Talkin' Bout [Infosec] News

Originally Aired on May 5, 2021 Articles discussed in this episode: * https://thehackernews.com/images/-V6c2_ZHgMzI/YJFAaQl5RjI/AAAAAAAAA_8/wNs6d4zWc1MHLJ5VPaSpzHvXkFIIcwfZQCLcBGAsYHQ/s0/reset-passsword.jpg * https://threatpost.com/dell-kernel-privilege-bugs/165843/ * https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/ * https://signal.org/blog/the-instagram-ads-you-will-never-see/ * https://nakedsecurity.sophos.com/2021/05/04/apple-products-hit-by-fourfecta-of-zero-day-exploits-patch-now/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,321 other subscribers Email Address Subscribe

Originally Aired on May 3, 2021 Articles discussed in this episode: * https://threatpost.com/deepfake-attacks-surge-experts-warn/165798/ * https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/* https://www.reddit.com/r/netsec/comments/n36x7h/arbitrary_code_execution_in_exiftool/* https://krebsonsecurity.com/2021/04/experians-credit-freeze-security-is-still-a-joke/* https://github.com/alievk/avatarify-python * https://media.ccc.de/v/29c3-5327-en-writing_a_thumbdrive_from_scratch_h264 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,306 other subscribers Email Address Subscribe

Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Jason Blanchard | BanjoCrashland Defenders: Matt Thomas | slegna Richard Phung | p3hndrx Maril Vernon | SheWhoHacks Kaitlyn Wimberley | kadawi Blake Regan | zer0cool Ralph May | ralphte1 John Strand | strandjs Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,295 other subscribers Email Address Subscribe

Originally Aired on April 26, 2021 Articles discussed in this episode: * https://usdaynews.com/celebrities/celebrity-death/dan-kaminsky-death-cause/* https://signal.org/blog/cellebrite-vulnerabilities/* https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/* https://youtu.be/G0gOAvpGoJg Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,281 other subscribers Email Address Subscribe

Originally Aired on April 19, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack* https://apnews.com/article/russia-safe-harbor-ransomeware-hacking-c9dab7eb3841be45dff2d93ed3102999* https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/* https://www.theverge.com/2021/4/18/22390379/federal-investigators-breach-software-codecov-solarwinds* https://threatpost.com/google-project-zero-cuts-bug-disclosure-timeline-to-a-30-day-grace-period/165432/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,264 other subscribers Email Address Subscribe

Originally Aired on April 12, 2021 Articles discussed in this episode: * https://threatpost.com/azure-functions-privilege-escalation/165307/* https://www.theverge.com/2021/4/8/22374464/linkedin-data-leak-500-million-accounts-scraped-microsoft* https://news.linkedin.com/2021/april/an-update-from-linkedin* https://www.bbc.com/news/world-middle-east-56708778* https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,241 other subscribers Email Address Subscribe

Originally Aired on April 7, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/phishing/array-of-recent-phishing-schemes-use-personalized-job-lures-voice-manipulation/* https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report* https://www.securityweek.com/white-hats-earn-440000-hacking-microsoft-products-first-day-pwn2own-2021* https://www.infosecurity-magazine.com/news/consulting-firm-data-breach/* https://github.com/Neo23x0/Raccine* https://github.com/ralphte/build_a_phish* https://support.microsoft.com/en-us/windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3* https://www.infosecurity-magazine.com/news/florida-school-district-40m-ransom/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,208 other subscribers Email Address Subscribe

Originally Aired on April 5, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/* https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/* https://threatpost.com/call-of-duty-cheats-gamers-malware/165209/* https://outflank.nl/services/outflank-security-tooling/* https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html* https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,198 other subscribers Email Address Subscribe

Originally Aired on March 29, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-nonprofit-hears-from-the-police/* https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html* https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html* https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,178 other subscribers Email Address Subscribe

Originally Aired on March 24, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/3/22/22345792/microsoft-discord-acquisition-report-10-billion* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://grahamcluley.com/police-raid-apartment-alleged-verkada-hacker/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,176 other subscribers Email Address Subscribe

