Talkin' Bout [Infosec] News

ORIGINALLY AIRED ON JANUARY 20, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/20/malwarebytes_solarwinds_hack_latest/* https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/* https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,982 other subscribers Email Address Subscribe

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 00:00 – The Soundboard Has Too Many Buttons 04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses 05:36 – Attacker / Threat Actor Emulation 09:41 – That Matrix 10:34 – Endpoint Defense Maturity 13:25 – C2 Implant Execution 19:41 – Metasploit: Why Is My Network Traffic Caught? 23:09 – C2 – Customize and LOL 41:13 – The More You Know… 44:11 – Recon/Discovery Artifacts 46:15 – Amusement with AMSI 47:33 – Simple! 48:10 – AMSI Bypass 50:27 – Event Tracing Bypass 51:34 – Attack Combo! 52:24 – Conclusion (00:00) - The Soundboard Has Too Many Buttons (04:10) - FEATURE PRESENTATION: Malware Execution in the Agge of Advanced Defenses (05:36) - Attacker / Threat Actor Emulation (09:41) - That Matrix (10:34) - Endpoint Defense Maturity (13:25) - C2 Implant Execution (19:41) - Metasploit: Why Is My Network Traffic Caught? (23:09) - C2 - Customize and LOL (41:13) - The More You Know... (44:11) - Recon/Discovery Artifacts (46:15) - Amusement with AMSI (47:33) - Simple! (48:10) - AMSI Bypass (50:27) - Event Tracing Bypass (51:34) - Attack Combo! (52:24) - Conclusion

Originally aired on January 13, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/13/darkmarket_europol_shutdown/* https://www.theregister.com/2021/01/12/microsoft_linux_edr/* https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/* https://threatpost.com/hackers-leak-pfizer-covid-19-vaccine-data/163008/* https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,975 other subscribers Email Address Subscribe

Does the news on SUNBURST and SUPERNOVA have you feeling like you’re flapping in the (Solar)Wind? Join John Strand, Jonathan Ham, and Jake Williams as they discuss the implications of the breaches in this no-FUD webcast. No, we won’t be discussing “cyber Pearl Harbor” – because lets be honest, that’s just hyperbole. Join us to learn why this is bad, but also why we assess that the sky isn’t falling. Join these three amigos to discuss breach details and actionable steps you can take in your own networks. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,956 other subscribers Email Address Subscribe

Originally aired on December 21, 2020 Articles discussed in this episode: * https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ * https://theintercept.com/2020/12/17/russia-hack-austin-texas/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,925 other subscribers Email Address Subscribe

Originally aired on December 14, 2020 Articles discussed in this episode: * https://www.theverge.com/2020/12/14/22173803/gmail-youtube-google-assistant-docs-down-outage* https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html* https://krebsonsecurity.com/2020/12/u-s-treasury-commerce-depts-hacked-through-solarwinds-compromise/* https://www.darkreading.com/threat-intelligence/fireeye-breach-fallout-yet-to-be-felt/d/d-id/1339680* https://www.solarwinds.com/solutions/orion Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,921 other subscribers Email Address Subscribe

Originally aired on December 11, 2020 Articles discussed in this episode: * https://www.nobandwidth.io/* https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html* https://www.picussecurity.com/resource/blog/techniques-tactics-procedures-utilized-by-fireeye-red-team-tools* https://blog.netspi.com/cve-2020-17049-kerberos-bronze-bit-attack/* https://www.bleepingcomputer.com/news/security/microsoft-fixes-new-windows-kerberos-security-bug-in-staged-rollout/* https://capricocave.wordpress.com/2020/12/10/docker-botnets/* https://www.trustedsec.com/blog/4-free-easy-wins-that-make-red-teams-harder/* https://arstechnica.com/tech-policy/2020/12/florida-posted-the-password-to-a-key-disaster-system-on-its-website/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,902 other subscribers Email Address Subscribe

