Talkin' Bout [Infosec] News

ORIGINALLY AIRED ON JANUARY 24, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — The Monkey Dance 00:25 – BHIS – Talkin’ Bout [infosec] News 2022-01-24 01:49 – Story # 1: New Log4j attacks target SolarWinds, ZyXEL devices – https://therecord.media/new-log4j-attacks-target-solarwinds-zyxel-devices/ 08:18 – Story # 2: New MoonBounce UEFI bootkit can’t be removed by […] The post Talkin’ About Infosec News – 1/27/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — The Monkey Dance (00:25) - BHIS - Talkin' Bout [infosec] News 2022-01-24 (01:49) - Story # 1: New Log4j attacks target SolarWinds, ZyXEL devices (08:18) - Story # 2: New MoonBounce UEFI bootkit can’t be removed by replacing the hard drive (13:18) - Story # 3: Crypto.com finally confirms major hack, says it lost $34 million (15:53) - Story # 3b: Coinbase Hack (21:47) - Story # 4: Hackers From North Korea Stole Millions Of Dollars From Cryptocurrency Startups All Across The World (26:42) - Story # 5: Mixed Messages: Busting Box’s MFA Methods (35:06) - Story # 6: School District reports a 334% hike in cybersecurity insurance costs (38:42) - Story # 7: Europol takes down VPNLab, a service used by ransomware gangs (42:12) - Story # 8: Why this threat intelligence expert believes cyberattacks aren’t Ukraine’s biggest concern

ORIGINALLY AIRED ON JANUARY 17, 2022 Articles discussed in this episode: 0:00:00 – PreShow Banter™ — Whose Ears Are Buring? 0:01:06 – BHIS – Talkin’ Bout [infosec] News 2022-01-17 0:02:27 – Story # 1: Russia takes down REvil hacking group at U.S. request – https://www.reuters.com/technology/russia-arrests-dismantles-revil-hacking-group-us-request-report-2022-01-14/ 0:07:00 – Story # 2: White House: Arrested Russian hacker […] The post Talkin’ About Infosec News – 1/21/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Who's Ears Are Buring? (01:06) - BHIS - Talkin' Bout [infosec] News 2022-01-17 (02:27) - Story # 1: Russia takes down REvil hacking group at U.S. request (07:00) - Story # 2: White House: Arrested Russian hacker was behind Colonial Pipeline attack (09:29) - Story # 3: Hotel chain switches to Chrome OS to recover from ransomware attack (15:22) - Story # 4: QNAP issues ransomware warning to users (19:56) - Story # 5: Backdoor RAT for Windows, macOS, and Linux went undetected until now (24:50) - Story # 6: Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time (30:02) - Story # 7: New macOS vulnerability, “powerdir,” could lead to unauthorized user data access (35:26) - Story # 8: Revealed: UK Gov’t Plans Publicity Blitz to Undermine Privacy of Your Chats (36:52) - Story # 9: Apple under fire for iPhone encryption technology – Telegraph.co.uk (44:14) - Story # 10: Scammers put fake QR codes on parking meters to intercept parkers’ payments (50:38) - Story # 11: Chrome will limit access to private networks, citing security reasons (54:57) - Story # 12: Cyberattack causes Albuquerque Public Schools to cancel classes Thursday (01:03:15) - Talkin Bout Keyboards

ORIGINALLY AIRED ON JANUARY 10, 2022 Articles discussed in this episode: 01:58 – Story # 1: WordPress Core Vulnerabilities – https://www.searchenginejournal.com/wordpress-core-vulnerabilities/432042/#close 11:32 – Story # 2: Card-stealing code on over 100 Sotheby’s luxury real estate sites – https://therecord.media/card-stealing-code-found-on-more-than-100-sothebys-luxury-real-estate-sites/ 14:55 – Story # 3: France hits Facebook & Google with $210 million in fines – https://www.bleepingcomputer.com/news/legal/france-hits-facebook-and-google-with-210-million-in-fines/ […] The post Talkin’ About Infosec News – 1/14/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-01-10 (01:58) - Story # 1: WordPress Core Vulnerabilities (11:32) - Story # 2: Card-stealing code on over 100 Sotheby’s luxury real estate sites (14:55) - Story # 3: France hits Facebook & Google with $210 million in fines (22:14) - Story # 4: Pwn2Own, ShmooCon security conferences postponed due to COVID-19 surge (24:48) - Story # 5: BREAKING! Cyber Threat Map (27:21) - Story # 6: Open source developer corrupts widely-used libraries (34:38) - Story # 7: FTC warns companies to remediate Log4j security vulnerability (39:58) - Story # 8: Trojanized dnSpy app drops malware cocktail (45:33) - Story # 9: Norton 360 Cryptominer (55:56) - Hot Takes and Sadness

ORIGINALLY AIRED ON JANUARY 4, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Who’s Job Is It Anyway? 00:20 – BHIS – Talkin’ Bout [infosec] News 2022-01-04 01:58 – Story # 1: iLOBleed Rootkit – https://thehackernews.com/2021/12/new-ilobleed-rootkit-targeting-hp.html 08:39 – Story # 2: Firmware attack can drop persistent malware in hidden SSD area – https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/ […] The post Talkin’ About Infosec News – 1/7/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Who's Job Is It Anyway? (00:20) - BHIS - Talkin' Bout [infosec] News 2022-01-04 (01:58) - Story # 1: iLOBleed Rootkit (08:39) - Story # 2: Firmware attack can drop persistent malware in hidden SSD area (17:35) - Story # 3: OverWatch Exposes AQUATIC PANDA (21:38) - Story # 4: Experts warn against storing passwords in Chrome (42:16) - –Official Report: Not Responsible for the Information Super Highway

This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are. Consider this to […] The post Webcast: New Wave of Ransomware Attacks: How did this happen? appeared first on Black Hills Information Security.

ORIGINALLY AIRED ON DECEMBER 20, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Getting Nerdy With It 04:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-20 – The Final Broadcast … of 2021 05:34 – Story # 1: Apple releases Android app to find rogue AirTags – https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/ 18:24 – Story # […] The post Talkin’ About Infosec News – 12/22/2021 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Getting Nerdy With It (04:18) - BHIS - Talkin' Bout [infosec] News 2021-12-20 – The Final Broadcast ... of 2021 (05:34) - Story # 1: Apple releases Android app to find rogue AirTags - https://therecord.media/apple-releases-android-app-to-find-malicious-airtags/ (18:24) - Story # 2: A Summary of Sorts - The Tale of 2021 (21:40) - Story # 3: Kronos hit with ransomware - https://www.zdnet.com/article/hr-platform-kronos-brought-down-by-ransomware-attack-ukg-warns-of-data-breach/ (22:19) - Story # 4: 300,000 MikroTik Devices Found Vulnerable - https://thehackernews.com/2021/12/over-300000-mikrotik-devices-found.html (26:51) - Story # 5: WordPress Sites Under Cyberattack - https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html (28:45) - Story # 6: Firefox password leak via Windows Cloud Clipboard - https://therecord.media/firefox-fixes-password-leak-via-windows-cloud-clipboard-feature/ (36:33) - Story # 7: Android Application Testing Using Windows 11 - https://sensepost.com/blog/2021/android-application-testing-using-windows-11-and-windows-subsystem-for-android/ (37:43) - Story # 8: Verizon overrides users’ opt-out - https://arstechnica.com/information-technology/2021/12/verizon-ignored-users-previous-opt-outs-in-latest-push-to-scan-web-browsing/ (43:15) - Story # 9: Volvo cyber security breach - https://www.media.volvocars.com/global/en-gb/media/pressreleases/292817/notice-of-cyber-security-breach-by-third-party-1

Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join […] The post Webcast: Intro to Ransomware and Industrial Control Systems (ICS) appeared first on Black Hills Information Security.

At Black Hills Information Security (BHIS), we make our living doing pentesting, but we’ve never once been paid for a pentest. Penetration Testers get paid for their reports. For their explanations. For their story of the environment as it appears to an attacker. The scanning and testing and exploiting (and failing at those things) is […] The post Webcast: Hack for Show, Report For Dough: Part 2 appeared first on Black Hills Information Security.

