7MS #449: DIY Pentest Dropbox Tips - Part 3

In today's continuation of last week's episode I'm continuing a discussion on using free tools to triage Windows systems - be they infected or just acting suspicious. Specifically, those tools include: FTK Imager - does a dandy job of creating memory dumps and/or full disk backups of a live system. You can also make a portable version by installing FTK Imager on a machine, then copying the C:\Program Files\wherever\FTK Imager\lives to a USB drive. FTK on the go! Redline grabs a full forensics pack of data from a machine and helps you pick apart memory strings, network connections, event logs, URL history, etc. The tool helps you dig deep into the timeline of a machine and figure out "What the heck has this machine been doing from time X to Y?" DumpIt does quick n' dirty memory dumps of machines. Volatility allow you to, in a relatively low number of commands, determine if a machine has been up to no good. One of my favorite features is extracting malware right out of the memory image and analyzing it on a separate Linux VM with something like ClamAV.

9 Mars 201816min

I had the privilege of creating a Windows System Forensics 101 course/presentation for a customer. The good/bad news is there is so much good information out there, it's hard to boil things down to just an hour. For the first part of the presentation, I focused on Mark Russinovich's technique of using Sysinternals as the primary surgical tool. This approach includes things like: Use Process Explorer to find processes with no signature and/or description. Put any suspicious processes to sleep before killing them (it's more humane! :-) Use autoruns to find registry entries, scheduled tasks, etc. that might be hooked to malicious executables that run on startup. Rinse and repeat. In part 2 (coming up soon!), I'll continue the forensics fight and talk about tools like Redline, Volatility and FTK Imager! Stay tuned.

28 Feb 201810min

Last week I talked about how business has been going with the LLC. Today I answer some additional questions that I didn't have time to address: How I'm finding leads/projects to work on (TLDR: I'm NOT sending 1TB of PDFs to people, spamming them, calling them endlessly or LinkedIn'ing everybody and their mom) The interesting conversations I'm having with customers who seem a little tired of the traditional pentest/assessment song and dance (spoiler alert: they're looking for people with solutions and who will actually help remediate the stuff in the report!) The training services I'm offering are getting a lot more interest than I expected - and I think that's due to some of the sessions being more technical, yet not as intense as, say, a SANS course or the OSCP. More on today's show!

15 Feb 201817min

Intro Here's some of the "juice" that has helped 7MS have a successful start: Support system Ok so I think if you're going to have a successful business, you need an awesome support system. Mine consists of some of these things: Faith - I'm a Christian and pray about this business constantly. In fact I learned really quickly how easy it is to brag about your rock-solid faith when everything is going fine. And then when suddenly the rug is pulled out from under you, you find what your faith is really made of! My wife - she's my biggest supporter and cheerleader. Financial advisor - we have a great "money guy" who helped us plan for moments like these, where income might be slower as I drum up business. Trusted advisors - I'm blessed to have a partner called InteProIQ that has been a sounding board for a zillion and one questions. Everything from helping me quote projects and set hourly rates to marketing plans and connecting me with other business owners and contacts. General "get your business started" stuff Form your LLC - I just Googled how to do it, and found a bunch of articles with good info. Basically I found my state's Web site hierarchy and within that was a place to register the LLC and grab an EIN for tax purposes. Bank accounts - I visited my local banker and setup work checking/savings/etc. Tech tools to help you get the job done Quickbooks - I use this to keep track of expenses, send out quotes, reconcile invoices, etc. Expensify - I use it to track receipts and mileage. They even give you an email address where you can forward receipts to and it'll work it's awesome OCR magic to automatically extract the vendor, charge and date. Awesome! Toggl - a free Web interface (and app) to track time for projects (if the client doesn't already have something they want me to use) ....more on 7MS.us!

8 Feb 201816min

WEFFLES are delicious! WEFFLES stands for Windows Event Logging Forensic Logging Enhancement Services and is Microsoft's cool (and free!) console for responding to incidents and hunting threats. I had a chance to play with it in the lab this week and for the most part, the install of WEFFLES went well, but I had one minor issue that was cleared up easily. As I went through the MS TechNet article, I wrote a full install write-up on my BPATTY site. So go gobble up some WEFFLES and let me know how it goes!

1 Feb 201814min

Today I'm excited to be joined by my friend and advisor Kevin Keane (Twitter / LinkedIn) who is a lawyer, blogger, keynote speaker, business advisor, and just all around great guy. Kevin and I sit down to talk about: How SMBs can take some productive security baby steps How to get the most value out of your next security consultant engagement Can breaches ever be funny? What is the Trust Calculus? Do I need to care about GDPR? That and much more is coming up today on this special interview edition of the 7 Minute Security podcast!

25 Jan 201859min

GDPR in a nutshell GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process personal information about EU citizens must clearly explain to the citizens what data is being stored and processed, and any parties the data is being shared with. The citizens must opt-in and agree to each instance or reason that their data is being stored and processed. The citizens also must be able to, at any time, request a copy of the data or request that it be deleted. How does GDPR define "personal data" As “any information relating to an identified or identifiable natural person." When do GDPR regulations start being enforced? May 25, 2018. What are the key roles organizations need to be aware of as it relates to handling data under GDPR regulations? Two primary roles: Controller An entity that determines the purposes, conditions and means of the processing of personal data Processor An entity which processes personal data on behalf of the controller What are the GDPR lawful basis for processing data? Consent: the individual has given clear consent for you to process their personal data for a specific purpose. Contract Legal obligation Vital interests Public task Legitimate interests Are there any good step-by-step guides to GDPR compliance? This site lays things out at a high level with a 12-step program, if you will. How can I learn more about GDPR? This http://gdprandyou.ie/ site is a great GDPR primer, and this PDF from Imperva is good as well. I also googled GDPR for dummies and found some good results too :-)

18 Jan 201811min

Back in episode 280 I talked about how I started working with PacktPub to start authoring a video course on vulnerability scanning using Kali. Since that episode I've found that recording and editing high quality video clips is taking waaaaaayyyyyyyyyyy longer than I'd like, but it's worth it to create good stuff! PacktPub authored a tool called Panopto to make videos, but I found it a little frustrating to work with, so I'm going with the following janky - but functional - recording setup: Record raw video using iShowU Pull that video into iMovie and cleanup all the mistakes Record audio in Quicktime Pull audio clips into iMovie and edit those to match up with what's happening in the video Export video as 1080p Additionally, here are a few little tweaks that help the content creation match up with PacktPub's requirements: Resolution should be 1920x1080 (full HD) - I just bought a secondary monitor for this. Specifically, an HP 22cwa. I set my .bashrc file to use all white for the terminal prompt. See this article which helped me out. In Terminal I created a PacktPub profile that has font as Monospace Regular 20pt.

4 Jan 201815min