BrakeSec Education Podcast

Area41 Zurich report Book Club - 4th Tuesday of the month https://www.owasp.org/images/d/d3/TLS_v1.3_Overview_OWASP_Final.pdf https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet TLS_DHE_RSA_AES_256_GCM_SHA256 TLS = Protocol DHE = Diffie-Hellman ephemeral (provides Perfect Forward Secrecy) Perfect Forward Secrecy = session keys won't be compromised, even if server private keys are Past messages and data cannot be retrieved or decrypted (https://en.wikipedia.org/wiki/Forward_secrecy) RSA = Digital Signature (authentication) There are only 2 (RSA, or ECDSA) AES_256_GCM - HMAC (hashed message authentication code) https://www.owasp.org/index.php/TLS_Cipher_String_Cheat_Sheet https://en.wikipedia.org/wiki/HMAC#Definition_.28from_RFC_2104.29 https://en.wikipedia.org/wiki/Funicular https://mozilla.github.io/server-side-tls/ssl-config-generator/?hsts=no Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

https://nostarch.com/packetanalysis3 -- Excellent Book! You must buy it. DetSEC mention ShowMe Con panel and keynote SeaSec East standing room only. Crispin gave a great toalk about running as Standard user Bsides Cleveland - https://www.passwordping.com/surprising-new-password-guidelines-nist/ 1Password version 7.1 integrates with Troy Hunt's "Pwned Passwords" service to check for passwords that suck https://twitter.com/troyhunt/status/1006266985808875521 https://1password.com/sign-up/ https://www.troyhunt.com/have-i-been-pwned-is-now-partnering-with-1password/ 1,300 complaints of GDPR breaches in the first 6 days of enablement: https://iapp.org/news/a/irish-dpc-received-1300-complaints-since-gdpr-implementation-date/ https://www.pcisecuritystandards.org/about_us/leadership

Ms. Berlin's mega tweet on protecting your network https://twitter.com/InfoSystir/status/1000109571598364672 Utica College CYB617 I tweeted "utica university" many pardons Mr. Childress' high school class Laurens, South Carolina Probably spent as much as a daily coffee at Starbucks… makes all the difference. CTF Club, and book club (summer reading series) Patreon SeaSec East Showmecon Area41con bsidescleveland Here are 50 FREE things you can do to improve the security of most environments: Segmentation/Networking: Access control lists are your friend (deny all first) Disable ports that are unused, & setup port security DMZ behind separate firewall Egress Filtering (should be just as strict as Ingress) Geoblocking Segment with Vlans Restrict access to backups Role based servers only! DNS servers/DCs are just that Network device backups Windows: AD delegation of rights Best practice GPO (NIST GPO templates) Disable LLMNR/NetBios EMET (when OSes prior to 10 are present) Get rid of open shares MSBSA WSUS ** run as a standard user ** no 'localadmin' Endpoints: App Whitelisting Block browsing from servers. Not all machines need internet access Change ilo settings/passwords Use Bitlocker/encryption Patch *nix boxes Remove unneeded software Upgrade firmware MFA/Auth: Diff. local admin passwords (LAPS) https://www.microsoft.com/en-us/download/details.aspx?id=46899 Setup centralized logins for network devices. Use TACACS+ or radius Least privileges EVERYWHERE Separation of rights - Domain Admin use should be sparse & audited Logging Monitoring: Force advanced file auditing (ransomware detection) Log successful and unsuccessful logins - Windows/Linux logging cheatsheets Web: Fail2ban For the love of god implement TLS 1.2/3 URLscan Ensure web logins use HTTPS Mod security Other: Block Dns zone transfers Close open mail relays Disable telnet & other insecure protocols or alert on use DNS servers should not be openly recursive Don't forget your printers (saved creds aren't good) Locate and destroy plain text passwords No open wi-fi, use WPA2 + AES Password safes IR: Incident Response drills Incident Response Runbook & Bugout bag Incident Response tabletops Purple Team: Internal & OSINT honeypots User Education exercises MITRE ATT&CK Matrix is your friend Vulnerability Scanner Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

https://darknetdiaries.com/ Jack Rhysider Ok I think these topics should keep us busy for a while. Topics for discussion: Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet? https://www.rapid7.com/db/vulnerabilities/telnet-default-account-admin-password-password http://census2012.sourceforge.net/paper.html In the 90's strong crypto was illegal online. https://en.wikipedia.org/wiki/Data_Encryption_Standard https://en.wikipedia.org/wiki/EFF_DES_cracker The NSA scrapes social media and regular OSINT techniques to figure out how to best attack a network. Manfred made a living hacking MMORPGs for the last 20 years. And he tried to do it as ethically as possible. When a single CA is breached, it breaks the security for the whole internet. Toy companies aren't securing children data What are options when you find a major security flaw in a home router but the vendor refuses to acknowledge it much less fix it? And there's no bug bounty.