ORIGINALLY AIRED ON DECEMBER 13, 2021 00:00 – PreShow Banter™ 09:41 – FEATURE PRESENTATION: The Floor is Java – Log4Shell / Log4J 10:26 – Lets Jump In 11:31 – Oh No… 12:28 – None of This is New 15:36 – How Does This Work? 19:48 – Mitigations 21:48 – Find it on Hosts 23:54 – Hal […] The post Talkin’ About Infosec News – The Floor is Java – 12/15/2021 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ (09:41) - FEATURE PRESENTATION: The Floor is Java – Log4Shell / Log4J (10:26) - Lets Jump In (11:31) - Oh No... (12:28) - None of This is New (15:36) - How Does This Work? (19:48) - Mitigations (21:48) - Find it on Hosts (23:54) - Hal Translator (25:25) - Find it on the Network (26:53) - Miners Beacon (28:24) - Great Write-Ups! (31:47) - Conversation with Q & A

ORIGINALLY AIRED ON DECEMBER 6, 2021 Articles discussed in this episode: 00:18 – BHIS – Talkin’ Bout [infosec] News 2021-12-06 02:57 – Story # 1: Apple AirTag Car Thefts – https://www.macrumors.com/2021/12/03/airtag-linked-to-car-thefts/ 11:04 – Story # 2: Ubiquiti dev charged for extortion – https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/ 17:09 – Plug: Pay What You Can SOC Training – https://www.antisyphontraining.com/soc-core-skills-w-john-strand/ 18:24 – […] The post Talkin’ About Infosec News – 12/09/2021 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ (00:18) - BHIS - Talkin' Bout [infosec] News 2021-12-06 (02:57) - Story # 1: Apple AirTag Car Thefts - https://www.macrumors.com/2021/12/03/airtag-linked-to-car-thefts/ (11:04) - Story # 2: Ubiquiti dev charged for extortion - https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/ (17:09) - Plug: Pay What You Can SOC Training – https://www.antisyphontraining.com/soc-core-skills-w-john-strand/ (18:24) - Story # 3: U.S. State Department hacked with NSO spyware - https://www.reuters.com/technology/exclusive-us-state-department-phones-hacked-with-israeli-company-spyware-sources-2021-12-03/ (24:15) - Story # 4: The rise of dark web design - https://theconversation.com/the-rise-of-dark-web-design-how-sites-manipulate-you-into-clicking-168347 (33:46) - Story # 5: Researcher Found Way to Brute Force Verizon Customer PINs Online - https://www.vice.com/en/article/93bbpy/brute-force-verizon-pins-researcher-video (39:43) - Story # 6: Russia and China attacking US satellites with lasers and jammers - https://www.independent.co.uk/space/russia-china-attack-us-satellites-lasers-b1967516.html?utm_source=reddit.com (44:25) - Story # 7: Ransomware Takeaways: Q3 2021 - https://www.backblaze.com/blog/ransomware-takeaways-q3-2021/ (49:36) - Story # 8: Microsoft prompts try to stop people downloading Chrome - https://www.theverge.com/2021/12/2/22813733/microsoft-windows-edge-download-chrome-prompts (50:36) - Story # 8b: Microsoft Edge will warn users about downloading Google Chrome - https://arstechnica.com/gadgets/2021/12/microsoft-edge-will-now-warn-users-about-the-dangers-of-downloading-google-chrome/

Kent Ickler // Background Over four years ago now, I wrote a blog post on fixing missing Content-Security-Policy by updating configuration on webservers: https://www.blackhillsinfosec.com/fix-missing-content-security-policy-website/. Content-Security-Policies instruct a user’s web browser how it should behave on certain security considerations. Oh, how times have changed. Here at Black Hills Information Security (BHIS), we’ve actually migrated webservers, hosting […] The post Fixing Content-Security-Policies with Cloudflare Workers appeared first on Black Hills Information Security.

ORIGINALLY AIRED ON NOVEMBER 22, 2021 Articles discussed in this episode: Story # 1: Chinese Team Up With Russia To Launch US Cybersecurity Assault – https://hothardware.com/news/chinese-hackers-team-up-with-russian-ransomware-gang Story # 2: The FBI Got Hacked Over a Beef With a Guy Named Vinny? – https://www.thedailybeast.com/was-fbi-email-hack-just-an-elaborate-troll-of-a-guy-named-vinny-troia Story # 3: Insurers run from ransomware cover as losses mount – https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/ Story # […] The post Talkin’ About Infosec News – 11/26/2021 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Fixing Compressors (02:13) - BHIS - Talkin' Bout [infosec] News 2021-11-22 (05:31) - Story # 1: Chinese Team Up With Russia To Launch US Cybersecurity Assault – https://hothardware.com/news/chinese-hackers-team-up-with-russian-ransomware-gang (12:23) - Story # 2: The FBI Got Hacked Over a Beef With a Guy Named Vinny? – https://www.thedailybeast.com/was-fbi-email-hack-just-an-elaborate-troll-of-a-guy-named-vinny-troia (18:32) - Story # 3: Insurers run from ransomware cover as losses mount – https://www.reuters.com/markets/europe/insurers-run-ransomware-cover-losses-mount-2021-11-19/ (23:27) - Story # 4: Ransomware gangs rich enough to buy zero-days – https://www.zdnet.com/article/ransomware-gangs-are-now-rich-enough-to-buy-zero-day-flaws-say-researchers/ (35:06) - Story # 5: FBI Alert on FatPipe VPN Zero-Day - https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html (45:31) - Story # 6: Debunking worthless “security” practices – https://arstechnica.com/information-technology/2021/11/securing-your-digital-life-part-4/

ORIGINALLY AIRED ON NOVEMBER 15, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-11-15 02:22 – Story # 1: Robinhood data breach – https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/ 07:27 – Story # 2: Trojanized IDA Pro – https://thehackernews.com/2021/11/north-korean-hackers-target.html 09:48 – Story # 3: stealing data today, quantum computers tomorrow – https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/ 18:42 – Story # 4: DDR4 […] The post Talkin’ About Infosec News – 11/17/2021 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2021-11-15 (02:22) - Story # 1: Robinhood data breach – https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/ (07:27) - Story # 2: Trojanized IDA Pro – https://thehackernews.com/2021/11/north-korean-hackers-target.html (09:48) - Story # 3: stealing data today, quantum computers tomorrow – https://www.technologyreview.com/2021/11/03/1039171/hackers-quantum-computers-us-homeland-security-cryptography/ (18:42) - Story # 4: DDR4 Rowhammer technique – https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/ (26:58) - Story # 5: Secure software supply chain – https://sysdig.com/blog/software-supply-chain-security/ (33:26) - Story # 6: New Android Spyware – https://threatpost.com/new-android-spyware-poses-pegasus-like-threat/176155/ (43:46) - Story # 7: Hoax Email Abused Coding in FBI Website – https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/ (55:23) - Story # 8: DomainTools Acquires Farsight Security – https://www.infosecurity-magazine.com/news/domaintools-acquires-farsight/

ORIGINALLY AIRED ON November 08, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — God’s Waiting Room 03:08 – BHIS – Talkin’ Bout [infosec] News 2021-11-08 04:50 – Story # 1: JavaScript in Excel – https://techcrunch.com/2021/11/02/microsoft-brings-javascript-to-excel/ 09:12 – Story # 2: Bots That Steal 2FA Codes – https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo 13:00 – Story # 3: US bans trade with NSO Group – https://www.engadget.com/us-trade-ban-nso-group-145347522.html 22:34 – Story # 4: US House Passes Acts to Help SMBs with Cybersecurity – https://www.infosecurity-magazine.com/news/house-helps-smbs-cybersecurity/ 33:34 – Story # 5: Hackers Apologize to Arab Royal Families – https://www.vice.com/en/article/n7nw8m/conti-ransomware-hackers-apologize-to-arab-royal-families-for-leaking-their-data We are self-publishing free Infosec Zines called PROMPT#. PROMPT# will contain: Infosec articles Challenging puzzles Comic book based on real-life hacking adventures Coloring contests Bonus Backdoors & Breaches Consultant Cards (print version only) Other stuffs You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ (00:00) - PreShow Banter™ — Gods Waiting Room (03:08) - BHIS - Talkin' Bout [infosec] News 2021-11-08 (04:50) - Story # 1: JavaScript in Excel - https://techcrunch.com/2021/11/02/microsoft-brings-javascript-to-excel/ (09:12) - Story # 2: Bots That Steal 2FA Codes - https://www.vice.com/en/article/y3vz5k/booming-underground-market-bots-2fa-otp-paypal-amazon-bank-apple-venmo (13:00) - Story # 3: US bans trade with NSO Group - https://www.engadget.com/us-trade-ban-nso-group-145347522.html (22:34) - Story # 4: US House Passes Acts to Help SMBs with Cybersecurity - https://www.infosecurity-magazine.com/news/house-helps-smbs-cybersecurity/ (33:34) - Story # 5: Hackers Apologize to Arab Royal Families - https://www.vice.com/en/article/n7nw8m/conti-ransomware-hackers-apologize-to-arab-royal-families-for-leaking-their-data

