAY-tes). We ask him about the value that a pentest can create, the way that that 'perfect' pentest can change culture and help create dialogue. Also, we talk about how to take your automated testing info and then shift gears to manual testing... when to stop doing automated testing, and do the manual testing. Hope you enjoy, have a great week! Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

We went a little off the beaten path this week. I wanted to talk to Mr. Boettcher about his experience at DerbyCon, and we ended up having another friend of ours who also attended DerbyCon, Jarrod Frates, join us for a bit of discussion. We discussed several talks, and even spent a little bit of time talking about ShellShock and it's larger implications for those programs that are ubiquitous, yet are not being audited, like bash. (The llama graphic will make more sense next week...) :) http://www.irongeek.com/i.php?page=videos/derbycon4/t109-et-tu-kerberos-christopher-campbellhttp://www.irongeek.com/i.php?page=videos/derbycon4/t217-hacking-mainframes-vulnerabilities-in-applications-exposed-over-tn3270-dominic-whitehttp://www.irongeek.com/i.php?page=videos/derbycon4/t210-around-the-world-in-80-cons-jayson-e-streethttp://www.irongeek.com/i.php?page=videos/derbycon4/t216-once-upon-a-time-infosec-history-101-jack-danielhttp://askubuntu.com/questions/529511/explanation-of-the-command-to-check-shellshock Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

We finished up our odyssey with Marcus J. Carey this week. We picked his brain about how he feel about China, the coming cyberwar, and what kinds of tools he uses in his toolbox (hint: he doesn't use Kali). We also talk a bit about the entitlement of people, and what makes folks in poorer countries turn to hacking. We really enjoyed hearing his take on certifications and education. He's a Ruby nut, but suggests that people learn Python. He also talks about how he teaches people about security. The little everyday things that show you do security. A thought provoking interview that will definitely inspire you to pour yourself into a Python book, or to grab a Raspberry Pi and start learning. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This month, I wanted to go over a piece of software that seems to give a lot of people problems. In business, there is always a need for sending secure communications, whether because a client asked for it, or because sending sensitive information unencrypted could result in loss of profit, competitve edge, reputation, or all of the above. This month's tutorial is on setting up PGP or GPG to be able to be more secure when sending emails. I show you commands that allow you to create public/private key pairs, and also discuss the software to be used on either Windows, Linux, and Mac OS.I mentioned signing and encrypting email attachments, and also explain that your headers are still unencrypted, so email metadata tracking is still possible. Brakeing Security Podcast on PGP/GPG: http://brakeingsecurity.com/pgp-and-gpg-protect-your-data Windows GPG solution: http://www.gpg4win.org Mac GPG solution: https://gpgtools.org/ Kali/Linux RNG daemon instructions: 1. apt-get install rngd 2. rngd -r /dev/urandom (should make PGP creation on Kali much faster)

Marcus J. Carey, a security research and software developer came on to talk to us about FireDrill.me, a tool used to help people work out their Incident Response muscles. He is also the creator of threatagent.com. Marcus is well known in Security circles, and after we talked to him about FireDrill and ThreatAgent, we got his opinion of other subjects that interested us in the Infosec industry. Marcus is a man of his own mind, and he certainly did not disappoint. Hope you enjoy Part 1 of our conversation with him. We also asked him about the celebrity that many in the industry face, and how it should be handled by people in the industry. HoneyDocs - http://www.pcworld.com/article/2048881/honeydocs-lays-irresistible-bait-for-hackers.html Malcolm Gladwell - http://en.wikipedia.org/wiki/Malcolm_Gladwell http://www.firedrill.me http://www.threatagent.com Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