During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and every network service probed leaves some trace that the red team was there. Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further attacks. In this Black Hills Information Security (BHIS) webcast, Michael will discuss common sources of data leakage during remote red team exercises and steps red teamers can take to eliminate or disguise the leakage outright, or to compartmentalize their actions and keep the blue team from connecting the dots. He’ll also discuss how red teamers can see the attack from the defender’s point of view so that these concepts can be applied to new tools and technologies in the future. Join the BHIS Community Discord: https://discord.gg/bhis​ 0:00:00​ – PreShow Banter™ — It’s Not Delivery, Its Frozen 0:09:36​ – PreShow Banter™ — One Rural to Rule Them All 0:11:51​ – PreShow Banter™ — Proudly Sucking at Charity 0:13:08​ – PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund 0:20:39​ – PreShow Banter™ — Meth Lab For Computers 0:25:41​ – FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams 0:27:00​ – WHOAMI 0:30:42​ – Why OPSEC is Important For Red Teams 0:34:01​ – Possible Countermeasures 0:36:37​ – Other Red Team Threats 0:38:06​ – Assessing Red Team Actions (00:00) - PreShow Banter™ — It's Not Delivery, Its Frozen (09:36) - PreShow Banter™ — One Rural to Rule Them All (11:51) - PreShow Banter™ — Proudly Sucking at Charity (13:08) - PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund (20:39) - PreShow Banter™ — Meth Lab For Computies (25:41) - FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams (26:59) - WHOAMI (30:42) - Why OPSEC is Important For Red Teams (34:01) - Possible Countermeasures (36:37) - Other Red Team Threats (38:06) - Assessing Red Team Actions (39:26) - Building OPSEC Standard Procedures (40:42) - Local Workstation Setup (45:01) - OS Modifications (49:44) - TOOL Configurations (56:35) - Source IP Addresses (01:01:36) - Fail-Safe VPN (01:02:57) - Other Third-Party Services (01:10:05) - Network Services (01:15:19) - Testing New Tools (01:21:42) - Got Questions (01:27:03) - PostShow Banter™ — Access Granted

Originally Aired on March 22, 2021 Articles discussed in this episode: * https://threatpost.com/google-spectre-poc-exploit-chrome/164787/* https://threatpost.com/office-365-phishing-attack-financial-execs/164925/* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/* https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,168 other subscribers Email Address Subscribe (00:00) - Intro (01:00) - Critics fume after Github removes exploit code for Exchange vulnerabilities (17:44) - Google Releases Spectre PoC Exploit For Chrome (28:40) - “Expert” hackers used 11 0-days to infect Windows, iOS, and Android users

Originally Aired on March 17, 2021 Articles discussed in this episode: * https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams* https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-014.pdf* https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://twitter.com/PythonResponder/status/1372023079719817218?s=20 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,163 other subscribers Email Address Subscribe

The Livestream of our first Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version of the game was a success! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. 11:05​ – Backdoors & Breaches Session Begins! Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,144 other subscribers Email Address Subscribe

It is another year for the Sacred Cash Cow Tipping Webcast. For those of you who are new to our email list within the past year, this is a webcast where we cover the various tools and techniques that Black Hills Information Security (BHIS) uses to bypass endpoint security protections. The point of this webcast is not so much to teach people how to bypass these products, but rather to show that they can be bypassed. Hopefully, this leads to some conversations about defense-in-depth and how many vendors exaggerate their capabilities. We also discuss how simply writing signatures for specific strains of malware is a waste of time. Well, I mean, it has its place. But it is not something that should be the primary cornerstone of your security support structure. There is a lot to unpack in this webcast, one of the main things to unpack is why we are still doing it. We are still doing this because it is still necessary. We still have vendors and CISOs perpetuating the myth that a security product can protect you from all attacks. This is an oversimplification, and it needs to be exterminated like a termite or a cockroach. In past years we have had vendors threaten to sue… and some cooler vendors send us beer. Hopefully, this year ends in beer. Join the BHIS Community Discord: https://discord.gg/bhis​ 0:00:00​ – PreShow Banter™ — We Love You 3000 0:02:56​ – PreShow Banter™ — SolarWinds Forever 0:07:26​ – PreShow Banter™ — Watching Bitcoins Being Mined 0:08:53​ – PreShow Banter™ — TeacherCoin™ 0:11:12​ – PreShow Banter™ — Babies’ Toys For Your Hands 0:15:45​ – FEATURE PRESENTATION: Sacred Cash Cow Tipping 2021 0:21:28​ – Ralph May: Due Diligence 0:25:42​ – Ralph May: ScareCrow 0:32:56​ – Ralph May: RDP 0:35:51​ – Marcello: Sentinel One (00:00) - PreShow Banter™ — We Love You 3000 (02:56) - PreShow Banter™ — SolarWinds Forever (07:26) - PreShow Banter™ — Watching Bitcoins Being Mined (08:53) - PreShow Banter™ — TeacherCoin™ (11:12) - PreShow Banter™ — Babies' Toys For Your Hands (14:06) - PreShow Banter™ — This is Huge (15:45) - FEATURE PRESENTATION: Sacred Cash Cow Tipping 2021 (21:28) - Ralph May: Due Dilligence (25:42) - Ralph May: ScareCrow (32:55) - Ralph May: RDP (35:50) - Marcello: Sentinel One (44:52) - Jordan Drysdale: Windows Subsystem for Linux (53:31) - Rob (mubix) Fuller: Initial Access (01:05:15) - Rob (mubix) Fuller: Post Exploitation (01:10:58) - Joff Thyer: Strip PowerShell Script Comments (01:17:49) - Joff Thyer: Build a .NET Assembly to Execute Shellcode (01:20:57) - Joff Thyer: Load/Run DLL/Assembly in PowerShell (01:23:27) - PostShow Banter™