Have you ever seen a call for papers for a conference and thought to yourself that you’d like to submit a talk and then immediately thought, oh never mind? Have you ever been asked to present internally at your organization and immediately recommended someone else to do it? Was it because you didn’t know how to give a presentation, or because you were afraid of speaking in front of an audience, or because you didn’t know where to start? This Black Hills Information Security (BHIS) presentation on giving presentations the way people like to hear presentations is based on Jason’s background as a video editor, storyteller, comedian, and content creator. We dive into structure, delivery, and how your audience perceives every single word and image you share. By the end of this most meta-presentation on presentations using science and stuff, you’ll be equipped with getting started sharing your knowledge with others in a way they will want to hear it. Recorded•2021-08-26 Join the BHIS Community Discord: https://discord.gg/bhis 00:00 – FEATURE PRESENTATION: How to Share Your Knowledge With Others 55:28 – Q & A We are self-publishing free Infosec Zines called PROMPT#. PROMPT# will contain: Infosec articles Challenging puzzles Comic book based on real-life hacking adventures Coloring contests Bonus Backdoors & Breaches Consultant Cards (print version only) Other stuffs You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ (00:00) - FEATURE PRESENTATION: How to Share Your Knowledge With Others (55:28) - Q & A

ORIGINALLY AIRED ON OCTOBER 25, 2021 Articles discussed in this episode: 01:42 – Story # 1: https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/ 06:34 – Story # 2: https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ 11:50 – Story # 3: https://www.pcgamer.com/hackers-drain-cryptocurrency-accounts-of-thousands-of-coinbase-users/ 23:47 – Story # 4: https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/ 35:30 – Story # 5: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html 45:56 – Story # 6: https://cyberworkx.in/2021/10/08/a-new-uefi-bootkit-that-targets-windows-computers/ 51:45 – Story # 7: https://www.washingtonpost.com/national-security/rail-cybersecurity-dhs-regulations/2021/10/06/b3db07da-2620-11ec-8831-a31e7b3de188_story.html 54:14 – Story # 8: https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391 We are self-publishing free Infosec Zines called PROMPT#. PROMPT# will contain: Infosec articles Challenging puzzles Comic book based on real-life hacking adventures Coloring contests Bonus Backdoors & Breaches Consultant Cards (print version only) Other stuffs You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/ (00:00) - BHIS - Talkin' Bout [infosec] News 2021-10-25 (01:42) - Story # 1: https://www.bleepingcomputer.com/news/security/fired-it-admin-revenge-hacks-school-by-wiping-data-changing-passwords/ (06:34) - Story # 2: https://krebsonsecurity.com/2021/10/missouri-governor-vows-to-prosecute-st-louis-post-dispatch-for-reporting-security-vulnerability/ (11:50) - Story # 3: https://www.pcgamer.com/hackers-drain-cryptocurrency-accounts-of-thousands-of-coinbase-users/ (23:47) - Story # 4: https://threatpost.com/vmware-esxi-encrypted-python-script-ransomware/175374/ (35:30) - Story # 5: https://thehackernews.com/2021/10/chinese-hackers-used-new-rootkit-to-spy.html (45:56) - Story # 6: https://cyberworkx.in/2021/10/08/a-new-uefi-bootkit-that-targets-windows-computers/ (51:45) - Story # 7: https://www.washingtonpost.com/national-security/rail-cybersecurity-dhs-regulations/2021/10/06/b3db07da-2620-11ec-8831-a31e7b3de188_story.html (54:14) - Story # 8: https://www.nbcnews.com/tech/security/ransomware-hits-us-candymaker-ahead-halloween-rcna3391

ORIGINALLY AIRED ON OCTOBER 11, 2021 Articles discussed in this episode: 00:21 – Story # 1: Facebook Aftermath | https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ 09:17 – Story # 2: Twitch Source Code | https://www.theregister.com/2021/10/06/twitch_data_leak/ 25:31 – Story # 3: SMS Hacked; 5 Years | https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/ 31:40 – Story # 4: K-12 Cybersecurity Bill | https://thehill.com/policy/cybersecurity/575957-biden-signs-bill-into-law-to-strengthen-k-12-school-cybersecurity?rl=1 36:39 – Story # 5: Forced Disclosure? | https://www.newsweek.com/businesses-could-soon-have-disclose-ransomware-payouts-1635838 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ (00:00) - BHIS - Talkin' Bout [infosec] News 2021-10-11 (00:21) - Story # 1: Facebook Aftermath | https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ (09:17) - Story # 2: Twitch Source Code | https://www.theregister.com/2021/10/06/twitch_data_leak/ (25:31) - Story # 3: SMS Hacked; 5 Years | https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/ (31:40) - Story # 4: K-12 Cybersecurity Bill | https://thehill.com/policy/cybersecurity/575957-biden-signs-bill-into-law-to-strengthen-k-12-school-cybersecurity?rl=1 (36:39) - Story # 5: Forced Disclosure? | https://www.newsweek.com/businesses-could-soon-have-disclose-ransomware-payouts-1635838

ORIGINALLY AIRED ON OCTOBER 4, 2021 Articles discussed in this episode: 00:57 – Story # 1: Facebook is Burning 22:09 – Story # 2: https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/ 25:38 – Story # 3: https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/ 33:02 – Story # 4: https://cyberworkx.in/2021/10/03/hackers-spreading-malware-by-misusing-trust-of-amnesty-international/ 36:55 – Story # 5: https://threatpost.com/finspy-surveillance-kit/175068/ 39:04 – Story # 6: https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html https://www.blackhillsinfosec.com/services/cyber-range/ (00:00) - BHIS - Talkin' Bout [infosec] News 2021-10-04 (00:57) - Story # 1: Facebook is Burning (22:09) - Story # 2: https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/ (25:38) - Story # 3: https://krebsonsecurity.com/2021/10/fcc-proposal-targets-sim-swapping-port-out-fraud/ (33:02) - Story # 4: https://cyberworkx.in/2021/10/03/hackers-spreading-malware-by-misusing-trust-of-amnesty-international/ (36:55) - Story # 5: https://threatpost.com/finspy-surveillance-kit/175068/ (39:04) - Story # 6: https://thehackernews.com/2021/10/a-new-apt-hacking-group-targeting-fuel.html

ORIGINALLY AIRED ON SEPTEMBER 27, 2021 Articles discussed in this episode: 01:20 – Story # 1: https://habr.com/en/post/579714/ 02:14 – Story # 1b: https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/ 02:54 – Story # 1c: https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/ 04:03 – Story #1d: https://habr.com/en/post/580272/ 09:42 – A Wild Noah Has Joined the Chat 13:24 – The Wildest, Grayson & Tenille, Have Joined the Chat 13:45 – A Wild Jeff Has Joined the Chat 14:45 – Story #2: https://www.bbc.com/news/technology-58678907 22:03 – Story #3: https://arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/ 29:47 – Story #4: https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html 34:34 – Story #5: https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html 37:15 – Story #5b: https://github.com/Jamesits/dropWPBT 42:29 – Story #5c: https://github.com/chipsec/chipsec Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,834 other subscribers Email Address (00:00) - BHIS - Talkin' Bout [infosec] News 2021-09-27 (01:20) - Story # 1: https://habr.com/en/post/579714/ (02:14) - Story # 1b: https://therecord.media/researcher-discloses-iphone-lock-screen-bypass-on-ios-15-launch-day/ (02:54) - Story # 1c: https://www.bleepingcomputer.com/news/apple/new-macos-zero-day-bug-lets-attackers-run-commands-remotely/ (04:03) - Story # 1d: https://habr.com/en/post/580272/ (09:42) - A Wild Noah Has Joined the Chat (13:24) - The Wildest, Grayson & Tenille, Have Joined the Chat (13:45) - A Wild Jeff Has Joined the Chat (14:45) - Story # 2: https://www.bbc.com/news/technology-58678907 (22:03) - Story # 3: https://arstechnica.com/information-technology/2021/09/ransomware-victims-panicked-while-fbi-secretly-held-revil-decryption-key/ (29:47) - Story # 4: https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html (34:34) - Story # 5: https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html (37:15) - Story # 5b: https://github.com/Jamesits/dropWPBT (42:29) - Story # 5c: https://github.com/chipsec/chipsec