While I'm stuck at work, Mr. Boettcher went to the Austin Hackformers and snagged an interview with Mr. Ed Skoudis, of InGuardians and of the SANS Institute, a top flight training academy. He is to be one of the keynote speakers at DerbyCon this year. He gives us a peek about his keynote, and Mr. Boettcher asks his thoughts on the industry as a whole, SCADA security, Mr. Skoudis' opinion on Infosec as a whole. Hackformers Austin: http://www.hackformers.org/ Ed Skoudis bio: http://www.sans.org/instructors/ed-skoudis Bad Guys are Winning - Part 1: link Bad Guys are Winning - Part 2: link Bad Guys are Winning - Part 3: link Bad Guys are Winning - Part 4: link Bad Guys are Winning - Part 5: link Netwars: Cybercity - http://www.sans.org/netwars/cybercity Google Car: http://www.nbcbayarea.com/news/local/Google-to-Test-Self-Driving-Car-Without-Backup-Driver-275033691.html Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

We're back with part 2 of our discussion with Michael Gough. Not only do we discuss more about malware, but we also ask Michael's opinion on how commercialized conventions like Black Hat and Defcon have gotten, how good threat intelligence feeds are, and why there aren't more defensive talks at cons. Michael is currently slated to give a talk on logging at DerbyCon September 24th, 2014 on how logging can help to mitigate malware infections. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Brian and I managed to get an interview with Michael Gough. If you remember, Michael was on to discuss Malware infections back in February, and we decided it was time to check up on him and his newly named 'Malware Sentinel'. This is part 1, where we discuss some of the recent malware infections, and where you need to look for new file creation, and what you can be looking for in your windows logs that are excellent indicators of malware compromise. Windows logging cheat sheet - http://sniperforensicstoolkit.squarespace.com/storage/logging/Windows%20Logging%20Cheat%20Sheet%20v1.1.pdf Malware Management Framework - http://sniperforensicstoolkit.squarespace.com/malwaremanagementframework Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

I had a healthy debate with Mr. Boettcher this week about the merits of doing recon for a pentest. Mr. Boettcher is a heavy duty proponent of it, and I see it as a necessary evil, but not one that I consider important. We hash it out, and find some common ground this week. People search links: Spokeo - http://www.spokeo.com/ Pipl - https://pipl.com/ Sec Filings site: http://www.sec.gov/edgar/searchedgar/webusers.htm Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Mr. Boettcher made a thing! He created a video that highlights how to install Linux securely in a VM. His next video will be how to setup OWASP's WebGoat to test for vulnerable web apps. He noticed that documentation is a bit sparse, and often contradictory, so he wanted to help other folks who are having issues to get a proper install. You will need an Network Install ISO of Debian, and you will need either VMware Player or Workstation. His notes are below... Enjoy! Secure the Goat #1 - Goat PenCreate a directory where you will put the VM. We'll call it 'goat'.Download the Debian Network Install ISO and place it in the 'goat' directory.Create a 'share' directory inside the goat directoryPlace a (test) file in the share directoryIn VMware Worstation create a new vm using a Debian ISO and run installUpdate the sudoers file$ su - root$ update-alternatives --config editor change to vim.tiny by pressing 2 and enter$ visudo -f /etc/sudoers copy the root line and add one for goat userIn order to install vmware tools, we'll need to install these packages$ sudo apt-get install gcc linux-headers-$(uname -r) makeFor the vmware tools install to work properly, these simlinks are required$ cd /lib/modules/$(uname -r)/build/include/linux$ sudo ln -s ../generated/utsrelease.h$ sudo ln -s ../generated/autoconf.hInsert vmware tools virtual CDIn the workstation menu select vm -> install vmware tools$ tar -C /tmp/ -zxvf /media/cdrom/VMwarTools... $ sudo /tmp/VMwareTools.../vmware-install.plShow desktop icons$ gsettings set org.gnome.desktop.background show-desktop-icons truechange resolution in menu at top: applications/system tools/preferences/system settings/ then 'displays'in Workstation under vm/settings, set virtual machine shared folderremove ISO file, take snapshot

