7MS #312: OFF-TOPIC - Boxing a Cat
It has been a heck of a week (in a good way), and I'm taking a break from security so you can help me untangle a mystery that's been wrapped around my brain for years. I need you to help me figure out what this dude meant when he said that something was as frustrating "as boxing a cat." P.S. if you hate off-topic episodes no worries! We'll be back to our regularly scheduled security program next week!
30 Mai 201818min
7MS #311: How to Build a Cuckoo Sandbox
This week I dove into building a Cuckoo Sandbox for malware analysis. There are certainly a ton of posts and videos out there about it, but this entry called Painless Cuckoo Sandbox Installation caught my eye as a good starting point. This article got me about 80% of the way there, and the last 20% proved to be problematic. I got some additional answers from the Cuckoo documentation but still left some answers to be desired. Through a lot of Googling, banging my head against the wall and looking at the GitHub issues list, I finally got everything working. I've taken my entire build process and included it as a gist here. Enjoy!
24 Mai 201815min
7MS #310: Secure the Radio Commercials
Last week I was in the recording studio to record three 7MS commercials aimed at churches. The goal was to educate them on some security topics and close with a "hook" to contact 7MS for help securing your church. The commercials themselves are embedded in this episode so please have a listen and let me know what you think! I'll also let you know (via the podcast) when these commercials hit the air. It's likely the station won't air in your area, but you can catch it on the interwebs if you so desire (thanks again for your support, mom).
18 Mai 201812min
7MS #309: Password Cracking in the Cloud - Part 2
Cracking passwords in the cloud is super fun (listen to last week's episode to learn how to build your own cracking box on the cheap at Paperspace)! In the last couple weeks, customers have asked me about doing a password strength assessment on their Active Directory environment. I asked around and read a bunch of blogs and found a method that I think: Extracts the hashes safely Parses down the dump to contain only the hashes (so that if somebody popped my Paperspace cloud-crackin' box, they'd have just a list of half-cracked hashes and that's it) Does the work pretty automagically I talk about this in more detail in today's podcast, and here's the gist you can follow with all the necessary commands to get AD crackin'!
9 Mai 201813min
7MS #308: Password Cracking in the Cloud
I had an absolute ball this week trying to figure out how to crack passwords effectively, and on the cheap, and in the cloud. Today's episode goes into much more detail, and embedded below is the Gist of my approach thus far. If you've got things to add/suggest to this document, let me know! P.S. if you don't see the gist because you're reading this in a podcast-catching app, head to https://7ms.us and look up today's episode and you'll see the gist in all its gisty glory!
2 Mai 201811min
7MS #307: Writing Security-Focused Radio Commercials
Hey, so this week I am without my main machine - thus no jingle or "jungle boogie" intro music. Feels weird. Feels real weird. Anyway, ya know how I teased last week that 7MS could possibly be coming to a radio station near you? Well I think it's more of a probability than a possibility at this point! I met with a radio exec a few weeks ago and we talked about: Lots of people still listen to the radio (who knew?) Creating a "security minute" spot that would lead to a commercial about 7MS How to write a good commercial "hook" It's difficult to write a 60-second commercial! Targeted advertising at churches, which is an under-served market when it comes to infosec Writing a new (shortened) 7MS jingle More on this today on 7MS!
25 Apr 201812min
7MS #306: A Peek into the 7MS Mail Bag - Part 2
We've dug into some pretty technical topics the last few weeks so we're gonna take it easy today. Below are some FAQs and updates I'll cover on today's show: FAQs What security certs should a sales person get? What lav mic should I get for podcasting? How do I know if I'm ready to take the OSCP? When are you gonna do some more YouTube videos? When will the PacktPub project be done? Updates Don't forget to check out these new and/or updated pages on BPATTY: Caldera LAPS PwnedPasswords Speaking engagements I learned that the Cryptolocker song was played as muzak for a security conference. That makes me LOL ;-) Those of you in Minneapolis/St. Paul are invited to join me for Blue Team on a Budget lunch and learn at Manny's - it's on May 3 and hosted by OneIdentity. I'll be at Secure360 on May 16 to give my Blue Team on a Budget talk at 9:30 a.m., and I'll also be hosting our pal Bjorn for his Twin Cities vs. OWASP Juice Shop workshop on May 17. Gonna be awesome - hope you can come to either event (or both!).
19 Apr 201818min
7MS #305: Evaluating Endpoint Protection Solutions - Part 2
Today is part two of evaluating endpoint solutions, where I primarily focus on Caldera which is an adversary simulation system that's really awesome! You can essentially setup a virtual attacker and cut it loose on some test machines, which is what I did as part of an endpoint protection evaluation project. The attacks simulated are from Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. So the big question is...did any of these endpoint solutions catch some of the simulated ATT&CKs? Check out today's podcast to find out! Oh, and I wrote up my quick install guide for Caldera here.
12 Apr 201811min