In this Black Hills Information Security (BHIS) webcast, we explore using GoLang to author malware with embedded shellcode. GoLang is a Google-authored modern successor language to C/C++. It is multi-platform, high performance, multi-threaded, and unlike C/C++ includes garbage collection! It has the advantage of compiling to native machine code, unlike .NET C# which is dependent on the common language runtime, and easily reversible. We explore how to execute Windows shellcode with GoLang in the same process thread space, and then also explore one process injection method. If you are a penetration tester looking to expand your malware authoring skills, a little Go(lang) will take you far! Recorded • 2021-05-20 Join the BHIS Community Discord: https://discord.gg/bhis 00:00 – FEATURE PRESENTATION BEGINS: Shellcode Execution with GoLang 01:39 – Meet Joff Thyer 02:16 – What is GoLang? 04:14 – Aspects of GoLang 07:43 – C# or Go? 09:24 – Go Command Line 10:57 – Golang Type Safety 11:31 – What is Shellcode? 12:51 – Sources of Shellcode 14:50 – Executing Shellcode on Windows 16:08 – GoLang “unsafe” Package 16:55 – Go “syscall” package is becoming per platform 17:50 – GoLang “windows” Package 18:22 – “x/sys/windows” package 20:29 – Looking deeper into Syscall 22:26 – Calling Functions out of Kernel32.dll (00:00) - FEATURE PRESENTATION BEGINS: Shellcode Execution with GoLang (01:38) - Meet Joff Thyer (02:15) - What is GoLang? (04:12) - Aspects of GoLang (07:40) - C# or Go? (09:19) - Go Command Line (10:52) - Golang Type Safety (11:25) - What is Shellcode? (12:44) - Sources of Shellcode (14:43) - Executing Shellcode on Windows (15:59) - GoLang "unsafe" Package (16:46) - Go "syscall" package is becoming per platform (17:42) - GoLang "windows" Package (18:13) - "x/sys/windows" package (20:20) - Looking deeper into Syscall (22:13) - Calling Functions out of Kernel32.dll (22:59) - GoLang: Byte Array for Shellcode (24:18) - Method 1: Direct Syscall (29:07) - Tangent: The A/V and EDR evasion paradox (32:04) - Single byte XOR function in GoLang (33:27) - Method 2: Creating Thread in Same Process (35:13) - GoLang Windows Native DLL (36:19) - Steps to build a native DLL (40:38) - Living off the Land with Native DLL (43:22) - DEMO : Run shell code (45:55) - Method 3: Process Injection (48:20) - DEMO - Remote Process Injection (49:19) - Additional Resources (49:59) - DEMO - Remote Process Injection cont. (52:01) - QnA (53:46) - LINK: Attacker Emulation and C2 - https://www.antisyphontraining.com/enterprise-attacker-emulation-and-c2-implant-development-w-joff-thyer/

ORIGINALLY AIRED ON SEPTEMBER 20, 2021 Articles discussed in this episode: 00:55 – Story # 1: https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/ 19:45 – Story # 2: https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware 27:45 – Story # 3: https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336 41:19 – Story # 4: https://apnews.com/article/technology-business-pakistan-seattle-washington-c6122e936e0fcc7c077becdd2559886b 46:55 – Story # 5: https://therecord.media/us-fines-former-nsa-employees-who-provided-hacker-for-hire-services-to-uae/ Join the BHIS Community Discord: https://discord.gg/bhis Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,829 other subscribers Email Address Subscribe (00:00) - BHIS - Talkin' Bout [infosec] News 2021-09-20 (00:55) - Story # 1: https://techcrunch.com/2021/09/13/apple-zero-day-nso-pegasus/ (19:45) - Story # 2: https://www.tomshardware.com/news/researchers-find-windows-subsystem-linux-malware (27:45) - Story # 3: https://www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336 (41:19) - Story # 4: https://apnews.com/article/technology-business-pakistan-seattle-washington-c6122e936e0fcc7c077becdd2559886b (46:55) - Story # 5: https://therecord.media/us-fines-former-nsa-employees-who-provided-hacker-for-hire-services-to-uae/

Jordan and Kent have heard from a lot of people that the past Black Hills Information Security (BHIS) webcasts: “Group Policies That Kill Kill Chains” and “Active Directory Best Practices to Frustrate Attackers” have changed their business models for the better. And since they’ve been offered the BHIS soapbox again, they thought it was time to update this material and combine it. Security can sometimes move slow and other times blazingly fast. They’ll discuss what they’ve seen in the past year and how it impacts their view on baseline defensive configurations you shouldn’t be operating without. At the end of the day, we are in this game to make things difficult for attackers, adversaries, and red teamers. We want to reduce mean time to detection. And we really want to help you make your networks and domains more secure. So… why not update our favorite webcasts with everything we’ve learned since giving them? Join the BLACK HILLS INFOSEC Discord Server — https://discord.gg/bhis The Kill Chains Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/ How to Frustrate Attackers Material: https://www.blackhillsinfosec.com/webcast-group-policies-that-kill-kill-chains/ Recorded•2021-05-13 00:00 – FEATURE PRESENTATION BEGINS – The Quest for the Kill Chain Killer Continues 02:15 – What Changed in the Last Year? 06:31 – The Kill Chain 07:47 – Active Directory Best Practices to Frustrate Attackers 09:22 – Pre-Reqs 13:31 – Active Directory (00:00) - FEATURE PRESENTATION BEGINS - The Quest for the Kill Chain Killer Continues (02:14) - What Changed in the Last Year? (06:26) - The Kill Chain (07:40) - Active Directory Best Practices to Frustrate Attackers (09:13) - Pre-Reqs (13:21) - Active Directory (16:04) - Organizational Units ^^ Policies (17:35) - Layer Two Protocols (20:41) - Addressing LLMNR (NBNS and WPAD too) (22:50) - Unaddressing of LLMNR (34:12) - Addressing NBNS (34:55) - Addressing WPAD (36:41) - File Shares (39:24) - SMB Signing (41:02) - IPv6 (41:53) - LDAP Channel Binding (42:57) - Microsoft Store (43:55) - Too Many GPOs to Cover (44:40) - Dealing with Local Admins (45:24) - Network Logons (46:50) - Managed Service Accounts (48:32) - Application Controls (49:18) - Speaking of Ransomware... (50:21) - Firewalls (52:01) - Canary Accounts (52:51) - Network Analysis (54:17) - Credentials (56:40) - Wrap-Up and Questions

