7MS #281: Baby's First Banking Infosec Conference
7 Minute Security11 Okt 2017

7MS #281: Baby's First Banking Infosec Conference

I went to my first ever banking-focused infosec conference a few weeks ago (WBA's Secure-IT) and learned a ton.

I met some really great people and had many productive conversations around security. The main takeaways from the conference that I talk about in today's episode:

  • Standing all day and talking about security is exhausting!

  • You can thwart "swag whores" (sorry mom, but I learned that that's what they're called!) by pushing your merch table deep into the booth so it's touching the rear curtain. That way people have to go through your "people perimeter" and engage in conversation with you in order to be granted access to the swag!

  • From the conversations I had with the staff at these small banks, they're definitely wanting to slurp up as much helpful info from the sessions as possible. Specifically, finding ways to better improve security posture using free/cheap tools is ideal!

  • I attended a few sessions that got my blood boiling. The outline of these talks went something like this (slight exaggeration added, but not much):

    • Hackers are way smarter and more physically attractive than you, and they can get by all your defenses with ease
    • You're helpless, hopeless, and not physically attractive
    • Luckily we (Vendor X) are here and we offer our patented Super Solution Y that will thwart the APTs 100% of the time, no question, guaranteed

  • People don't appreciate being talked down to, nor do they want to be shamed, blamed or scared into making security better.

More on today's episode...

Avsnitt(684)

7MS #548: Tales of Pentest Pwnage - Part 44

7MS #548: Tales of Pentest Pwnage - Part 44

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Happy belated Thanksgiving! This is not a brag or a flex, but this episode covers a coveted achievement I haven't achieved in my whole life...until now: TDAD: Triple Domain Admin Dance!!!!1111!!!1!1!!!! We talk about the fun attack path that led to the TDAD (hint: always check Active Directory user description fields!), as well as a couple quick, non-spoilery reviews of a few movies: V for Vendetta and The Black Phone.

25 Nov 202250min

7MS #547: Tales of Pentest Pwnage - Part 43

7MS #547: Tales of Pentest Pwnage - Part 43

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today we're talking about tales of pentest pwnage - specifically how much fun printers can be to get Active Directory creds. TLDL: get into a printer interface, adjust the LDAP lookup IP to be your Kali box, run nc -lvp 389 on your Kali box, and then "test" the credentials via the printer interface in order to (potentially) capture an Active Directory cred! Today we also define an achievement that's fun to unlock called DDAD: Double Domain Admin Dance.

18 Nov 202242min

7MS #546: Securing Your Mental Health - Part 3

7MS #546: Securing Your Mental Health - Part 3

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Today we're talking about securing your mental health! I share some behind-the-scenes info about my own mental health challenges, and share a great tip a counselor gave me for getting into a good headspace before heading into a difficult conversation/situation.

11 Nov 202239min

7MS #545: First Impressions of Snipe-IT

7MS #545: First Impressions of Snipe-IT

Today’s episode of the 7 Minute Security podcast is brought to you by Blumira, which provides easy-to-use automated detection and response that can be set up in…well..about 7 minutes. Detect and resolve security threats faster, and prevent breaches. Try it free today at blumira.com/7ms. Hey friends, today we're giving you a first impressions look at a free easy asset management tool called Snipe-IT you can use to build your inventory with! Why is this important? Because it's the first critical security control! It might help to see this tool in action, so we invite you to check out our recent Twitch stream where we got it up and running in about 45 minutes.

4 Nov 202240min

7MS #544: Interview with Nato Riley of Blumira

7MS #544: Interview with Nato Riley of Blumira

Today’s episode is brought to us by Blumira, which provides easy to use, automated detection and response that can be setup in…well…about 7 minutes! Detect and resolve security threats faster and prevent breaches. Try it free today at blumira.com/7ms! Today we have a really fun interview with Nato Riley of Blumira. He cut his IT/security teeth working for a cell phone company, exorcising malware demons out of workstations, and even building an email-based SIEM. He has had a very cool career path that involves embracing newbness, pushing aside imposter syndrome, and even begging for jobs! I think this interview can best be summed up by a direct quote from Nato: "Things absolutely go wrong, and I think that's what deters people from trying. But just because something goes wrong, doesn't mean you're necessarily going to die from it. So why not try?"

28 Okt 202258min

7MS #543: How to Succeed in Business Without Really Crying - Part 12

7MS #543: How to Succeed in Business Without Really Crying - Part 12

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. Hey friends! Today we talk about a SoSaaS (Spreadsheet on Steroids as a Service...not a real thing) that is helping 7MinSec be more organized - both from a project standpoint and from an "alert us when important things are due!" standpoint.

21 Okt 20221h

7MS #542: Eating the Security Dog Food - Part 5

7MS #542: Eating the Security Dog Food - Part 5

This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more. In today's episode we talk more about eating the security dog food (following the best practices we preach!). Specifically, we focus on keeping that bloated email inbox a little more lean and mean. There are lots of tools/services to help with this, but we had a blast playing with MailStore (not a sponsor but we'd like them to be:-).

14 Okt 202228min

7MS #541: Tales of Blue Team Bliss - Part 2

7MS #541: Tales of Blue Team Bliss - Part 2

SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit SafePass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount! Today we talk about configuring your Active Directory with MFA protection thanks to AuthLite. In the tangent department, we give you a short, non-spoilery review of the film Smile.

7 Okt 202235min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-viva-fotboll
olyckan-inifran
aftonbladet-daily
rss-vad-fan-hande
rss-sanning-konsekvens
svenska-fall
krimmagasinet
rss-expressen-dok
motiv
fordomspodden
svd-nyhetsartiklar
dagens-eko
rss-frandfors-horna
blenda-2
spar
spotlight