7MS #9: Information Security for the Whole Family (audio)

WE'RE HOME! After almost a year after our fire, we're back, baby! This episode is somewhat of a homecoming that dovetails into an episode about ioT security. I've basically done a 180 degree spin on ioT stuff. I now love the coolness and convenience of these things while simultaneously being terrified of the security risks. Is there a happy balance somewhere between the two? Maybe. Today we dive into ioT security, specifically: Setting up a ioT dedicated wireless network Quarantining it so it can only talk to the Internet Poking holes in the firewall to allow ioT DNS requests to be captured Scanning your ioT for services and potential default/weak cred use

1 Loka 202034min

Hi! Today our pal Joe "The Machine" Skeen (a.k.a. Gh0sthax has prepared some cyber-licious actionable news stories for us to chew on. Today's stories include: Cybersecurity skills gap (powered by lack of career development!) Which cyber jobs are hot - or not? Mysterious wave of DDoS attacks The Magecart threat group pwns thousands of ecommerce sites On a parting note, don't forget to patch your DCs against Zerologon! Here's a great Twitter thread breakdown that explains it in more detail

23 Syys 202047min

Yay! It's time for another tale of pentest pwnage! Highlights include: Making sure you take multiple rounds of "dumps" to get all the delicious local admin creds. Why lsassy is my new best friend. I gave a try to using a Ubuntu box instead of Kali as my attacking system for this test. I had pretty good results. Here's my script to quickly give Ubuntu a Kali-like flair: sudo apt-get update sudo apt-get upgrade -y sudo apt-get install openssh-server -y sudo apt-get install nmap curl dnsrecon git net-tools open-vm-tools-desktop python3.8 python3-pip unzip wget xsltproc -y #Aha helps take output from testssl.sh and make it nice and HTML-y sudo git clone https://github.com/theZiz/aha.git /opt/aha #Awesome-nmap-grep makes it easy to grep nmap exports for just the data you need! sudo git clone https://github.com/leonjza/awesome-nmap-grep.git /opt/awesome-nmap-grep #bpatty is...well...bpatty! sudo git clone https://github.com/braimee/bpatty.git /opt/bpatty #CrackMapExec is...awesome sudo mkdir /opt/cme cd /opt/cme sudo curl https://github.com/byt3bl33d3r/CrackMapExec/releases/download/v5.1.0dev/cme-ubuntu-latest.1.zip -L -o cme.zip sudo unzip cme.zip sudo chmod +x ./cme #eyewitness is a nice recon tool for putting some great visualization behind nmap scans sudo git clone https://github.com/FortyNorthSecurity/EyeWitness.git /opt/eyewitness cd /opt/eyewitness/Python/setup sudo ./setup.sh #impacket is "a collection of Python classes for working with network protocols" #I currently primarily use it for ntlmrelayx.py sudo git clone https://github.com/CoreSecurity/impacket.git /opt/impacket cd /opt/impacket sudo pip3 install . #mitm6 is a way to tinker with ip6 and get around some ip4-level protections sudo git clone https://github.com/fox-it/mitm6.git /opt/mitm6 cd /opt/mitm6 sudo pip3 install -r requirements.txt # install service-identity sudo pip3 install service-identity # lsassy sudo python3 -m pip install lsassy #nmap-bootstrap-xsl turns nmap scan output into pretty HTML sudo git clone https://github.com/honze-net/nmap-bootstrap-xsl.git /opt/nmap-bootstrap-xsl #netcreds "Sniffs sensitive data from interface or pcap" sudo git clone https://github.com/DanMcInerney/net-creds /opt/netcreds #PCCredz parses pcaps for sensitive data sudo git clone https://github.com/lgandx/PCredz /opt/pcredz #Powersploit is "a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment" sudo git clone https://github.com/PowerShellMafia/PowerSploit.git /opt/powersploit #PowerupSQL is a tool for discovering, enumerating and potentially pwning SQL servers! sudo git clone https://github.com/NetSPI/PowerUpSQL.git /opt/powerupsql #responder is awesome for LLMNR, NBT-NS and MDNS poisoning sudo git clone https://github.com/lgandx/Responder.git /opt/responder

16 Syys 202044min

Today we're talking business! We've got some exciting news and updates to share with you since we last did a "crying" episode last fall: 7MS hired a VP of sales and marketing: Clyde Cooper! We've added some new tools to our tools/services gist: Having a true sales force for the first time has prompted us to invest in Salesforce. There are a few gotchas with signing up for a Salesforce trial and then migrating to a paid plan (discussed more in today's episode) We're trying to "eat our own dog food" and part of that includes good inventory management. For that we've started to play with Rumble and reaaaaaaaaaaalllly like it Recording an "about us" video with a production company is exciting, stressful and awkward Today I met the guy who wins the Internet (or at least LinkedIn) - he sent me a personalized video with an idea I'm definitely going to steal for future marketing initiatives For really no reason at all, I sing for you a bit in this episode On that note, I absolutely love this song. I feel like it's my family's theme song for the last year.

9 Syys 202049min

Today we're thrilled to have our friend and PlexTrac CEO Dan DeCloss back to the program! (P.S. PlexTrac is launching runbooks as a feature - and you should definitely check out PlexTrac's upcoming Webinar about runbooks on September 9!). We also did a PlexTrac 101 Webinar with them recently! You may remember Dan from such podcasts as this one when we first talked to him in 2019. Dan and I have a lot in common in that we both started security companies about the same time, so I had a lot of questions for Dan around how business has been going since we last talked on the podcast. Today our topics/questions include: What are the (good) warning signs that a passion project you have could be a viable business? Why "having all the jobs there has ever been" is a great way to figure out it's time to start your own business :-) At what point does a side project have to become what you do for your day job? How do you safely prepare to quit a comfortable corporate life to life as a small biz owner? Do you go 100% on faith? Do you save your $ for a year so you can "float" your business for a while? Some combination of the two? How important is it to have the support of your friends/family when starting a new biz? Once you start a biz what are the best/worst things about wearing all the hats (engineering, sales, marketing, accounting, HR, etc.)? When is it time to hire additional resources or raise additional money to support your growing business? What marketing efforts are fruitful for a new security biz to spend time/money on? How do you decide what bells/whistles to add to PlexTrac? Follow your own roadmap? Let the customers drive your direction? Some combo of both? What new bells and whistles are coming to PlexTrac in the Webinar on September 9?! (Spoiler alert: RUNBOOKS!)

2 Syys 202056min

Hola! We're back again with our amigo Joe "The Machine" Skeen (a.k.a. Gh0sthax) who has prepared some awesome and actionable news stories for us to digest. Today's stories include: The Twitter hack that promised free Bitcoin for everybody - with good coverage by Krebs and Threatpost Garmin's personal and painful experience with ransomware Joe offers 7 tips any org can use to reduce their likelihood of getting pwned with an attack or ransomware Are we ready to endure a cyber crisis? Would you fall for this social engineering attack?

26 Elo 202041min

Welcome to another fun tale of internal pentest pwnage! Today's tale includes these helpful informational tidbits: My understanding is that in order for mitm6 relay attacks to work against DCs, those DCs have to have LDAPS config'd properly. Use nmap -sV -p646 name.of.domain.controller to verify this (thanks this site for the tip!) PowerView is awesome when used with Find-InterestingDomainShareFile to find interesting files with the word password or sensitive or other helpful strings. eavesarp helped me identify some weird hosts on weird subnets sending regular bursts of traffic to "interesting" hosts! Check out this video from Black Hills Infosec to learn more. I've also got some personal updates for you, including: House updates Fighting with the man/woman upstairs My worst Webinar nightmare came true A socially distanced wedding singing experience

19 Elo 202053min

Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discuss a slew of additional hot security topics, including: Misconfigured cloud databases Why is this such a common issue, and how can we address it? Wait wait wait...I just spun up a machine in Azure, AWS, Digital Ocean, etc. Isn't it secure because....it's the cloud? What tools can we use to better secure our cloud databases? How can we secure sensitive information as we migrate it from LAN side to the cloud? CCPA (California Consumer Privacy Act) What is the CCPA? How does it relate to GDPR? If I'm a Californian, what can I demand to know from companies as far as how they're using my data? What can't I demand to know? Will CCPA inspire folks to scrub their data from the hands of big companies and go more "off the grid?" Does CCPA only apply to California residents and companies? Secure data sharing What are the current challenges with secure data sharing in terms of monitoring the flow of data within their systems and their partners’ systems, while addressing privacy concerns? What are some of the common mistakes companies make when sharing sensitive data internally or with partners/clients? What is Secure Multiparty Compute (SMPC) and how can it help with secure data sharing?

12 Elo 202042min