Originally Aired on March 8, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,118 other subscribers Email Address Subscribe

Originally Aired on March 3, 2021 Articles discussed in this episode: * https://www.msn.com/en-us/money/other/microsoft-these-exchange-server-zero-day-flaws-are-being-used-by-hackers-so-update-now/ar-BB1ec0In Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,093 other subscribers Email Address Subscribe

Originally Aired on March 1, 2021 Articles discussed in this episode: * https://threatpost.com/yeezy-sneaker-bots-boost-sun/164312/* https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/* https://www.wired.com/story/gab-hack-data-breach-ddosecrets/* https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files* https://github.com/cyberark/blobhunter Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,084 other subscribers Email Address Subscribe

Originally Aired on February 24, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/government-and-defense/fireeye-and-microsoft-execs-senators-dissect-mandatory-breach-disclosure-in-wake-of-solarwinds/* https://www.wired.com/story/russia-gru-hackers-us-grid/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,080 other subscribers Email Address Subscribe

Originally Aired on February 22, 2021 Articles discussed in this episode: * https://www.reuters.com/article/us-northkorea-cybercrime-pfizer-idUKKBN2AG0NI* https://threatpost.com/silver-sparrow-malware-30k-macs/164121/* https://www.securityweek.com/chinese-hackers-cloned-equation-group-exploit-years-shadow-brokers-leak Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,071 other subscribers Email Address Subscribe

Originally Aired on February 17, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/everyones-half-asleep-and-bosses-dont-want-trouble-the-struggle-to-secure-utilities/* https://attack.mitre.org/matrices/enterprise/* https://www.scmagazine.com/home/security-news/network-security/siem-rules-ignore-bulk-of-mitre-attck-framework-placing-risk-burden-on-users/* https://www.securityweek.com/cybercriminals-leak-files-allegedly-stolen-law-firm-jones-day Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,063 other subscribers Email Address Subscribe

Originally Aired on February 8, 2021 Articles discussed in this episode: * https://threatpost.com/500-malicious-chrome-extensions-millions/152918/* https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/* https://threatpost.com/industrial-networks-hackable-security-holes/163708/* https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-poisoning-sheriff-says-idUSKBN2A82FV* https://twitter.com/SkelSec/status/1346553596855390212 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,027 other subscribers Email Address Subscribe

Originally Aired on February 1, 2021 Articles discussed in this episode: * https://threatpost.com/microsoft-365-bec-innovation/163508/* https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/* https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way?&web_view=true Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,008 other subscribers Email Address Subscribe

ORIGINALLY AIRED ON JANUARY 25, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,989 other subscribers Email Address Subscribe

ORIGINALLY AIRED ON JANUARY 20, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/20/malwarebytes_solarwinds_hack_latest/* https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/* https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,982 other subscribers Email Address Subscribe

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 00:00 – The Soundboard Has Too Many Buttons 04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses 05:36 – Attacker / Threat Actor Emulation 09:41 – That Matrix 10:34 – Endpoint Defense Maturity 13:25 – C2 Implant Execution 19:41 – Metasploit: Why Is My Network Traffic Caught? 23:09 – C2 – Customize and LOL 41:13 – The More You Know… 44:11 – Recon/Discovery Artifacts 46:15 – Amusement with AMSI 47:33 – Simple! 48:10 – AMSI Bypass 50:27 – Event Tracing Bypass 51:34 – Attack Combo! 52:24 – Conclusion (00:00) - The Soundboard Has Too Many Buttons (04:10) - FEATURE PRESENTATION: Malware Execution in the Agge of Advanced Defenses (05:36) - Attacker / Threat Actor Emulation (09:41) - That Matrix (10:34) - Endpoint Defense Maturity (13:25) - C2 Implant Execution (19:41) - Metasploit: Why Is My Network Traffic Caught? (23:09) - C2 - Customize and LOL (41:13) - The More You Know... (44:11) - Recon/Discovery Artifacts (46:15) - Amusement with AMSI (47:33) - Simple! (48:10) - AMSI Bypass (50:27) - Event Tracing Bypass (51:34) - Attack Combo! (52:24) - Conclusion

Originally aired on January 13, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/13/darkmarket_europol_shutdown/* https://www.theregister.com/2021/01/12/microsoft_linux_edr/* https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/* https://threatpost.com/hackers-leak-pfizer-covid-19-vaccine-data/163008/* https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,975 other subscribers Email Address Subscribe

Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to learn why this is bad, but also why we assess that the sky isn’t falling. Join these three amigos to discuss breach details and actionable steps you can take in your own networks. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,956 other subscribers Email Address Subscribe

Originally aired on December 21, 2020 Articles discussed in this episode: * https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ * https://theintercept.com/2020/12/17/russia-hack-austin-texas/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,925 other subscribers Email Address Subscribe