ORIGINALLY AIRED ON SEPTEMBER 13, 2021 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2021-09-13 02:59 – Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ 04:43 – Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083 07:22 – Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/ 13:16 – Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ 17:28 – Story # 3b: https://xkcd.com/2347/ 22:03 – Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ 30:15 – Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/ 33:21 – Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454 34:15 – Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ 39:32 – Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ (00:00) - BHIS - Talkin' Bout [infosec] News 2021-09-13 (02:59) - Story # 1: https://cyberworkx.in/2021/08/31/authentication-bypass-vulnerability-in-exchange-server/ (04:43) - Story # 1b: https://techcommunity.microsoft.com/t5/exchange-team-blog/how-to-update-ad-schema-to-address-cve-2021-34470-if-exchange-is/ba-p/2617083 (07:22) - Story # 2: https://cyberworkx.in/2021/09/08/microsoft-warns-of-new-zeroday-vulnerability-hunting-down-windows-users/ (13:16) - Story # 3: https://therecord.media/ghostscript-zero-day-allows-full-server-compromises/ (17:28) - Story # 3b: https://xkcd.com/2347/ (22:03) - Story # 4: https://jfrog.com/blog/critical-vulnerability-in-haproxy-cve-2021-40346-integer-overflow-enables-http-smuggling/ (30:15) - Story # 5: https://venturebeat.com/2021/09/11/8-orgs-with-web-apps-for-file-uploads-have-adequate-cybersecurity/ (33:21) - Story # 5b: https://stackoverflow.com/questions/1732348/regex-match-open-tags-except-xhtml-self-contained-tags/1732454#1732454 (34:15) - Story # 6: https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ (39:32) - Story # 7: https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account. All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology, new issues are being found daily. In this Black Hills Information Security (BHIS) webcast, we’ll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers. Join us on the BLACK HILLS INFOSEC Discord channel for discussion and interaction with the community — https://discord.gg/bhis 0:00:00 – PreShow Banter™ — Beau Has a Fan Club 0:32:39 – FEATURE PRESENTATION: Getting Started in Blockchain Security and Smart Contract Auditing 0:36:39 – Roadmap 0:37:51 – Why Blockchain Security 0:39:21 – Growing Use Cases for Blockchain 0:43:23 – Blockchain Elements That Need Securing 0:49:00 – What Are Smart Contracts 0:51:22 – EVM : Ethereum Virtual Machine 0:54:00 – Solidity 0:59:55 – Smart Contract Vulns 1:04:00 – Reentrancy 1:05:54 – Front-Running 1:07:41 – Inter Overflow and Underflow (00:00) - PreShow Banter™ — Beau Has a Fan Club (32:39) - FEATURE PRESENTATION: Getting Started in Blockchain Security and Smart Contract Auditing (36:39) - Roadmap (37:51) - Why Blockchain Security (39:21) - Growing Use Cases for Blockchain (43:23) - Blockchain Elements That Need Securing (49:00) - What Are Smart Contracts (51:22) - EVM : Ethereum Virtual Machine (54:00) - Solidity (59:53) - Smart Contract Vulns (01:03:59) - – Reentrancy (01:05:52) - – Front-Running (01:07:39) - – Inter Overflow and Underflow (01:09:10) - – Denial-of-Service (01:10:38) - – Access Control (01:12:41) - – Timestamp Dependence (01:15:17) - Case Studies – Uranium Finance Hack (01:17:21) - – Poly Network Hack (01:21:02) - – Cream Finance Hack (01:24:37) - DEMO: Live Exploit (01:35:10) - Exploit Recap (01:35:40) - Security Tools – VS Code + Solidity Visual Developer (01:36:35) - – Slither (01:36:53) - – Mythril & MythX (01:37:23) - Get-Started Resources (01:38:30) - Bug Bounties (01:38:46) - Key Takeaways (01:39:56) - This is the End – Q & A

ORIGINALLY AIRED ON SEPTEMBER 7, 2021 Articles discussed in this episode: 02:14 – Story # 1: https://therecord.media/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks 06:17 – Story # 2: https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds 08:30 – Story # 3: https://taskandpurpose.com/news/air-force-cybersecurity-nicolas-chaillan/ 10:29 – Story # 3b: https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/ 13:20 – Story # 4: https://venturebeat.com/2021/09/02/the-cybersecurity-industry-is-burning-and-vcs-dont-care/ 18:03 – Story # 5: https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/ 24:38 – Story # 6: https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/ 28:30 – Story # 7: https://www.zdnet.com/article/fbi-warns-of-ransomware-attacks-targeting-food-and-agriculture-sector-as-white-house-pushes-for-proactive-measures/ 33:20 – Story # 7b: https://twitter.com/vxunderground/status/1435306913038745612 34:16 – Story # 7c: https://twitter.com/vxunderground/status/1433758742244478982 37:29 – Story # 8: https://cyberworkx.in/2021/09/06/russian-mobile-comes-with-preinstalled-malware/ 38:26 – Story # 9: https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/ 45:31 – Story # 10: https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/ (00:00) - BHIS - Talkin' Bout [infosec] News 2021-09-07 (02:14) - Story # 1: https://therecord.media/chinese-hackers-behind-july-2021-solarwinds-zero-day-attacks/ (06:17) - Story # 2: https://www.secureworld.io/industry-news/ciso-lawsuit-solarwinds (08:30) - Story # 3: https://taskandpurpose.com/news/air-force-cybersecurity-nicolas-chaillan/ (10:29) - Story # 3b: https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-chaillan/ (13:20) - Story # 4: https://venturebeat.com/2021/09/02/the-cybersecurity-industry-is-burning-and-vcs-dont-care/ (18:03) - Story # 5: https://www.theregister.com/2021/09/03/how_to_be_a_ransomware/ (24:38) - Story # 6: https://www.bleepingcomputer.com/news/security/over-60-000-parked-domains-were-vulnerable-to-aws-hijacking/ (28:30) - Story # 7: https://www.zdnet.com/article/fbi-warns-of-ransomware-attacks-targeting-food-and-agriculture-sector-as-white-house-pushes-for-proactive-measures/ (33:20) - Story # 7b: https://twitter.com/vxunderground/status/1435306913038745612 (34:16) - Story # 7c: https://twitter.com/vxunderground/status/1433758742244478982 (37:29) - Story # 8: https://cyberworkx.in/2021/09/06/russian-mobile-comes-with-preinstalled-malware/ (38:26) - Story # 9: https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/ (45:31) - Story # 10: https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/

ORIGINALLY AIRED ON AUGUST 30, 2021 Articles discussed in this episode: 01:38 – Story # 1: https://carbuzz.com/news/tom-cruise-couldnt-stop-thieves-stealing-his-bmw-7-series 14:45 – Story # 2: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru 23:24 – Story # 3: https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/ 27:37 – Story # 4: https://cyberworkx.in/2021/08/28/five-different-malware-families-targeting-pulse-secure-devices/ 33:08 – Story # 5: https://www.techradar.com/news/microsoft-warns-of-elaborate-new-cybercrime-scheme-to-steal-your-login-details 36:36 – Story # 6: https://twitter.com/EdClowes/status/1430083273015840776?s=19 39:43 – Story # 7: https://www.theregister.com/2021/08/26/qurium_bright_data_philippines_ddos/ 46:18 – Story # 8: https://www.foxbusiness.com/technology/florida-woman-fired-rampage-company-computer-system 50:22 – Story # 9: https://www.nextgov.com/cybersecurity/2021/08/white-house-tasks-nist-producing-another-cybersecurity-framework/184868/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,809 other subscribers Email Address (00:00) - BHIS - Talkin' Bout [infosec] News 2021-08-30 (01:38) - Story # 1: https://carbuzz.com/news/tom-cruise-couldnt-stop-thieves-stealing-his-bmw-7-series (14:45) - Story # 2: https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru (23:24) - Story # 3: https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26/ (27:37) - Story # 4: https://cyberworkx.in/2021/08/28/five-different-malware-families-targeting-pulse-secure-devices/](https://cyberworkx.in/2021/08/28/five-different-malware-families-targeting-pulse-secure-devices/) (33:08) - Story # 5: https://www.techradar.com/news/microsoft-warns-of-elaborate-new-cybercrime-scheme-to-steal-your-login-details (36:36) - Story # 6: https://twitter.com/EdClowes/status/1430083273015840776?s=19 (39:43) - Story # 7: https://www.theregister.com/2021/08/26/qurium_bright_data_philippines_ddos/ (46:18) - Story # 8: https://www.foxbusiness.com/technology/florida-woman-fired-rampage-company-computer-system (50:22) - Story # 9: https://www.nextgov.com/cybersecurity/2021/08/white-house-tasks-nist-producing-another-cybersecurity-framework/184868/

