Talkin' Bout [Infosec] News

In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast attempts to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365. In order to adequately determine the attack surface, the appropriate coverage areas are highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques are presented in this talk. 36:31 – Webcast officially starts Join us on the BLACK HILLS INFOSEC Discord server for interaction with Beau and your fellow attendees: https://discord.gg/bhis Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,437 other subscribers Email Address Subscribe (00:00) - FEATURE PRESENTATION: Getting Started in Pentesting the Cloud – Azure (02:32) - WHOAMI (03:20) - Talk Roadmap (05:33) - Why Azure? (08:06) - Identifying Attack Surface (12:50) - Recon & External Attacks (19:31) - Password Attacks (21:37) - Password Protection & Smart Lockout (23:05) - Authentication (26:52) - Conditional Access Policies & MFA (34:11) - Post Compromise (36:46) - Command Line Access (37:40) - LINK: CloundPentest Cheatsheets: https://github.com/dafthack/CloudPentestCheatsheets (37:53) - Azure Subscription Hierarchy (41:31) - Resource Specific Issues (41:55) - Serverless Environment Variables (48:59) - Leveraging Scanning Tools (51:11) - Key Takeaways (52:37) - PostShow Banter™ — They Got Questions, Beau

Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | hashtaginfosec Kaitlyn | Kadawi Blake | zer0cool Vee | Po1Zon_P1x13 Ralph | ralphte1 Game Play Master: Jason | BanjoCrashland Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,408 other subscribers Email Address Subscribe

Join Incident Master Ean Meyer as we play another round of Backdoors & Breaches.

There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do. You may be a shop that is looking at commercial offerings, however, you should always look at the free offerings first. Remember, you are not paying for what the commercial product offers, you are paying for what it does versus what the free offerings do not. Join the BHIS Community Discord: https://discord.gg/bhis 0:00:00 – FEATURE PRESENTATION: Your Free & Open EDR Options! 0:02:03 – Why We here? 0:04:46 – EDR? Like that there electronic music? 0:11:48 – Vendors 0:14:21 – MITRE Evaluations 0:19:17 – So, Why EDR? 0:23:05 – Free and Open Source? 0:28:48 – OSSEC 0:31:12 – So, WAZUH 0:38:28 – Velociraptor 0:41:09 – DEMO: Velociraptor 0:48:35 – Vendors and Free/OS 0:49:57 – Elastic (Formerly Endgame) 0:55:09 – OPEN EDR – From Comodo 0:58:41 – Conclusions 1:01:53 – Backdoors & Breaches Virtual Slides for this webcast can be found here: (00:00) - FEATURE PRESENTATION: Your Free & Open EDR Options! (02:03) - Why We here? (04:46) - EDR? Like that there electronic music? (11:48) - Vendors (14:21) - MITRE Evaluations (19:17) - So, Why EDR? (23:05) - Free and Open Source? (28:48) - OSSEC (31:12) - So, WAZUH (38:28) - Velociraptor (41:09) - DEMO: Velociraptor (48:35) - Vendors and Free/OS (49:57) - Elastic (Formerly Endgame) (55:09) - OPEN EDR - From Comodo (58:41) - Conclusions (01:01:53) - Backdoors and Breaches Virtual (01:07:05) - John Pitches BHIS SOC

Originally Aired on May 10, 2021 Articles discussed in this episode: * https://whyy.org/segments/the-greatest-hoax-on-earth/ * https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline * https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/ * https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/ * https://www.macrumors.com/2021/05/10/hacked-airtag-links-to-custom-url-lost-mode/ * https://jalopnik.com/security-researchers-hack-a-tesla-from-a-drone-1846833249 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,362 other subscribers Email Address Subscribe

This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick emergency webcast together to cover some of these new developments and hit on some very real and very easy things to mitigate against some of these attacks. We say “some” because these attacks are evolving. Traditionally, there are two classes of ransomware, but we are seeing a third start to develop which is harder to deal with. But not impossible. Yes, we will be talking about deception and attribution. Yes, we will be talking about beacon analysis. Because they are kind of our things. But, we will also discuss some new open-source technologies. And… something you can just turn on. The point is these attacks are rapidly evolving. The attack on Colonial shows just a glimpse of how bad these attacks are going to get. Also, we are seeing how we cannot view Operation Technology (OT) as a completely different security creature. Everything is interconnected. We need to start treating security more holistically and stop saying things like, “we just want to focus on the OT/SCADA/PCI/HIPAA enclave.” Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/05/SLIDES_LetsTalkAboutRansomware.pdf Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,344 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — John Strand Has Windows Updates (25:39) - FEATURE PRESENTATION: OK, Let’s Talk About Ransomware (01:25:34) - Wrap-up Questions

Originally Aired on May 5, 2021 Articles discussed in this episode: * https://thehackernews.com/images/-V6c2_ZHgMzI/YJFAaQl5RjI/AAAAAAAAA_8/wNs6d4zWc1MHLJ5VPaSpzHvXkFIIcwfZQCLcBGAsYHQ/s0/reset-passsword.jpg * https://threatpost.com/dell-kernel-privilege-bugs/165843/ * https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/ * https://signal.org/blog/the-instagram-ads-you-will-never-see/ * https://nakedsecurity.sophos.com/2021/05/04/apple-products-hit-by-fourfecta-of-zero-day-exploits-patch-now/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,321 other subscribers Email Address Subscribe

Originally Aired on May 3, 2021 Articles discussed in this episode: * https://threatpost.com/deepfake-attacks-surge-experts-warn/165798/ * https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/* https://www.reddit.com/r/netsec/comments/n36x7h/arbitrary_code_execution_in_exiftool/* https://krebsonsecurity.com/2021/04/experians-credit-freeze-security-is-still-a-joke/* https://github.com/alievk/avatarify-python * https://media.ccc.de/v/29c3-5327-en-writing_a_thumbdrive_from_scratch_h264 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,306 other subscribers Email Address Subscribe

Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Jason Blanchard | BanjoCrashland Defenders: Matt Thomas | slegna Richard Phung | p3hndrx Maril Vernon | SheWhoHacks Kaitlyn Wimberley | kadawi Blake Regan | zer0cool Ralph May | ralphte1 John Strand | strandjs Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,295 other subscribers Email Address Subscribe

Originally Aired on April 26, 2021 Articles discussed in this episode: * https://usdaynews.com/celebrities/celebrity-death/dan-kaminsky-death-cause/* https://signal.org/blog/cellebrite-vulnerabilities/* https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/* https://youtu.be/G0gOAvpGoJg Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,281 other subscribers Email Address Subscribe