Originally aired on December 14, 2020 Articles discussed in this episode: * https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage* https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html* https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/* https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680* https://www.solarwinds.com/solutions/orion Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,921 other subscribers Email Address Subscribe

Originally aired on December 11, 2020 Articles discussed in this episode: * https://www.nobandwidth.io/* https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html* https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools* https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/* https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/* https://capricocave.wordpress.com/2020/12/10/docker-botnets/* https://www.trustedsec.com/blog/4-free-easy-wins-that-make-red-teams-harder/* https://arstechnica.com/tech-policy/2020/12/florida-posted-the-password-to-a-key-disaster-system-on-its-website/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,902 other subscribers Email Address Subscribe

Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple to configure. If you’ve ever watched someone else use Burp, you’ve no doubt picked up something useful from them: everyone seems to have their own tricks for getting more out of it. In this live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp for his own webapp and Web API pentests. Then he’ll show the settings, tools, and BApp Store Extensions that help him perform better tests. If you have any responsibility related to webapps – even if it’s not pentesting them – you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you’ll find a thing or two you can take back and use on your next security assessment. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Special Guests: The Innocent Lives Foundation 0:29:12 – FEATURE PRESENTATION: Getting Started With Burp Suite 0:32:33 – Initial Setup After install 0:45:25 – A Quick Run-Through Burp Suite 1:22:08 – We Has Questions? Outline for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/12/SLIDES_GettingStartedWithBurpSuiteOutline.pdf Show Notes: * BHIS SWAG STORE! https://spearphish-general-store.myshopify.com/* https://wildwesthackinfest.com/training/ * https://github.com/snoopysecurity/awesome-burp-extensions* https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/* https://bitbucket.org/mrbbking/quieter-firefox/src* https://portswigger.net/ * (00:00) - PreShow Banter™ — Special Guests: The Innocent Lives Foundation (29:12) - FEATURE PRESENTATION: Getting Started With Burb Suite (32:33) - Initial Setup After install (45:25) - A Quick Run-Through Burp Suite (01:22:08) - We Has Questions?

Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in order to expose any command line interface (CLI) tools your packaging. Additionally, you also need to manage dependencies, keep them in sync with your requirements.txt files and install third-party applications in order to upload them to Pypi. That’s after you even manage to setup a proper development environment and necessary virtual environments for your dependencies. Ever wonder if there’s a simpler solution that takes care of everything for you? In this Black Hills Information Security (BHIS) webcast, Marcello will show you how to make the entire Python development & packaging process as short and simple as a Haiku (https://python-poetry.org/). He’ll also show you the setup/workflow that he uses for all of his Python projects and throw in some pro tips along the way. Missed the first episode? Check out Pretty Little Python Secrets—EP 1—Installing Python Tools/ Libraries the Right Way- Marcello Salvati — https://youtu.be/ieyRV9zQd2U Join the Black Hills Information Security Discord Community — https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Everybody Leaves West Virginia 0:12:15 – FEATURE PRESENTATION: Making Python Packaging Haiku Simple 0:16:56 – Why and How to Package Python? 0:23:26 – What Are All These Files? 0:31:28 – How to Upload the Dang Thing 0:37:01 – Setup a Development Environment? 0:42:44 – Pipenv! 0:46:52 – Pipenb Solves, but Also Creates Problems 0:49:21 – Poetry Corner 0:58:11 – Cookiecutter Automation (00:00) - PreShow Banter™ — Everybody Leaves West Virginia (12:15) - FEATURE PRESENTATION: Making Python Packaging Haiku Simple (16:56) - Why and How to Package Python? (23:26) - What Are All These Files? (31:28) - How to Upload the Dang Thing (37:01) - Setup a Development Environment? (42:44) - Pipenv! (46:52) - Pipenb Solves, but Also Creates Problems (49:21) - Poetry Corner (58:11) - Cookiecutter Automation (01:01:53) - Questions! (01:08:00) - Porchetta

Originally aired on November 30, 2020 Articles discussed in this episode: * https://www.computerweekly.com/news/252491324/Surge-in-Ryuk-ransomware-attacks-has-hospitals-on-alert* https://www.baltimoresun.com/maryland/baltimore-county/bs-md-co-what-to-know-schools-ransomware-attack-20201130-2j3ws6yffzcrrkfzzf3m43zxma-story.html* https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,879 other subscribers Email Address Subscribe (00:00) - An Intro That Flaps (01:19) - Surge in Ryuk ransomware (03:57) - Baltimore County schools ransomware attack (11:36) - Fuzzy Wuzzy Javascript

Originally aired on November 19, 2020 Articles discussed in this episode: * https://duo.com/blog/the-great-dns-vulnerability-of-2008-by-dan-kaminsky* https://blog.cloudflare.com/sad-dns-explained Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,880 other subscribers Email Address Subscribe