Are you responsible for the security of webapps? Are you curious about how penetration testers are able to find vulnerabilities in them? Burp Suite is the preferred tool for many webapp pentesters and bug bounty hunters. It’s easy to get started in Burp, but not all of its features are easy to find or simple to configure. If you’ve ever watched someone else use Burp, you’ve no doubt picked up something useful from them: everyone seems to have their own tricks for getting more out of it. In this live one-hour Black Hills Information Security (BHIS) webcast, BB King will walk through how he sets up Burp for his own webapp and Web API pentests. Then he’ll show the settings, tools, and BApp Store Extensions that help him perform better tests. If you have any responsibility related to webapps – even if it’s not pentesting them – you may find that Burp Suite can help you. If you already use Burp Suite, come see how one of our testers does it and we bet you’ll find a thing or two you can take back and use on your next security assessment. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Special Guests: The Innocent Lives Foundation 0:29:12 – FEATURE PRESENTATION: Getting Started With Burp Suite 0:32:33 – Initial Setup After install 0:45:25 – A Quick Run-Through Burp Suite 1:22:08 – We Has Questions? Outline for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/12/SLIDES_GettingStartedWithBurpSuiteOutline.pdf Show Notes: * BHIS SWAG STORE! https://spearphish-general-store.myshopify.com/* https://wildwesthackinfest.com/training/ * https://github.com/snoopysecurity/awesome-burp-extensions* https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/* https://bitbucket.org/mrbbking/quieter-firefox/src* https://portswigger.net/ * (00:00) - PreShow Banter™ — Special Guests: The Innocent Lives Foundation (29:12) - FEATURE PRESENTATION: Getting Started With Burb Suite (32:33) - Initial Setup After install (45:25) - A Quick Run-Through Burp Suite (01:22:08) - We Has Questions?

Have you ever tried packaging a Python library/app in order to upload it to the Python Package repository (Pypi)? Not so straight forward is it? There’s a gazillion files you need (setup.py, Manifiest.ini, etc..) which all do different things. On top of that, there’s a decent amount of overhead to configure the necessary settings in order to expose any command line interface (CLI) tools your packaging. Additionally, you also need to manage dependencies, keep them in sync with your requirements.txt files and install third-party applications in order to upload them to Pypi. That’s after you even manage to setup a proper development environment and necessary virtual environments for your dependencies. Ever wonder if there’s a simpler solution that takes care of everything for you? In this Black Hills Information Security (BHIS) webcast, Marcello will show you how to make the entire Python development & packaging process as short and simple as a Haiku (https://python-poetry.org/). He’ll also show you the setup/workflow that he uses for all of his Python projects and throw in some pro tips along the way. Missed the first episode? Check out Pretty Little Python Secrets—EP 1—Installing Python Tools/ Libraries the Right Way- Marcello Salvati — https://youtu.be/ieyRV9zQd2U Join the Black Hills Information Security Discord Community — https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ — Everybody Leaves West Virginia 0:12:15 – FEATURE PRESENTATION: Making Python Packaging Haiku Simple 0:16:56 – Why and How to Package Python? 0:23:26 – What Are All These Files? 0:31:28 – How to Upload the Dang Thing 0:37:01 – Setup a Development Environment? 0:42:44 – Pipenv! 0:46:52 – Pipenb Solves, but Also Creates Problems 0:49:21 – Poetry Corner 0:58:11 – Cookiecutter Automation (00:00) - PreShow Banter™ — Everybody Leaves West Virginia (12:15) - FEATURE PRESENTATION: Making Python Packaging Haiku Simple (16:56) - Why and How to Package Python? (23:26) - What Are All These Files? (31:28) - How to Upload the Dang Thing (37:01) - Setup a Development Environment? (42:44) - Pipenv! (46:52) - Pipenb Solves, but Also Creates Problems (49:21) - Poetry Corner (58:11) - Cookiecutter Automation (01:01:53) - Questions! (01:08:00) - Porchetta

Originally aired on November 30, 2020 Articles discussed in this episode: * https://www.computerweekly.com/news/252491324/Surge-in-Ryuk-ransomware-attacks-has-hospitals-on-alert* https://www.baltimoresun.com/maryland/baltimore-county/bs-md-co-what-to-know-schools-ransomware-attack-20201130-2j3ws6yffzcrrkfzzf3m43zxma-story.html* https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,879 other subscribers Email Address Subscribe (00:00) - An Intro That Flaps (01:19) - Surge in Ryuk ransomware (03:57) - Baltimore County schools ransomware attack (11:36) - Fuzzy Wuzzy Javascript