This week, we go into a proxy program called "Ratproxy", discussed it's ins and outs. Plus, Mr. Boettcher and I have a discussion about how we as infosec people should work with developers and IT professionals to provide them training and understanding of security concepts. https://code.google.com/p/ratproxy/ http://blog.secureideas.com/2012/07/how-to-setup-ratproxy-on-windows.html Ratproxy icon courtesy of honeytech and flicker Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Here is Part 2 of our video for understanding the basics of Nmap. I discuss some of the logging output, the scripts found in Nmap, and the output that Nmap gives you for reporting or comparison later. I really did want to go more into the Lua portion of the scripting engine, and perhaps make a simple script, but time constraints halted that. I hope to get more adept at video creation and hopefully editing, to make a more concise video tutorial. Nmap target specifications: http://nmap.org/book/man-target-specification.html http://nmap.org/book/nse-usage.html Explanation of all Nmap scripts: http://nmap.org/nsedoc/ nmap icon courtesy of insecure.org

This week we take some time to talk about risk management with Josh Sokol. This is part 2 from our interview with him last week... We talk some more about Simple Risk from the POV of Risk Management, as well as the licensing/modification of Simple Risk. Mr. Boettcher and Josh discuss the merits of Qualitative vs. Quantitative Risk Analysis, and which one is better... We also discuss NIST 800 series guidelines, and how he used those to excellent effect in Simple Risk. Josh also discusses OWASP, how the advocacy and outreach works and how flexible the organization is. NIST 800 Series docs - http://csrc.nist.gov/publications/PubsSPs.html Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Josh Sokol is on the International OWASP board of directors in addition to being the Information Security Program Owner at National Instruments in Austin, Texas. This week, he sat down with Brakeing Down Security to talk about Simple Risk, his homebrew application that assists people and organizations in managing their business risk, and at a much nicer cost that other GRC applications (it's free!) Check out Part 1 below. If you're at BlackHat 2014 this year, he will be showcasing it at Arsenal! Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This is a flashback from July 2015. Mr. Boettcher and I discussed SQLMAP, a tool that can automate the process of pentesting databases and even registries on Windows. We discuss some functions of the program and why developers should get training on these. Mr. Boettcher and I talk about how Infosec professionals should help to educate QA and Developers to be able to look at their processes and incorporate security testing, using tools like sqlmap in the Software lifecycle. SQLMAP links SQLMAP Wiki and more detailed documentation - https://github.com/sqlmapproject/sqlmap/wiki http://sqlmap.org/ https://github.com/sqlmapproject/sqlmap http://hackertarget.com/sqlmap-tutorial/ https://www.owasp.org/index.php/Automated_Audit_using_SQLMap http://www.binarytides.com/sqlmap-hacking-tutorial/ http://blog.spiderlabs.com/2013/12/sqlmap-tricks-for-advanced-sql-injection.html Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

It only gets better in Part 2 of our Interview with Georgia Weidman, Author, Security Researcher and Creator of the Smartphone Pentesting Framework. She talks about how people underestimate the mobile platform for pentesting purposes, and we even find out that in addition to Teaching a class on exploit development at BlackHat this year, she's going to be helping a great organization overseas. We also got her talking about some do's and don'ts of pentesting! ;) Please enjoy! Georgia's book on No Starch: http://www.nostarch.com/pentesting on Amazon.com: http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641 (non-sponsored link) Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

So, I uploaded this little tutorial of nmap, a very nice tool I use on a regular basis, both at home and at work. I did some basic scans, showed off the command line and the Windows 'Zenmap' version, as well as discussed some regularly used switches. The next video I do about nmap will discuss more switches, the Nmap Scripting Engine (NSE), and how to format reports and the output nmap provides. Nmap icon courtesy of livehacking.com