Originally aired on November 11, 2020 Articles discussed in this episode: * https://www.darkreading.com/attacks-breaches/malware-hidden-in-encrypted-traffic-surges-amid-pandemic/d/d-id/1339420* https://threatpost.com/millions-hotel-guests-worldwide-data-leak/161044/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,837 other subscribers Email Address Subscribe

Originally aired on 11/09/2020 Articles discussed in this episode: * https://www.darkreading.com/threat-intelligence/6-ways-passwords-fail-basic-security-tests/d/d-id/1339299* https://www.infosecurity-magazine.com/news/national-guard-uvm-health-network/* https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,843 other subscribers Email Address Subscribe

Originally aired on October 26, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,845 other subscribers Email Address Subscribe

Originally aired on October 21, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,828 other subscribers Email Address Subscribe

Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through a AI powered single pane of glass. Security has been and will continue to be, hard. This webcast will help people who are getting started be more successful and hopefully happier in their jobs. I mean, we can’t make people happy. But, being good at one’s job is a good step in that direction. The rest is on you. We also cover some techniques that can be used to help stop SOC burnout. Because that is a real thing….. It is a real thing that many SOC analysts go through. When they do, they often entertain dreams of getting out of security and buying a food truck. Let’s help stop that. The world does not need another mediocre falafel truck powered by the crushed hopes and dreams of another infosec burnout. Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_TheSOCAge.pdf Join the BHIS Discord Community — https://discord.gg/aHHh3u5 “Pay What You Can” SOC Core Skills 16-Hour Training Course: https://wildwesthackinfest.com/online-training/soc-core-skills-john-strand/ 0:00:00 – PreShow Banter™ – A Weird Flex 0:12:24 – FEATURE PRESENTATION: SOC Analyst Key Skills 0:16:53 – Server Analysis 0:20:13 – There’s A Guide For That 0:26:54 – Memory Forensics 0:34:16 – Egress Traffic Analysis 0:43:39 – Logs Are Better Than Bad, They’re a Train Wreck 0:48:40 – “False Positives”

They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be your guide into the unknown. We ALL can benefit from being mentored and being a mentor. In this live Black Hills Information Security (BHIS) webcast, we’ll discuss:– How to know if you need a mentor– How to find a mentor– How to be a mentor– How to be a mentee– How to ask someone to be a mentor– Multiple mentors– Difference between mentors, friends, tutors, career counselors, etc.– What to discuss during a mentoring session– How to make the best use of everyone’s time– When to end a mentoring relationship Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_InfoSecMentoring_HowtoFindandBe.pdf Join Our BHIS Discord Community – https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ – We’re There, Trust Us 0:07:33 – PreShow Banter™ – Trace Labs CTF 0:24:47 – FEATURE PRESENTATION: InfoSec Mentoring 0:28:23 – Mentors, the Fresh Maker™ 0:30:27 – How To Find a Cult Leader, I Mean Mentor. 0:34:37 – B-Sides Orlando DEMO 0:42:17 – How To Be a Mentor 0:56:12 – How to Be A Mentee 1:03:42 – Your Moment of Self-Doubt 1:05:34 – Will You Be My Mentor? 1:11:56 – Reach Out 1:14:41 – Multiple Mentors 1:16:36 ... (00:00) - PreShow Banter™ – We're There, Trust Us (06:46) - PreShow Banter™ – Trace Labs CTF (23:21) - FEATURE PRESENTATION: Info Sec Mentoring (26:54) - Mentors, the Fresh Maker™ (28:55) - How To Find a Cult Leader, I Mean Mentor. (32:59) - B-Sides Orlando DEMO (40:29) - How To Be a Mentor (53:56) - How to Be A Mentee (01:01:17) - Your Moment of Self-Doubt (01:03:06) - Will You Be My Mentor? (01:09:22) - Reach Out (01:11:57) - Multiple Mentors (01:13:50) - Mentors, Friends, & Counselors (01:16:14) - You Discuss Me (01:17:28) - Time is Valuable (01:17:46) - This is the End (01:19:24) - End of Show Banter

Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for Purple Teaming in the information security community, they have invited Roberto Rodriguez & Nate Guagenti (HELK Project, Mordor) and Marcello Salvati (CrackMapExec, SILENTTRINITY) to discuss the collision of OSS Hunting and Adversarial Emulation platforms, with additional commentary from John Strand. The group will discuss Roberto Rodriguez (@Cyb3rWard0g) and Nate Guagenti’s (@neu5ron) development and maintenance of the HELK project while focusing on the ongoing development of Mordor, Datasets, and Azure Resource Manager templates. Joining the world-class hunters is Marcello Salvati (Byt3bl33d3r), developer of CrackMapExec and SILENTTRINITY to continue the discussion of OSS adversarial simulation. John Strand will add commentary on the history of adversarial simulation, hunting, and where the industry may be headed. Webcast Hosts: * Jordan Drysdale @rev10d * Kent Ickler @krelkci Special Guests: * Roberto Rodriguez @cyb3rward0g * Nate Guagenti @neu5ron * Marcello Salvatti @byt3bl33d3r * John Strand @strandjs Join the BHIS Community Discord https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WhenWorldsCollide.pdf 00:00:00 – PreShow Banter™ — We’ve Lost Control 00:10:47 – FEATURE PRESENTATION: When Worlds Collide 00:14:26 – Threat Intelligence Sharing 00:25:57 – Won’t Stop Can’t Stop 00:32:06 – A Tired Community 00:38:54 – Re-Investing Open Source Projects (00:00) - PreShow Banter™ — We've Lost Control (09:40) - FEATURE PRESENTATION: When Worlds Collide (13:13) - Threat Intelligence Sharing (24:03) - Won't Stop Can't Stop (29:38) - A Tired Community (35:59) - Re-Investing Open Source Projects (42:08) - Open Threat Research (47:18) - Understand Adversary Tradecraft (49:04) - Mordor Labs (01:05:43) - Mordor Datasets (01:08:17) - HELK (01:14:14) - Threat Hunter Playbook (01:30:42) - PostShow Banter

John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how to effectively deal with chafing, don’t drink the water, choosing the right shoes, presenting to management, seriously, chafing is a problem, chickens, getting over impostor syndrome, becoming a PowerPoint ninja, every piece of presenting advice you have ever heard is wrong, using your podium as a weapon, shutting down trolls and tips for presenting in the dark, with no heat/AC and very little water… to over 100 people, and keeping them all happy. BHIS Discord Community https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowToPresent.pdf 00:00:00 – PreShow Banter™ — War Stories 00:12:33 – PreShow Banter™ — WWHF 09-2020 Preview 00:15:52 – FEATURE PRESENTATION: How To Present 00:26:25 – Lessons! 00:43:42 – Don’t Drink the Water 00:46:34 – Imposter 00:59:02 – Keynote Presentations 01:07:30 – Projections 01:17:32 – The Boss Level 01:20:15 – Conversations That Matter 01:26:54 – End of Show Questions

Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing a Python tool with apt-get and another with pip? (00:00) - PreShow Banter™ – Jokes Not Safe For Work (11:31) - PreShow Banter™ – SponsorWare for GitHub (20:13) - Feature Presentation: Pretty Little Python Secrets (25:19) - 1st Circle of Hell: Managing Python Versions (30:58) - 2nd Circle of Hell: Python Dependencies (33:25) - Installing Python Tools/Libraries (39:18) - Isolate, Isolate, Isolate (46:29) - Pipx – The Easy Button (51:15) - Making Python Apps Semi-Portable (53:09) - ZipApps! (01:03:32) - Shiv! (01:11:26) - If all else fails.. Docker ! (01:17:12) - Conclusion

CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, over the years. Topics Covered: * Selecting the type of test * Selecting the company to test * When to test * Issues around conducting a test This webcast is for penetration testers and offensive security professionals to see behind-the-scenes of how scoping, Rules of Engagement, and client relations are established. For the defenders and Blue Team professionals, this webcast will help you understand what to expect when deciding if and when you want to test the defenses you’ve put in place. What to Expect When You Are Expecting…a Penetration Test by Larry Pesce and Suzanne Pereira: https://youtu.be/aJatJZI__V4 Join the Black Hills Information Security Discord Community: https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/08/SLIDES_WhatToExpect.pdf 00:00 – PreShow Banter™ – Look What I Can Do! 05:17 – And Now For The Expected Presentation 15:21 – What Kind of Test is Right for Me 27:04 – How Big Will It Get? 36:34 – How Much Will it Cost? 45:25 – What Are the Risks? 50:55 – The Big Day 54:00 – Post-Testum Depression 1:00:40 – May I Have Another? 1:05:12 –... (00:00) - PreShow Banter™ – Look What I Can Do! (05:17) - And Now For The Expected Presentation (15:22) - What Kind of Test is Right for Me (27:05) - How Big Will It Get? (36:36) - How Much Will it Cost? (45:28) - What Are the Risks? (50:58) - The Big Day (54:03) - Post-Testum Depression (01:00:44) - May I Have Another? (01:05:16) - Post-Show Rapid Fire Questions

Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble Red vs Blue dichotomy. MORE IMPORTANTLY: The team is announcing a recipe for Purple Team Wins: The Atomic Purple Team (Lifecycle) Framework Organizations struggling to efficiently leverage the skillsets of all information security staff will benefit from considering the Atomic Purple Team Lifecycle Framework’s business-driven workflow. The workflow takes its roots from tested continuous improvement frameworks like ISO9001, ISO27001, Six Sigma, and the like. Watch how a methodical balance of risk analysis, attack, hunt and defend methodologies, and business considerations can effectively and continually improve an organizations’ security posture. As an added bonus, the framework incorporates concepts of Human Capital Management and knowledge-flow methodologies to encourage tacit knowledge exchange to further organic growth of the skillsets of all those involved in the Atomic Purple Team framework. But wait, there’s more! Budget headaches? Learn how the Atomic Purple Team framework’s methodical flow also aligns to natural business operations management and reporting. The framework provides a clear path to cabinet-approved Purple Team budget appropriations to ensure long term security posture improvement. Lastly, Jordan and Kent will demonstrate the Atomic Purple Team Lifecycle in action by running complete live Attack and Hunt/Defend lifecycle(s), all the way to risk management and budgetary thoughts. Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 Need slides and much more — https://github.com/DefensiveOrigins/A… 0:00 – Family Stories 1:07 – Atomic Purple Team Framework (00:00) - Family Stories (01:07) - Atomic Purple Team Framework (03:28) - Executive Problem Statement (04:41) - Red Team, Blue Team, Purple Team (07:18) - Who / What is APT? (09:22) - Atomic Purple Team Lifecycle (18:18) - 1. Threat / Risk Assessment (Ingest) Types (19:59) - 2. Planning — What are the Tools (20:50) - 3. Attack / Execute / Engage (21:37) - 4. Hunt and Defend (22:01) - 5. Adjust & Harden (23:14) - 6. Reporting and Request for Deployment (27:07) - Lifecycles Start in Development (28:15) - Lifecycles End in Production (28:43) - APT Lab INfrastructure (29:48) - Off-Roading: Lab Demo (33:21) - Lifecycle Walkthrough — Goal Setting (34:50) - Purple Team Lifecycle Walkthrough (44:02) - Hunt and Defend Methodology (45:02) - Adjusting to Threat (47:21) - APTLC Playbook (48:49) - The Report (53:15) - Lessons Learned

This is a joint webcast between Black Hills Information Security and the Wild West Hackin’ Fest conference. We hate ransomware. Like a lot. This is because we feel this is the future of cyber attacks. If you look at the recent cases and the newish versions that involve extortion, there is nothing to like. Well, almost nothing. In this webcast, we cover what you can do to prepare (trust us, we have a newish twist on this) and what you can do to mitigate the damage. We also talk about working with brokers. There will be lots of memes to help this topic go down better. Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 0:00 – Half-Witty Theme Music 0:53 – Welcome to the New Ransomware 9:44 – User Training 15:14 – ATT&CK Matrix 17:07 – We Should Be Emulating 21:36 – Open Source Tools 24:33 – (did we lose john?) 33:52 – Threat Emulation Warning 35:52 – Commercial Offerings 40:01 – PlumHound 45:33 – Don’t Focus On One Product 48:08 – Paying a Ransom? 49:26 – Key Takeaways 52:16 – Got Questions? (00:00) - Half-Witty Theme Music (00:53) - Welcome to the New Ransomeware (09:44) - User Training (15:14) - ATT&CK Matrix (17:07) - We Should Be Emulating (21:36) - Open Source Tools (24:33) - (did we loose john?) (33:52) - Threat Emulation Warning (35:52) - Commercial Offerings (40:01) - PlumHound (45:33) - Don't Focus On One Product (48:08) - Paying a Ransom? (49:26) - Key Takeaways (52:16) - Got Questions? (59:41) - SPONSOR BONUS: PlexTrac (01:15:30) - (did we loose john again?) (01:29:21) - Strings & Memory

So much information about testing webapps for security problems is old. Don’t get me wrong, the old stuff still works way more often than we’d like, but there’s more to webapp vulnerabilities than cross-site scripting and SQL injection. Take JWTs – JSON Web Tokens – for example. These are base64 encoded tokens that sometimes get written to your browser’s localStorage or sessionStorage and passed around in cookies or HTTP headers. They’re pretty common in authentication and authorization logic for web APIs. Because they’re encoded, they look like gibberish and it’s easy to skip over them during a test. For the same reason, they’re more complicated to attack. First, you have to notice them. Then you have to decode them. Then you need to interpret the decoded data inside them. THEN, you have to decide what to attack! Once you’ve done that, you still have to create your payload, make valid JSON out of it and rebuild the JWT before you can send it. It’s kind of a lot. In this Black Hills Information Security webcast – an excerpt from his upcoming 16-hour Modern Webapp Pentesting course – BB King talks about what JSON Web Tokens are, why they’re so controversial, and how to test for their major weaknesses. Then, using OWSAP’s Juice Shop as a target, he shows you a straightforward method for exploiting them that you can use on your own next webapp pentest. Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 0:00 – Good Morning! 1:50 – What Are JSON Web Tokens? 4:43 – Base64 Vs Base64 URL Encoding 7:58 – The Construction of a JSON Token 10:07 – Use Cases 13:03 – RFCs of Interest 13:26 – Encoded, Not Encrypted 19:58 – The Red Slide 20:39 – OWASP Top Ten Issues (00:00) - Good Morning! (01:47) - What Are JSON Web Tokens? (04:36) - Base64 Vs Base64 URL Encoding (07:46) - The Construction of a JSON Token (09:50) - Use Cases (12:38) - RFCs of Interest (13:00) - Encoded, Not Encrypted (19:10) - The Red Slide (19:50) - OWASP Top Ten Issues (20:10) - Signature Al Gore Rhythms (24:30) - Stanced On Privacy (25:48) - Stanced On Security (27:45) - Craking (29:04) - Where To Practice (33:27) - Decoding the Payload – (Visual DEMO) (42:52) - Snooping ( Stealing Poorly-Protected Secrets ) (48:27) - For Further Study