ORIGINALLY AIRED ON AUGUST 23, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — A Case of the Mondays 04:14 – Talkin’ Bout [InfoSec] News 2021-08-23 05:24 – Story # 1: https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure 09:03 – Story # 2: https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/ 14:50 – Story # 3: https://www.nytimes.com/2021/08/20/world/asia/afghanistan-facebook.html 21:01 – Story # 4: https://wgme.com/news/local/rural-sewage-plants-hit-by-ransomware-attacks-in-maine 31:23 – Story # 5: https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html 41:39 – Story # 6: https://cyberworkx.in/2021/08/22/mozi-botnet-uses-web-traffic-for-infecting-victims/ 42:10 – Story # 6b: https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/ 51:27 – Story # 7: https://twitter.com/j0nh4t/status/1429049506021138437 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,795 other subscribers Email Address (00:00) - PreShow Banter™ — A Case of the Mondays (04:14) - Talkin' Bout [InfoSec] News 2021-08-23 (05:24) - Story # 1: https://www.scmagazine.com/analysis/vulnerability-management/as-fortinet-spars-with-rapid7-what-can-everyone-else-learn-about-disclosure (09:03) - Story # 2: https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/ (14:50) - Story # 3: https://www.nytimes.com/2021/08/20/world/asia/afghanistan-facebook.html (21:01) - Story # 4: https://wgme.com/news/local/rural-sewage-plants-hit-by-ransomware-attacks-in-maine (31:23) - Story # 5: https://thehackernews.com/2021/08/cybercrime-group-asking-insiders-for.html (41:39) - Story # 6: https://cyberworkx.in/2021/08/22/mozi-botnet-uses-web-traffic-for-infecting-victims/ (42:09) - Story # 6b: https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/ (51:27) - Story # 7: https://twitter.com/j0nh4t/status/1429049506021138437

ORIGINALLY AIRED ON AUGUST 16, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-16 01:34 – Story # 1: https://youtu.be/WqD-ATqw3js 05:50 – Story # 2: https://cyberworkx.in/2021/08/11/accenture-data-is-on-darkweb-ransomware-group-threatens-to-release-it-for-public/ 09:54 – Story # 3: https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million 13:37 – Story # 4: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-the-general-availability-of-windows-365/ba-p/2595481 17:00 – Story # 4b: https://www.theverge.com/2021/8/4/22609090/microsoft-365-free-trials-cloud-pcs-demand-trials 19:56 – Story # 5: https://cyberworkx.in/2021/08/09/hacker-exploiting-authentication-bypass-bug-on-millions-of-routers/ 33:19 – Story # 6: https://techcrunch.com/2021/08/02/amazon-credit-palm-biometrics/ 40:52 – Story # 7: https://www.pcgamer.com/discord-malware-persistence-sophos-report/ 44:09 – Story # 8: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/ 46:48 – Story # 9: https://portswigger.net/daily-swig/black-hat-usa-http-2-flaws-expose-organizations-to-fresh-wave-of-request-smuggling-attacks Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, (00:00) - BHIS | Talkin' Bout News 2021-08-16 (01:34) - Story # 1: https://youtu.be/WqD-ATqw3js (05:50) - Story # 2: https://cyberworkx.in/2021/08/11/accenture-data-is-on-darkweb-ransomware-group-threatens-to-release-it-for-public/ (09:54) - Story # 4 https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million (13:37) - Story # 5: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/announcing-the-general-availability-of-windows-365/ba-p/2595481 (17:00) - Story # 5b: https://www.theverge.com/2021/8/4/22609090/microsoft-365-free-trials-cloud-pcs-demand-trials (19:56) - Story # 6: https://cyberworkx.in/2021/08/09/hacker-exploiting-authentication-bypass-bug-on-millions-of-routers/ (33:19) - Story # 7: https://techcrunch.com/2021/08/02/amazon-credit-palm-biometrics/ (40:52) - Story # 8: https://www.pcgamer.com/discord-malware-persistence-sophos-report/ (44:09) - Story # 9: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/ (46:48) - Story # 10: https://portswigger.net/daily-swig/black-hat-usa-http-2-flaws-expose-organizations-to-fresh-wave-of-request-smuggling-attacks

Originally Aired on August 10, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-10 — The Ransomware Intro 03:18 – Story # 1: https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life 15:58 – Story # 2: https://www.securityweek.com/details-emerge-iranian-railroad-cyberattack 32:34 – Story # 3: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/ 36:19 – Story # 4: https://www.raccoonvalleyradio.com/2021/08/02/men-file-lawsuit-against-dallas-county-sheriff/ 44:22 – Story # 5: https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/ 52:20 – Story # 6: https://therecord.media/motherboard-vendor-gigabyte-hit-by-ransomexx-ransomware-gang/ Awareness Con Playlist * https://www.youtube.com/playlist?list=PLqz80p7f6dFuuqMCqdhCKCmhCtg88BPz6 The Ransomeware Song – Forrest Brazeal – Used With Permission * https://youtu.be/d2dsI8NvdCU (Thanks to BHIS Discord user @toekneewhyknot for the recommendation) Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,768 other subscribers Email Address

Originally Aired on August 10, 2021 Articles discussed in this episode: https://youtu.be/JTPa1rGq7qk 00:00 - BHIS | Talkin’ Bout News 2021-08-10 — The Ransomware Intro 03:18 - Story # 1: https://www.eff.org/deeplinks/2021/08/apples-plan-think-different-about-encryption-opens-backdoor-your-private-life 15:58 - Story # 2: https://www.securityweek.com/details-emerge-iranian-railroad-cyberattack 32:34 - Story # 3: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/ 36:19 - Story # 4: https://www.raccoonvalleyradio.com/2021/08/02/men-file-lawsuit-against-dallas-county-sheriff/ 44:22 - Story # 5: https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/ 52:20 - Story # 6: https://therecord.media/motherboard-vendor-gigabyte-hit-by-ransomexx-ransomware-gang/ Awareness Con Playlist https://www.youtube.com/playlist?list=PLqz80p7f6dFuuqMCqdhCKCmhCtg88BPz6 The Ransomeware Song - Forrest Brazeal - Used With Permission https://youtu.be/d2dsI8NvdCU (Thanks to BHIS Discord user @toekneewhyknot for the recommendation)

Originally Aired on August 2, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-08-02 — Gold Foil Hats 05:18 – Story # 1: https://hothardware.com/news/microsoft-printnightmare-hack-grants-windows-admin-privileges 10:40 – Story # 2: https://www.wsj.com/articles/amazon-hit-with-record-eu-privacy-fine-11627646144 28:43 – LINK : Social Zombies – https://vimeo.com/6307559 31:54 – LINK: The Great Hack – https://youtu.be/iX8GxLP1FHo 32:24 – Story # 3: https://thehackernews.com/2021/08/solarmarker-infostealer-malware-once.html 43:58 – Story # 4: https://www.nytimes.com/2021/07/31/opinion/sunday/russia-ransomware-hacking.html 54:33 – [Post]Show Banter™ – Goldfoil Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,719 other subscribers Email Address Subscribe (00:00) - BHIS | Talkin' Bout News 2021-08-03 — Gold Foil Hats (05:18) - Story # 1: https://hothardware.com/news/microsoft-printnightmare-hack-grants-windows-admin-privileges (10:40) - Story # 2: https://www.wsj.com/articles/amazon-hit-with-record-eu-privacy-fine-11627646144 (28:43) - LINK : Social Zombies - https://vimeo.com/6307559 (31:54) - LINK: The Great Hack – https://youtu.be/iX8GxLP1FHo (32:24) - Story # 3: https://thehackernews.com/2021/08/solarmarker-infostealer-malware-once.html (43:58) - Story # 4: https://www.nytimes.com/2021/07/31/opinion/sunday/russia-ransomware-hacking.html (54:33) - [Post]Show Banter™ - Goldfoil

ORIGINALLY AIRED ON JULY 26, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-26 03:54 – Story # 1: https://cyberworkx.in/2021/07/24/new-windows-attack-petitpotam-forces-windows-hosts-to-share-ntlm-hashes/ 18:53 – Story # 2: https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html 30:26 – Story # 3: https://cyberworkx.in/2021/07/23/kaseya-received-the-universal-decryptor-for-revil-ransomware-attack/ 51:48 – Random Crap

