7MS #344: Announcing the 7MS User Group
I'd like to coordially invite you to the first-ever 7MS User Group meeting, coming up Monday, January 14th at 6 p.m.! You can attend physically, virtually or both! All the info you need is in today's podcast, as well as here. See you there!
9 Jan 201911min
7MS #343: Interview with Dan DeCloss
Psssst! Wanna come to the first ever 7MS User Group meeting? It's coming up on January 14th. You can join in person or virtually! Head here for more information! Dan DeCloss (a.k.a. wh33lhouse on Slack and @PlexTracFTW aon Twitter) joined me virtually in the studio to talk about his passion project, PlexTrac. Dan also shared his insight on all sorts of great topics, including: How to bleed "purple" and get comfortable playing on both the attacking and defending side of the house What areas are we failing in defending our networks - and what kind of things can we do make our networks more resilient?! What's the biggest challenge you see on both the blue and red team side (spoiler alert: communication is super important!)? How do you break into a cyber security position that requires X years of experience when you have zero experience (Dan offers a great tip: don't be intimidated by requirements on job postings...they're often excessive/unreasonable) Ways to show security aptitude on your resume without necessarily having a bunch of experience: Build a home lab Create a blog Bug bounties Make a podcast Get certs (or at least get enrolled in them) Some history on PlexTrac and what inspired Dan to create it
2 Jan 20191h
7MS #342: Interview with Matt McCullough
Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard work, aggressive networking and taking advantage of educational and career opportunities, Matt now rocks a SOC job. Matt and I sat down to talk about a lot of good stuff: How to start an IT career as "the family IT guy" Leveraging a higher education (at places like Lake Superior College to meet people of influence and start networking like a beast Entry level sysadmin and helpdesk jobs are fun - great opportunities to make the most of the position, build your skills and stretch yourself outside your comfort zone MSPs (Managed Service Providers) are another great way to see different clients/verticals/systems and the various requirements that go into supporting them. From there, look for opportunities to start securing those organizations, as many MSPs don't dabble heavily into the security realm. If you're going to school for cybersecurity training, look for ways to leverage your status to get discounts on security training, such as with SANS Competitions like CCDC are awesome. You're given a handful of servers that are full of vulnerabilities, and you essentially are tasked with defending a network against a professional group of pentesters/redteamers. You even have to deal with real-life "injections" (other random emergencies and mock customers to deal with) while you're in the thick of the battle! Join local cyber clubs (or start your own)! Looking for a fun CTF to get started in a group setting? Try hacking the OWASP Juice Shop Attend security conferences(or start your own)! ...more notes at 7MS.us!
27 Des 20181h 45min
7MS #341: How to Fix Unquoted Service Paths
Today's episode is brought to you by my friends at safepass.me. Safepass.me is the most efficient and cost-effective solution to prevent Active Directory users from setting a weak or compromised password. It's in compliance with the latest NIST password guidelines, and is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! In today's episode we talk about how to identify - and resolve - unquoted service paths. Maybe you've seen this pop up in your vulnerability scanner and aren't quite sure what the risk is or how to fix it - and maybe more importantly, how to fix it at scale if need be. That's the technical conundrum I faced this week, so I talk about some resources to help you identify this risk and get it out of your environment! And here's a gist I wrote that walks you through everything step by step:
19 Des 201816min
7MS #340: Forensics 101 Reloaded and The CryptoLocker Music Video
Last week I had the fun privilege of speaking twice at the Minnesota Goverment IT Symposium on the following topics: Forensics 101: This was a "reloaded" talk that I started earlier this year (and covered in episode 299 and 300). At a high level, the talk covered: Hunting malware with Sysinternals Creating system images with FTKImager Dumping memory with Volatility and ripping icky stuff out of memory images with their 1-2-3 punch article Seeking out DNS tunneling/exfil using Security Onion Pecha Kucha: this talk, which is in a 20x20 format is part PSA about how to not click bad links, part cautionary tale (and music video!) about how the promise of a free burrito can ruin your business! Check out the video here, and special thanks to Joe Klein for providing the awesome pics to go along with the storyboard - you're a champ. Also, check out the Digital Forensics Survival Podcast which is awesome for learning more about forensics and IR.
13 Des 201822min
7MS #339: A Pulse-Pounding Impromptu Physical Pentest
On a recent security assessment I was thrown for a loop and given the opportunity to do a two-part physical pentest/SE exercise - with about 5 minutes notice(!). Yes, it had me pooping my pants, but in retrospect it was an amazing experience. This is the mission I was given: See if you can get the front desk staff to plug in a USB drive - I posed as John Strand and armed myself with a fake resume. And as I approached the front desk I suddenly panicked and thought, "What if the front desk person is a BHIS fan?!?!?" Break into a door with weak security and steal equipment - I was given a plastic shiv and asked to try and get into a secure area in the middle of a busy office morning. No pressure, right? Was I successful? Was I arrested? Find out in today's episode!
6 Des 201819min
7MS #338: SIEMple Tests for Your SIEM Solution
Today's episode talks about some SIEMple tests you can run on your SIEM (OMg see what I did there? I took the word simple and made it SIEMple. Genius stuff, right? And there's no extra charge for it!). And if you're just now starting to shop around for a SIEM, this episode also has an extensive questionnaire you can use to put your vendors' feet to the fire and see what they're made of! Along with today's episode, I'm releasing a companion gist that contains: Questionnaire - a series of questions you can ask SIEM vendors to gather as many data points about their products and services as possible SIEM tests - a few tests you can conduct on your internal/external network to see if your SIEM solution indeed coughs up alerts Enjoy!
28 Nov 201817min
7MS #337: Happy Secure Thanksgiving
Happy Thanksgiving! In this episode I: Share some things I'm thankful for - like you! Talk about a fun episode I'm working on that has some SIEMple tests you can use to test your SIEM (omg see what I did there? So clever) Announce the 7MS user's group that will start meeting in the south metro area of Minnesota in January of 2019! Tell you a story about a kid that peed his pants in front of me (you're welcome in advance) Hope you can take some time off and enjoy your friends/family this week and weekend. Have a blessed Thanksgiving!
21 Nov 201827min