Joff Thyer has dove into everything that is IPv6 and has so much to share about it. He gets really technical but in a way you’ll be able to understand. Google reports that over 30% of their systems access comes via the IPv6 protocol coming into 2020. Many Internet Service Providers have no remaining choice but to deploy IPv6 for simple lack of v4 address resources. The global Internet can already be thought of as balkanized into a split IPv4/IPv6 world based on historical v4 allocation. There will soon come a time whereby accessing IPv4 deployed resources will be considered legacy. Join Joff and the BHIS team to discuss security principles surrounding an Internet facing IPv6 deployment. Learn about fundamentals, known security issues, and appropriate infrastructure defenses which must be implemented. Enjoy a spirited discussion on how the v4 life support mechanisms of classless interdomain routing and network address translation are not required in a v6 world. It’s past time for IPv6 to become the norm. Fear not as we can do this! Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 0:00 – Inaudible, But Good Looking Banter 0:18 – Here We Are Now. Educate Us 0:56 – IPv4 And After 5:45 – What’s the Address For IPv6? 7:40 – What About IPv5? 8:31 – IPv6 Allocation 9:27 – IPv6 Packets 10:28 – IPv6 Address Types 13:26 – IPv6 Address Typecasting 14:55 – IPv6 Address Assignment 16:21 – IPv6 Multiple Interface Addresses 18:25 – IPv6 EUI-64 (00:01) - Inaudible, But Good Looking Banter (00:06) - PenTest Puppy Mill (Commercial) (00:37) - Here We Are Now. Educate Us (01:14) - IPv4 And After (05:42) - What’s the Address For IPv6? (07:32) - What About IPv5? (08:20) - IPv6 Allocation (09:16) - IPv6 Packets (10:16) - IPv6 Address Typecasting (13:09) - IPv6 Address Assignment (14:35) - IPv6 Multiple Interface Addresses (15:59) - IPv6 EUI-64 (18:00) - ICMPv6 (23:27) - ICMPv6 Neighbor Discovery (27:07) - Securing the v6 (27:58) - IPv6 Address Filtering (30:07) - ICMPv6 Perimeter Filtering (31:21) - ICMPv6 Transit Traffic (32:42) - ICMPv6 Non-Transit (35:29) - IPv6 Multicast Filtering (37:47) - IPv6 Protocol Normalization (38:45) - IPv6 Extension Headers (39:30) - IPv6 Enforcing EH Rules (40:27) - IPv6 Header Normalization (41:57) - IPv6 Protocol Normalization Reprise (43:22) - Address Privacy / Obscuity (45:58) - RFC4941 Privacy Extensions (46:34) - Endpoint Route Table (47:50) - Summary Recomdendations (49:35) - To Be Continued...

Join us in the Black Hills InfoSec Discord server to keep the security conversation going!https://discord.gg/bhisReach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services:https://www.blackhillsinfosec.comIn this Black Hills Information Security webcast John breakdowns why he hates threat intelligence... Again...But, he breaks down some of the cool new projects that are focusing on durable threat intelligence. This is key, because many intel feeds are nothing more than domains, hashes and IP addresses. However, with durable threat intel we see attack techniques that are highly effective, yet are not as easy to block. For example, application allow listing abuse, connection profiles (RITA!), PowerShell encoding are all examples of detects you can use that are not specific to a point in time attack methodology.John also shares some very cool open source projects that are approaching attacks in this way using ELK.Slides for this webcast can be found here:https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_Durable_Ephemeral_Threat_Intel_Strand.pdf (00:00) - Intro (00:47) - Threat Intel: A Useless Rant (07:20) - Pyramid of Pain (10:37) - You Got Another String Coming (14:34) - Conversation With a Pompous John (18:42) - Hacking Ain't Easy (21:51) - ATT&CK Bingo™ (24:02) - Emulation for Iteration (27:00) - Some Open Source Tools (31:28) - Threat Emulation Warning (32:03) - Commercial Tools (36:03) - MITRE Scorecard (44:47) - A Bit of Perspective (47:00) - DeTT&CT (47:46) - Sigma (51:24) - Atomic Threat Coverage (53:58) - PlumHound (54:35) - RITA (55:46) - Honeypots (57:16) - Question Time (01:06:04) - Breaking Down the Gates