We have a real treat the next two weeks. Author and Mobile Security Researcher Georgia Weidman, who we also found out will be providing exploit development training at Black Hat this year. She is the author of an awesome book "Penetration Testing: A Hands-On Introduction to Hacking" (http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1405304124&sr=8-1&keywords=georgia+weidman) She sat down with us over Skype and gave a nice talk about where she came from, and why she wrote the book, and even what she's about to do in the future (that's next week) ;) You'll have to listen next week to find out the awesome trip she's about to take. http://www.bulbsecurity.com/ Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This is the continuation of our podcast from last week with Phil Beyer. We started out talking about risk registers, and we end the podcast with a little Q&A about positions in companies (Chief Risk Officer, Chief Data Protection Officer), and whether these positions are useful. Risk registers - http://en.wikipedia.org/wiki/Risk_register Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Establishing an Information Security program can make or break an organization. So what do you need to get that started? We have friend of the show Phil Beyer come in and discuss with us the five steps of the creation of an Information Security Program. Join us for Part 1, and next week, we'll finish up with a little Q&A, as well as what a 'risk register' is. Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

We finished up the OWASP Top Ten List. We discussed Injection, XSS, and other goodness. Find out what makes the Top 5 so special. http://risky.biz/fss_idiots - Risky Business Interview concerning Direct Object Reference and First State Superannuation http://oauth.net/2/ - Great information on OAUTH 2.0. Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

As we wade through the morass of the Infosec swamp, we come across the OWASP 2013 report of web app vulnerabilities. Since Mr. Boettcher and I find ourselves often attempting to explain these kinds of issues to people on the Internet and in our daily lives, we thought it would be prudent to help shed some light on these. So this week, we discuss the lower of the top 10, the ones that aren't as glamorous or as earth shaking as XSS or SQLI, but are gotchas that will bite thine ass just as hard. Next week is the big ones, the Top 5... all your favorites, in one place! OWASP Top 10 (2013) PDF: http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf Costs of finding web defects early (2008): http://www.informit.com/articles/article.aspx?p=1193473&seqNum=6 Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This is part 2 of our podcast interview with Guillaume Ross, Infosec professional who is well versed with the intricacies of various cloud architectures, whether they are IaaS, PaaS, or SaaS. This part of the podcast discussed how contracts are established, and we ask if smaller cloud providers have a chance against behemoths like Google, Amazon, and Microsoft. Links brought up during the interview: Rich Mogull's $500 Epic fail - https://securosis.com/blog/my-500-cloud-security-screwup Rich Mogull's write up on how the aftermath and investigation - https://securosis.com/tag/cloud+security Amazon VPC: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html Azure Endpoints (how-to): http://azure.microsoft.com/en-us/documentation/articles/virtual-machines-set-up-endpoints/?rnd=1 Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Brian and I interviewed Mr. Guillaume Ross (@gepeto42), an Information Security professional who helps organizations get themselves situated into cloud based solutions. We get a better understanding of why people would want to put their info into the 'cloud' and how they are different than traditional co-lo and datacenters. Guillaume's Blog: http://blog.binaryfactory.ca/ AWS (amazon) Security Best Practices WhitePaper: http://aws.amazon.com/whitepapers/aws-security-best-practices/ Amazon EC2 FAQ: http://aws.amazon.com/ec2/faqs/ Microsoft's Azure FAQ:http://azure.microsoft.com/en-us/support/faq/?rnd=1 "cloud computing icon" courtesy of smartdatacollective.com Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

As promised, I am posting a video I made explaining how to setup Kismet to do wireless scans. The only pre-requisites you need are Vmware (it will work the same in VirtualBox), and a VM of Kali linux. The only real difference is the message that asks where the wireless adapter should connect to. It's my first attempt editing a video, so please be kind

