7MS #649: First Impressions of Twingate

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. First, a bit of miscellany: If you replace "red rain" with "red team" in this song, we might just have a red team anthem on our hands! If you're in the Twin Cities area and looking for an infosec analyst job, check out this posting with UBB. If interested, I can help make an electronic introduction - and/or let 'em know 7 Minute Security sent ya! Ok, in today's program we're talking about red teaming again with our third awesome installment with Ryan and Dave who are professional red teamers! Today we cover: Recon - it's super important! It's like putting together puzzle pieces...and the more of that puzzle you can figure out, less likely you'll be surprised and the more likely you'll succeed at your objective! Reporting - how do you deliver reports in a way that blue team doesn't feel picked on, management understands the risk, and ultimately everybody leaves feeling charged to secure all the things? I also asked the questions folks submitted to me via LinkedIn/Slack: Any tips for the most dreaded part of an assessment (reports)? How do you get around PowerShell v5 with restrict language mode without having the ability to downgrade to v2? What's an alternative to PowerShell tooling for internal pentesting? (hint: C# is the hotness) What certs/skills should I pursue to get better at red teaming (outside of "Hey, go build a lab!"). Are customers happy to get assessed by a red team exercise, or do they do it begrudgingly because of requirements/regulations?

30 Maj 20191h 8min

This episode of the 7 Minute Security Podcast is brought to you by Authentic8, creators of Silo. Silo allows its users to conduct online investigations to collect information off the web securely and anonymously. For more information, check out Authentic8. This episode features cool things I'm learning about external pentesting. But first, some updates: My talk at Secure360 went really well. Only slightly #awkward thing is I felt an overwhelming need to change my title slide to talk about the fact that I don't drink. The 7MS User Group went well. We'll resume in the late summer or early fall and do a session on lockpicking! Wednesday night my band had the honor of singing at a Minnesota LEMA service and wow, what an honor. To see the sea of officers and their supportive families and loved ones was incredibly powerful. On the external pentest front, here are some items we cover in today's show: MailSniper's Invoke-DomainHarvestOWA helps you discover the FQDN of your mail server target. Invoke-UsernameHarvestOWA helps you figure out what username scheme your target is using. Invoke-PasswordSprayOWA helps you do a low and slow password spray to hopefully find some creds! Once inside the network, CrackMapExec is your friend. You can figure out where your compromised creds are valid across the network with this syntax: crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN You can also find what shares you have access to with: crackmapexec smb 192.168.0.0/24 -u USER -p ‘PASSWORD’ -d YOURDOMAIN --shares Sift through those shares! They often have VERY delicious bits of information in them :-)

23 Maj 201936min

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Yuss! It's true! Dave and Ryan are back! Back in episode #326 we met Ryan Manship of RedTeam Security and Dave Dobrotka of United HealthGroup and talked about their cool and exciting careers as professional red teamers. In this follow-up interview (which will be broken into a few parts), we talk through a red team engagement from start to finish. Today we cover questions like: Who should have a red team exercise conducted? Who NEEDS one? How do you choose an objective that makes sense? What do you do about push-back from management and/or scope manipulation? (“Don’t phish our CEO! She’ll click stuff! Attack our servers, just not the production environment!!!”). Spoiler alert: your clients need to have intestinal fortitude! What’s better - a “zero knowledge” red team engagement or a collaborative exercise between testers and their clients? How do you attack a high-security bunker?! How do you conduct a red team exercise without ending up in jail? What does your “get out of jail” card get you - and NOT get you?

15 Maj 201957min

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! Today I take a walk (literally!), get chased by a dog (seriously!) and talk about impostor syndrome and feelings of self-loathing and doubt as I get ready to speak at Secure360 next week (insert wah-wah-waaaaaaahhhhhhh here). How do you deal with impostor syndrome? Personally, I'm finding some success in squashing it by forcing myself into situations where I feel like a fraud - over and over again! Over time, I feel slightly less like a sham and a bit more like I know what I'm talking about. Specifically, in this episode I talk about: The thrill of getting a presentation accepted at a conference, and the dread and fear that follows The awful nightmare I have the night before I speak in front of others Shaking off nerves when your talk is accompanied by a sign language interpreter Finding your "voice" and getting the confidence to share/present your knowledge in a way only you can I also share the outline to my "So You Wanna Start a Security Company?" talk, which includes: What are the telltale signs that you should start a security company? How do you find business when everybody and their mom seems to have a security offering? What are some of the tools/services/people that can help your business succeed?

9 Maj 201941min

Today we're talking about Logging Made Easy, a project that, as its name implies...makes Windows endpoint logging easy! I love it. It offers a simple, digestible walkthrough of several short "chapters" to get started. These chapters include: Chapter 1 - Set up Windows Event Forwarding Chapter 2 – Sysmon Install Chapter 3A – Database (Easy Method) Chapter 3B – Database (Manual Method) Chapter 4 - Post Install Actions Besides having a small issue with a batch script (resolved as of 5/3) and a another snafu (that's probably my fault), it's a simple and effective way to get logging spun up in your environment!

3 Maj 201926min

This episode of the 7 Minute Security podcast is brought to you by Netwrix. Netwrix Auditor empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. For more information, visit netwrix.com. In today's program we continue a series on fundamental Active Directory security that we started back in episode 327. I took all the things I talked about in that episode, as well as the new additions discussed today: Finding your most vulnerable AD abuse paths with BloodHound. For a two-part pentest tale showing how BloodHound can be used/abused by attackers, check out episodes 353 and 354. Get a deep-dive look at your AD machines, users, shares, OS versions and more with Network Detective. How to de-escalate local admins (and prevent them from over-using/abusing the use of their privileged account) Although I haven't tested it yet, Logging Made Easy looks like an awesome and free way to get some entry-level logging setup in your environment. Can't wait for a good lab day to play! Here are ALL the AD Security 101 tips in a delicious [gist].

25 Apr 201922min

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! In this episode I explore some ways you can turn up the security heat on your Windows workstations by mapping their security to a hardening standard and/or baseline. Specifically, I cover: NIST STIG for Windows 10 Heimdal Security - Windows 10 Hardening Guide Center for Internet Security's security benchmarks Windows Security Compliance Toolkit (SCT) I think one path to success is to use the Windows SCT as a way to create a baseline, and then use it - plus some of the other guides and standards - to gradually turn the security screws on the OS. Don't just import a GPO template and turn on 123,456,789 settings at once. You'll likely bring the network to its knees! Got a better/faster/stronger way to accomplish baselining? Let me know!

19 Apr 201926min

This episode is brought to you by ITProTV. Visit https://www.itpro.tv/7minsec for over 65 hours of IT training for free! This week we're talking about everybody's favorite topic: REPORT WRITING! Yay! The peasants rejoice! In the last few months I've seen a lot of reports from other companies, and here are a few key problems I see with them: Too long - overall these things are waaAAaAaaAayyyYYYYYYyyy too long. I see reports where the analyst has copied and pasted an entire Nessus report into the main report. Yikes. That makes these things weigh in at hundreds(!) of pages. Too techie - these reports look like their written from one techie to another. Nothing wrong with that, really, however in many cases the key person that needs to "get it" is a manager or C-level position who needs to understand the risks in plain English. No narrative - the reports are just a long laundry list of vulnerabilities without any context of how the pentest was conducted or which vulns should be fixed first. Weak remediation - most of the findings are accompanied by whatever remediation instructions are provided by the vuln-scanner or other tool. We can do better than this! How? Listen to today's episode :-). Oh, and don't forget to come to the next 7MS User Group meeting on Monday, April 22! Details here!

16 Apr 201939min