Originally Aired on July 26, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-26 03:54 – Story # 1: https://cyberworkx.in/2021/07/24/new-windows-attack-petitpotam-forces-windows-hosts-to-share-ntlm-hashes/ 18:53 – Story # 2: https://thehackernews.com/2021/07/how-to-mitigate-microsoft-windows-10-11.html 30:26 – Story # 3: https://cyberworkx.in/2021/07/23/kaseya-received-the-universal-decryptor-for-revil-ransomware-attack/ 51:48 – Random Crap Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,696 other subscribers Email Address Subscribe

We’ve been having a problem with people that want to play with Security Onion or RITA at home. If a home router does not have a mirror port it can be difficult to try cool/free network monitoring tools. Sure, one could buy another router that has those features. But it is far easier to not do that. So, people don’t. Time goes on and they never get to play with the free enterprise-level cool tools at work or at home. However, there are a couple of ways to set up full network monitoring at home. No taps, no mirrored ports, no expensive/obscure devices to buy. In fact, the more basic and crappy the wireless router/switch is, the better these techniques work. So, in this Black Hills Information Security (BHIS) webcast, we will give you a super easy and hacky way to get open-source enterprise network monitoring up and running at home in no time flat. Recorded • 2021-04-15 Join the BHIS Community Discord: https://discord.gg/bhis 00:00 – FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem! 06:00 – Mental Blocks 10:52 – Solution to Mental Blocks 16:26 – ARP Cache Poisoning 33:26 – Step One: Ubuntu 34:36 – Step Two: RITA/Zeek/Mongo 36:45 – Step Three: Install Bettercap 38:09 – Step Four: Start Bettercap 39:52 – Step Five: Advanced – arp-spoof 45:46 – Success! 47:08 – RITA: Import & Analyze 49:42 – RITA: Beacons 52:35 – What Now? 58:29 – QnA [Post]Show Job Hunting – https://youtu. (00:00) - FEATURE PRESENTATION: No SPAN Port? No Tap? No Problem! (06:00) - Mental Blocks (09:41) - LINK : https://wildwesthackinfest.com/antisyphon//soc-core-skills-john-strand/ (10:49) - Solution to Mental Blocks (16:13) - ARP Cache Poisoning (33:06) - Step One: Ubuntu (34:15) - Step Two: RITA/Zeek/Mongo (36:19) - Step Three: Install Bettercap (37:42) - Step Four: Start Bettercap (39:25) - Step Five: Advanced > arp-spoof (45:16) - Success! (46:38) - RITA: Import & Analyze (49:09) - RITA: Beacons (52:01) - What Now? (57:47) - QnA

Originally Aired on July 19, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-19 02:18 – Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm 13:15 – Story # 2: https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/ 16:00 – Story # 3: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ 34:41 – Story # 4: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html 42:36 – Story # 5: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html 53:13 – [Post]Show Banter™ — Can’t Get Lumber Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,639 other subscribers Email Address Subscribe (00:00) - BHIS | Talkin' Bout News 2021-07-20 (02:18) - Story # 1: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm (13:15) - Story # 2: https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/ (16:00) - Story # 3: https://citizenlab.ca/2021/07/hooking-candiru-another-mercenary-spyware-vendor-comes-into-focus/ (34:41) - Story # 4: https://thehackernews.com/2021/07/turns-out-that-low-risk-ios-wi-fi.html (42:36) - Story # 5: https://thehackernews.com/2021/07/chinas-new-law-requires-researchers-to.html (53:13) - [Post]Show Banter™ — Can't Get Lumber

Originally Aired on July 12, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-12 01:56 – Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ 03:09 – Russia’s R.A.R.E. Program 03:54 – Story # 2: https://www.securityweek.com/solarwinds-confirms-new-zero-day-flaw-under-attack 05:33 – Story # 3: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html 08:44 – Story # 4: https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html 11:53 – Story # 5: https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ 15:31 – Story # 6: https://www.microsoft.com/security/blog/2021/07/12/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work/ 18:42 – Story # 7: https://threatpost.com/lazarus-engineers-malicious-docs/167647/ 29:02 – Story # 8: https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/ 35:21 – Story # 9: https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html 46:19 – Story # 10: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/ 48:16 – Story # 11: https://www.securityweek.com/morgan-stanley-hit-accellion-hack-through-third-party-vendor 49:37 – PDF Doc Details: https://www.doj.nh. (00:00) - BHIS | Talkin' Bout News 2021-07-12 (01:56) - Story # 1: https://www.bleepingcomputer.com/news/security/biden-asks-putin-to-crack-down-on-russian-based-ransomware-gangs/ (03:09) - Russia's R.A.R.E. Program (Fan Graphic) (03:54) - Story # 2: https://www.securityweek.com/solarwinds-confirms-new-zero-day-flaw-under-attack (05:33) - Story # 3: https://thehackernews.com/2021/07/hackers-spread-biopass-malware-via.html (08:44) - Story # 4: https://thehackernews.com/2021/07/magecart-hackers-hide-stolen-credit.html (11:53) - Story # 5: https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ (15:31) - Story # 6: https://www.microsoft.com/security/blog/2021/07/12/microsoft-to-acquire-riskiq-to-strengthen-cybersecurity-of-digital-transformation-and-hybrid-work/ (18:42) - Story # 7: https://threatpost.com/lazarus-engineers-malicious-docs/167647/ (29:02) - Story # 8: https://www.bleepingcomputer.com/news/security/insurance-giant-cna-reports-data-breach-after-ransomware-attack/ (35:21) - Story # 9: https://thehackernews.com/2021/07/critical-flaws-reported-in-philips-vue.html (46:19) - Story # 10: https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/ (48:16) - Story # 11: https://www.securityweek.com/morgan-stanley-hit-accellion-hack-through-third-party-vendor (49:37) - PDF Doc Details: https://www.doj.nh.gov/consumer/security-breaches/documents/morgan-stanley-20210702.pdf

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it all work. Wouldn’t it be nice if you had a playbook of how to set everything up to save time and prevent mistakes? What if we coded this playbook so we could share this with others and modify our tactics when things change? In this Black Hills Information Security (BHIS) webcast, we’re going to do just that. We will take a top-down look at how a phishing engagement is designed. Then we will work through coding this design, so we don’t have to keep building a phish. Lastly, we will touch on how to fly under the radar and how coding TTP’s help save time and guarantee accuracy. Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – FEATURE PRESENTATION: How to Build a Phishing Engagement – Coding TTP’s 01:06 – About Ralph May 01:58 – Disclaimers 03:19 – Overview 03:56 – Phishing is Hard 06:33 – Infrastructure 07:12 – Operational Security 08:39 – Designing a Phish 13:18 – Phishing Emails 15:48 – 1st Tool: EVILGINX2 17:30 – EVILGINX IOC’s 18:20 – 2nd Tool: GoPhish 19:08 – GoPhish IOC’s 20:52 – 3rd Tool: NGINX (00:00) - FEATURE PRESENTATION: How to Build a Phishing Engagement - Coding TTP's (01:02) - About Ralph May (01:51) - Disclaimers (03:06) - Overview (03:43) - Phishing is Hard (06:20) - Infrastructure (06:59) - Operational Security (08:26) - Designing a Phish (13:01) - Phishing Emails (15:29) - 1st Tool: EVILGINX2 (17:10) - EVILGINX IOC's (18:00) - 2nd Tool: GoPhish (18:48) - GoPhish IOC's (20:31) - 3rd Tool: NGINX (21:45) - 4th Tool: Digital Ocean Cloud Provider (22:10) - 5th Tool: Mailgun Email Service (22:52) - 6th Tool: CDN-Azure (23:33) - Coding a Phish – 1st Tool: Ansible (26:09) - 2nd Tool: Terraform (28:36) - 3rd Tool: Docker (30:22) - Combining Ansible and Terraform (32:14) - Ansible Secrets (34:04) - DEMO: Executing a Phishing Engagement (41:57) - What's Next (43:19) - QnA (56:03) - PostShow Banter™ — Ohs and Ahs

Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – 2021-04-01 – PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ 05:29 – You’re So Vanity 08:39 – Let’s Talk About Florida Man 11:27 – Kellon is here – Intro Sec Con Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,588 other subscribers Email Address Subscribe (00:00) - 2021-04-01 - PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ (08:28) - Let's Talk About Florida Man (11:12) - Kellon is here - Intro Sec Con