Vuln mgmt tools CVE scores suck. Threat modeling is good. Forces you to know your environment https://en.wikipedia.org/wiki/Kanban https://blog.jeremiahgrossman.com/2018/05/all-these-vulnerabilities-rarely-matter.html https://twitter.com/lnxdork/status/998559649271025664 https://www.google.com/search?q=house+centipede&rlz=1C5CHFA_enUS759US759&source=lnms&tbm=isch&sa=X&ved=0ahUKEwiypKyfpZjbAhWJjlkKHd0lASYQ_AUICigB&biw=1920&bih=983 https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html https://www.theregister.co.uk/2018/05/17/nethammer_second_remote_rowhammer_exploit/ Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Converge Detroit Jack Rhysider- Podcaster, DarkNet Diaries https://darknetdiaries.com/ Do hospitals have a free pass when being attacked? #OPJUSTINA https://nakedsecurity.sophos.com/2014/04/28/anonymous-takes-on-boston-childrens-hospital-in-opjustina/ https://www.youtube.com/watch?v=eFVBz_ATAlU - when anonymous attacks your hospital The oldest known vulnerability is still a big problem. Default passwords. Why haven't we fixed this yet? https://www.rapid7.com/db/vulnerabilities/telnet-default-account-admin-password-password http://census2012.sourceforge.net/paper.html Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

GDPR will affect any information system that processes or will process people… like it or not. Derby Tickets CTF and auction Keynote Converge Detroit I'll be at nolacon too Boettcher Recap BDIR #3 https://blog.netwrix.com/2018/05/01/five-reasons-to-ditch-manual-data-classification-methods/ https://blog.networksgroup.com/data-loss-prevention-fundamentals Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Container security Jay Beale @inguardians , @jaybeale Containers What the heck is a container? Linux distribution with a kernel Containers run on top of that, sharing the kernel, but not the filesystem Namespaces Mount Network Hostname PID IPC Users Somebody said we've had containers since before Docker Containers started in 2005, with OpenVZ Docker was 2013, Kubernetes 2014 Image Security CoreOS Clair for vuln scanning images Public repos vs private Don't keep the image running for so long? Don't run as root More Containment stuff Non-privileged containers Remap the users, so root in container isn't root outside Drop root capabilities Seccomp for kernel syscalls AppArmor or SELinux All of above is about Docker, what about Kubernetes Get onto most recent version of K8S - 1.7 and 1.8 brought big security improvements Network policy (egress firewalls) RBAC (define what users and service accounts can do what) Use namespaces per tenant and think hard about multi-tenancy Use the CIS guides for lockdown of K8S and the host Kube-bench Difference between containers and sandboxing Roll your own - Containers Using public registries - leave you vulnerable Use your own private repos for deploying containers Reduce attack surface Reduce user access Automation will allow more security to get baked in. https://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html https://blog.blackducksoftware.com/8-takeaways-nist-application-container-security-guide https://www.vagrantup.com/downloads.html https://www.vmware.com/products/thinapp.html https://www.meetup.com/SEASec-East/events/249983387/ S3 buckets / Azure Blobs https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Report from Bsides Nash - Ms. Berlin New Job Keynote at Bsides Springfield, MO Mr. Boettcher talks about Sigma Malware infection. http://www.securitybsides.com/w/page/116970567/BSidesSpfd **new website upcoming** Registration is coming and will be updated on next show (hopefully) DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf VERIS framework http://veriscommunity.net/ 53,000 incidents 2,216 breaches?! 73% breaches were by outsiders 28% involved internal actors (but needs outside help?) Not teaching "don't click the link", but instead teach, "I have no curiosity" Discuss "Dir. Infosec" Slack story as method to halt infection https://www.tripwire.com/state-of-security/security-awareness/women-information-security-amanda-berlin/ The "Living off the Land" trend continues with attack groups opting for tried-and-trusted means to infiltrate target organizations. Spear phishing is the number one infection vector employed by 71 percent of organized groups in 2017. The use of zero days continues to fall out of favor. Off boarding people… so much process to get people on, but it's just not mature getting people out... Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this week... We discuss SIEM logging, and tuning... How do SIEM deal with disparate log file types? What logs should be the first to be gathered? Is a SIEM even required, or is just a central log repo enough? Which departments benefit the most from logging? (IT, IR, Compliance?) Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec