7MS #427: Interview with Ameesh Divatia from Baffle

7MS #427: Interview with Ameesh Divatia from Baffle

Today we're thrilled to welcome Ameesh Divatia from Baffle back to the program. We first met Ameesh back in episode 349 and today he's back to discuss a slew of additional hot security topics, including:

Misconfigured cloud databases

  • Why is this such a common issue, and how can we address it?
  • Wait wait wait...I just spun up a machine in Azure, AWS, Digital Ocean, etc. Isn't it secure because....it's the cloud?
  • What tools can we use to better secure our cloud databases?
  • How can we secure sensitive information as we migrate it from LAN side to the cloud?

CCPA (California Consumer Privacy Act)

  • What is the CCPA? How does it relate to GDPR?
  • If I'm a Californian, what can I demand to know from companies as far as how they're using my data? What can't I demand to know?
  • Will CCPA inspire folks to scrub their data from the hands of big companies and go more "off the grid?"
  • Does CCPA only apply to California residents and companies?

Secure data sharing

  • What are the current challenges with secure data sharing in terms of monitoring the flow of data within their systems and their partners’ systems, while addressing privacy concerns?

  • What are some of the common mistakes companies make when sharing sensitive data internally or with partners/clients?

  • What is Secure Multiparty Compute (SMPC) and how can it help with secure data sharing?

Episoder(687)

7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5

7MS #495: Desperately Seeking a Super SIEM for SMBs - Part 5

Today we continue our SIEM/SOC evaluation series with a closer look at one particular managed solution and how it fared (very well) against a very hostile environment: the Light Pentest LITE pentesting course! Spoiler alert: this solution was able to detect: RDP from public IPs Password spraying Kerberoasting Mimikatz Recon net commands Hash dumping Hits on a "honey domain admin" account Users with non-expiring passwords Hits on the SSH/FTP/HTTP honeypot

17 Nov 202139min

7MS #494: Interview with Josh Burnham of Liquid Web

7MS #494: Interview with Josh Burnham of Liquid Web

10 Nov 202145min

7MS #493: 7MOIST - Part 2

7MS #493: 7MOIST - Part 2

Hey, remember back in episode #357 where we introduced 7MOIST (7 Minutes of IT and Security Tips)? Yeah, me neither :-). Anyway, we're back with the second edition of 7MOIST and have some cool pentesting and general IT tips that will hopefully make your life a little awesome-r: Stuck on a pentest because EDR keeps gobbling your payloads? SharpCradle might just save the day! CrackMapExec continues to learn new awesome tricks - including a module called slinky that plants hash-grabbing files on shares you have write access to! Browsing 17 folders deep in Windows Explorer and wish you could just pop a cmd.exe from right there? You can! Just click into the path where you're browsing, type cmd.exe, hit Enter and BOOM! Welcome to a prompt right at that folder!

4 Nov 20217min

7MS #492: Tales of Pentest Pwnage - Part 29

7MS #492: Tales of Pentest Pwnage - Part 29

Hello friends! We're long overdue for a tale of pentest pwnage, and this one is a humdinger! It's actually kind of three tales in one, focusing on pentesting wins using: Manual "open heart surgery" on the root of the Active Directory domain The new totally rad DHCP poisoning module of Responder An opportunity to abuse GPOs with SharpGPOAbuse (P.S. we talked about this tool about a year ago in episode 441)

28 Okt 202156min

7MS #491: Interview with Louis Evans of Arctic Wolf

7MS #491: Interview with Louis Evans of Arctic Wolf

Today we're joined by Louis Evans of Arctic Wolf to talk about all things cyber insurance, including: History on cyber insurance - who's buying it, what it does and doesn't cover, and when it started to be something you didn't want to leave home without What are insurance companies asking/demanding of customers before writing a cyber insurance policy? What basic things organizations can do to reduce malware/ransomware incidents (whether they are considering a cyber insurance policy or not)? How do I evaluate the various insurance carriers out there and pick a good one?

20 Okt 202152min

7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4

7MS #490: Desperately Seeking a Super SIEM for SMBs - Part 4

Hey friends! Today we're going to recap the SIEM/SOC players we've evaluated so far (Arctic Wolf, Elastic, Sumo Logic, Milton Security) and then talk about a new contender that was brought to our attention: Blumira (not a sponsor, but I'm really digging what I'm seeing/hearing/experiencing thus far)!

13 Okt 202142min

7MS #489: Ping Castle

7MS #489: Ping Castle

Today we're talking about Ping Castle (not a sponsor), an awesome tool for enumerating tons of info out of your Active Directory environment and identifying weaknesses, misconfigurations and paths to escalation! It's wonderful for both red and blue teamers. Some of Ping Castle's cool features include being able find: Kerberoastable and ASREPRoastable users Plain text passwords lingering in Group Policy Objects Users with never-expiring passwords Non-supported versions of Windows Machines configured with unconstrained delegation Attack and escalation paths to Domain Admins

6 Okt 202158min

7MS #488: How to Succeed in Business Without Really Crying - Part 10

7MS #488: How to Succeed in Business Without Really Crying - Part 10

Today we continue our series focused on building a security consultancy and talk about: A phishing campaign that went off the rails, and lessons learned from it First impressions of an awesome tool to help add MFA to your Active Directory (not a sponsor) A tangent story about how my wife brought some thieves to justice!

29 Sep 202143min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
popradet
det-store-bildet
nokon-ma-ga
fotballpodden-2
dine-penger-pengeradet
bt-dokumentar-2
hva-star-du-for
aftenbla-bla
unitedno
e24-podden
rss-ness
rss-penger-polser-og-politikk
rss-borsmorgen-okonominyhetene
rss-dannet-uten-piano
oppdatert