Originally Aired on July 6, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-06 02:32 – Story # 1 – CISA self-assessment audit tool – https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 – Story # 2 – Insurance rates up 32% – https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 – Story # 3 – 0 Day for Windows OS PrintNightmare – https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 – Story # 4 – Kaseya Indicators of Compromises – https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 – Story # 5 – Dotnet Core for PowerShell – https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 – Story # 6 – Intuit shares data with Equifax – https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 – Alissa Torres’ Shout Outs (see description for links) 52:00 – Story # 7 – The Audacity of Spyware – https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: * https://www.dianainitiative.org/event-schedule/* https://dfrws.org/conferences/dfrws-usa-2021/* https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/* https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/ Check out our Cyber Range, not just a place to work through challenges and play,

Articles discussed in this episode: 00:00 - BHIS | Talkin’ Bout News 2021-07-06 02:32 - Story # 1 - CISA self-assessment audit tool - https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 - Story # 2 - Insurance rates up 32% - https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 - Story # 3 - 0 Day for Windows OS PrintNightmare - https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 - Story # 4 - Kaseya Indicators of Compromises - https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 - Story # 5 - Dotnet Core for PowerShell - https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 - Story # 6 - Intuit shares data with Equifax - https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 - Alissa Torres’ Shout Outs ( see description for links ) 52:00 - Story # 7 - The Audacity of Spyware - https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: https://www.dianainitiative.org/event-schedule/ https://dfrws.org/conferences/dfrws-usa-2021/ https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/ https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/

Originally Aired on June 28, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Way West Recap06:38 – Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/12:58 – Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware19:41 – Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html29:27 – Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/44:27 – Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/45:43 – Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/52:56 – Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/55:38 – Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,555 other subscribers Email Address Subscribe

00:00 - PreShow Banter™ — Way West Recap 06:38 - Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/ 12:58 - Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware 19:41 - Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html 29:27 - Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/ 44:27 - Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/ 45:43 - Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/ 52:56 - Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/ 55:38 - Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/

https://youtu.be/ZXNzG8ilfiw 00:00 - Talkin’ Bout Ransomware 01:26 - Story 1: https://nypost.com/2021/06/06/texas-mom-arrested-after-posing-as-her-13-year-old-daughter-at-middle-school/ 06:26 - Story 2: https://cyberworkx.in/2021/06/07/worlds-first-known-malware-targeting-windows-containers-to-compromise-cloud-environments/ 10:42 - Story 3: https://threatpost.com/revil-spill-details-us-attacks/166669/ 22:27 - Story 4: https://www.eff.org/deeplinks/2021/06/van-buren-victory-against-overbroad-interpretations-cfaa-protects-security 24:43 - Story 5: https://cyberworkx.in/2021/06/05/microsoft-teams-is-getting-better-security-end-to-end-encryption-for-voice-calls-from-july/ 30:33 - Story 6: https://lock.cmpxchg8b.com/passmgrs.html Join the BHIS Community Discord: https://discord.gg/bhis

Originally Aired on June 1, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Fishing Attacks 02:40 – Story 1: https://m1racles.com/ 05:33 – Story 2: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ 11:26 – Story 3: https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps 15:29 – Story 4: https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 23:44 – Story 5: https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ 26:26 – Story 6: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,444 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — Fishing Attacks (02:40) - Story 1 : https://m1racles.com/ (05:33) - Story 2 : https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ (11:26) - Story 3 : https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps (15:29) - Story 4 : https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 (23:44) - Story 5 : https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ (26:26) - Story 7 : https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/

In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast attempts to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365. In order to adequately determine the attack surface, the appropriate coverage areas are highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques are presented in this talk. 36:31 – Webcast officially starts Join us on the BLACK HILLS INFOSEC Discord server for interaction with Beau and your fellow attendees: https://discord.gg/bhis Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,437 other subscribers Email Address Subscribe (00:00) - FEATURE PRESENTATION: Getting Started in Pentesting the Cloud – Azure (02:32) - WHOAMI (03:20) - Talk Roadmap (05:33) - Why Azure? (08:06) - Identifying Attack Surface (12:50) - Recon & External Attacks (19:31) - Password Attacks (21:37) - Password Protection & Smart Lockout (23:05) - Authentication (26:52) - Conditional Access Policies & MFA (34:11) - Post Compromise (36:46) - Command Line Access (37:40) - LINK: CloundPentest Cheatsheets: https://github.com/dafthack/CloudPentestCheatsheets (37:53) - Azure Subscription Hierarchy (41:31) - Resource Specific Issues (41:55) - Serverless Environment Variables (48:59) - Leveraging Scanning Tools (51:11) - Key Takeaways (52:37) - PostShow Banter™ — They Got Questions, Beau

Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | hashtaginfosec Kaitlyn | Kadawi Blake | zer0cool Vee | Po1Zon_P1x13 Ralph | ralphte1 Game Play Master: Jason | BanjoCrashland Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,408 other subscribers Email Address Subscribe

Join Incident Master Ean Meyer as we play another round of Backdoors & Breaches.

There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do. You may be a shop that is looking at commercial offerings, however, you should always look at the free offerings first. Remember, you are not paying for what the commercial product offers, you are paying for what it does versus what the free offerings do not. Join the BHIS Community Discord: https://discord.gg/bhis 0:00:00 – FEATURE PRESENTATION: Your Free & Open EDR Options! 0:02:03 – Why We here? 0:04:46 – EDR? Like that there electronic music? 0:11:48 – Vendors 0:14:21 – MITRE Evaluations 0:19:17 – So, Why EDR? 0:23:05 – Free and Open Source? 0:28:48 – OSSEC 0:31:12 – So, WAZUH 0:38:28 – Velociraptor 0:41:09 – DEMO: Velociraptor 0:48:35 – Vendors and Free/OS 0:49:57 – Elastic (Formerly Endgame) 0:55:09 – OPEN EDR – From Comodo 0:58:41 – Conclusions 1:01:53 – Backdoors & Breaches Virtual Slides for this webcast can be found here: (00:00) - FEATURE PRESENTATION: Your Free & Open EDR Options! (02:03) - Why We here? (04:46) - EDR? Like that there electronic music? (11:48) - Vendors (14:21) - MITRE Evaluations (19:17) - So, Why EDR? (23:05) - Free and Open Source? (28:48) - OSSEC (31:12) - So, WAZUH (38:28) - Velociraptor (41:09) - DEMO: Velociraptor (48:35) - Vendors and Free/OS (49:57) - Elastic (Formerly Endgame) (55:09) - OPEN EDR - From Comodo (58:41) - Conclusions (01:01:53) - Backdoors and Breaches Virtual (01:07:05) - John Pitches BHIS SOC

Originally Aired on May 10, 2021 Articles discussed in this episode: * https://whyy.org/segments/the-greatest-hoax-on-earth/ * https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline * https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/ * https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/ * https://www.macrumors.com/2021/05/10/hacked-airtag-links-to-custom-url-lost-mode/ * https://jalopnik.com/security-researchers-hack-a-tesla-from-a-drone-1846833249 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,362 other subscribers Email Address Subscribe

This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick emergency webcast together to cover some of these new developments and hit on some very real and very easy things to mitigate against some of these attacks. We say “some” because these attacks are evolving. Traditionally, there are two classes of ransomware, but we are seeing a third start to develop which is harder to deal with. But not impossible. Yes, we will be talking about deception and attribution. Yes, we will be talking about beacon analysis. Because they are kind of our things. But, we will also discuss some new open-source technologies. And… something you can just turn on. The point is these attacks are rapidly evolving. The attack on Colonial shows just a glimpse of how bad these attacks are going to get. Also, we are seeing how we cannot view Operation Technology (OT) as a completely different security creature. Everything is interconnected. We need to start treating security more holistically and stop saying things like, “we just want to focus on the OT/SCADA/PCI/HIPAA enclave.” Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/05/SLIDES_LetsTalkAboutRansomware.pdf Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,344 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — John Strand Has Windows Updates (25:39) - FEATURE PRESENTATION: OK, Let’s Talk About Ransomware (01:25:34) - Wrap-up Questions