Mr. Boettcher and I had a great time this week. We talked all about doing wireless audits for PCI using Kismet and Aircrack-ng, and talked about some capabilities of both. Alfa AWUS051NH (works in Kali/Backtrack) (no sponsor link): http://www.amazon.com/gp/offer-listing/B002BFO490/ref=dp_olp_0?ie=UTF8&condition=all kismetwireless.net Using Karma with a pineapple to fool clients into connecting unencrypted: http://www.troyhunt.com/2013/04/your-mac-iphone-or-ipad-may-have-left.html Tutorial on hacking various wireless: http://cecs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks.htm Premium content by Bryan! I made a video as well that describes using your wireless dongle to make your Kali Linux into a powerful areal wireless sniffer. http://brakeingsecurity.com/bonus-kismet-video Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Sharing information between people and organizations can be a sensitive issue, especially if the information being shared is of mutual importance. This week, we break down PGP and it's open source cousin GPG. We discuss how last week's podcast about hashing, encoding, and encryption are all bundled up neatly with PGP, and give you some examples of software you can use on Mac, Windows, and Linux. GPG4Win - http://www.gpg4win.org/ GPG Suite (Mac OS) - https://gpgtools.org/ public PGP key server - pgp.mit.edu NoStarch Press book: http://www.nostarch.com/pgp.htm gpg commandline tutorial - http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/gpg-cs.html Icon courtesy of NoStarch Press Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Ever heard someone mention AES Encoding, or MD5 Encryption? Many people in IT, Infosec, and Software development get confused about what Hashing, Encrypting, and Encoding. We hack through the definition forest, looking for that Sequoia of understanding. We also talk about Symantec's remarks that 'Antivirus is dead' and 'not a moneymaker', and what that means to the industy as a whole. "Enkrypto" is the program I mentioned in the podcast. It would appear that either s/he fixed it. Still shouldn't be using an 'encoding' method to store SMS if they are of a sensitive nature... The screen shots still clearly show a Base64 encoded SMS, and still show it as a 'secured' message. :( plus, with a the option to allow an encrypted PIN with 4 characters, it would be trivial to crack even an AES encrypted message Do not buy this app... https://play.google.com/store/apps/details?id=org.enkrypto.sms icon courtesy of http://www.differencebetween.info Intro "Private Eye", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This week, we find ways to increase security when browsing the EWW (Evil Wide Web). We give a shout-out to WhiteHatSec's Aviator browser as a way for everyone to have an eleveated security posture with very little configuration required. And Mr. Boettcher and I talk about some of the plugins we use to make ourselves more secure. And Mr. Boettcher surprises me with his proclivities toward farmyard animals. Aviator Browser: https://www.whitehatsec.com/aviator/ Sandboxie: http://www.sandboxie.com/ Browser plugins: Firefox --- Request Policy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/ Google --- Notscript: http://www.dedoimedo.com/computers/google-chrome-notscript.html Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Mandiant put out their 2014 Threat Report, and we got into all the meaty goodness. From the Syrian Electronic Army, Iran, and China's APT1 and APT12. Find out if the bad guys are getting smarter, or if we are just making it easier for them? Have a listen and find out. Mandiant 2014 report (registration required): http://connect.mandiant.com/m-trends_2014 Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Since 2006, Verizon has put out their yearly PCI report. We break it down, and discuss the merits of the report. 2014 Verizon Report: www.verizonenterprise.com/resources/reports/rp_pci-report-2014_en_xg.pdf Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

This is Part 2 of our interview with Phil Beyer. We asked him about the difference between mentoring and coaching, and we end the podcast talking about influence, the types of influence and ways to gain influence. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

Whois for heartbleed was registered 5 April 2014 by Marko Laasko: Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: HEARTBLEED.COMRegistry Domain ID: 1853534635_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.godaddy.comRegistrar URL: http://www.godaddy.comUpdate Date: 2014-04-05 15:13:33Creation Date: 2014-04-05 15:13:33Registrar Registration Expiration Date: 2015-04-05 15:13:33Registrar: GoDaddy.com, LLCRegistrar IANA ID: 146Registrar Abuse Contact Email: @godaddy.comRegistrar Abuse Contact Phone: +1.480-624-2505Domain Status: clientTransferProhibitedDomain Status: clientUpdateProhibitedDomain Status: clientRenewProhibitedDomain Status: clientDeleteProhibitedRegistry Registrant ID: Registrant Name: Marko LaaksoRegistrant Organization: Codenomicon OyRegistrant Street: Tutkijantie 4ERegistrant City: OuluRegistrant State/Province: OuluRegistrant Postal Code: 90590Registrant Country: FinlandRegistrant Phone: +358.451302656Registrant Phone Ext: Registrant Fax: +358.3588340141Registrant Fax Ext: Registrant Email: @codenomicon.comRegistry Admin ID: Admin Name: Marko LaaksoAdmin Organization: Codenomicon OyAdmin Street: Tutkijantie 4EAdmin City: OuluAdmin State/Province: OuluAdmin Postal Code: 90590Admin Country: FinlandAdmin Phone: +358.451302656Admin Phone Ext: Admin Fax: +358.3588340141Admin Fax Ext: Admin Email: @codenomicon.comRegistry Tech ID: Tech Name: Marko LaaksoTech Organization: Codenomicon OyTech Street: Tutkijantie 4ETech City: OuluTech State/Province: OuluTech Postal Code: 90590Tech Country: FinlandTech Phone: +358.451302656Tech Phone Ext: Tech Fax: +358.3588340141Tech Fax Ext: Tech Email: @codenomicon.comName Server: NS-697.AWSDNS-23.NETName Server: NS-1338.AWSDNS-39.ORGName Server: NS-1621.AWSDNS-10.CO.UKName Server: NS-473.AWSDNS-59.COMDNSSEC: unsignedURL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/Last update of WHOIS database: 2014-04-13T12:00:00Z NSA exploting HeartBleed for years: http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html RFC6520 - TLS Heartbeat (co-authored by the the guy Robin Seggelmann) https://tools.ietf.org/html/rfc6520 Slashdot article: http://it.slashdot.org/story/14/04/10/2235225/heartbleed-coder-bug-in-openssl-was-an-honest-mistake OpenBSD's Theo De Raadt having a rant about OpenSSL: http://it.slashdot.org/story/14/04/10/1343236/theo-de-raadts-small-rant-on-openssl OpenSSL's malloc issues: http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse and http://www.tedunangst.com/flak/post/heartbleed-vs-mallocconf Custom Snort rules to detect HeartBleed: http://blog.snort.org/2014/04/sourcefire-vrt-certified-snort-rules_10.html Intro/Outro Music: "All This" Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0 http://creativecommons.org/licenses/by/3.0/

This week, we're leaving the Infosec track a bit, but this interview may be more important to being a person's development as a good Infosec person. We interviewed Mr. Phil Beyer, Director of Information Security for the Advisory Board Company. In addition to being a past president of the Capitol of Texas ISSA Chapter, he co-founded the Texas CISO Council, a regional steering committee composed of security leaders from private industry and the public sector. He recently gave a talk at Bsides Austin about leadership, and how anyone can be a leader of men. It was very inspiring and something Mr. Boettcher and I thought would be interesting for people in any line of work, not just infosec would benefit from. If you would like to hear his Bsides Austin talk, we have an exclusive audio copy of the talk, which you can find with his slideshare link here: Brakeingsecurity.com Please leave feedback if you like this, or please feel free to re-tweet/share this elsewhere. Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/

I take a few minutes to explain a quick mass renaming shortcut using sed I use when I have multiple files that I need to rename. I used the example of spaces in filenames, but you can use this to append a name to multiple files. Another way to easily change files is to use the 'tr' command. You can change a filename from all lowercase to all uppercase letters, or even remove non-printable characters from filenames. Take a look, please leave feedback. I know there are other ways using awk, perl, and others. This is just another way to do it.