Talkin' Bout [Infosec] News

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. While there is always a need to craft a custom email, the most considerable amount of work is setting up an infrastructure to make it all work. Wouldn’t it be nice if you had a playbook of how to set everything up to save time and prevent mistakes? What if we coded this playbook so we could share this with others and modify our tactics when things change? In this Black Hills Information Security (BHIS) webcast, we’re going to do just that. We will take a top-down look at how a phishing engagement is designed. Then we will work through coding this design, so we don’t have to keep building a phish. Lastly, we will touch on how to fly under the radar and how coding TTP’s help save time and guarantee accuracy. Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – FEATURE PRESENTATION: How to Build a Phishing Engagement – Coding TTP’s 01:06 – About Ralph May 01:58 – Disclaimers 03:19 – Overview 03:56 – Phishing is Hard 06:33 – Infrastructure 07:12 – Operational Security 08:39 – Designing a Phish 13:18 – Phishing Emails 15:48 – 1st Tool: EVILGINX2 17:30 – EVILGINX IOC’s 18:20 – 2nd Tool: GoPhish 19:08 – GoPhish IOC’s 20:52 – 3rd Tool: NGINX (00:00) - FEATURE PRESENTATION: How to Build a Phishing Engagement - Coding TTP's (01:02) - About Ralph May (01:51) - Disclaimers (03:06) - Overview (03:43) - Phishing is Hard (06:20) - Infrastructure (06:59) - Operational Security (08:26) - Designing a Phish (13:01) - Phishing Emails (15:29) - 1st Tool: EVILGINX2 (17:10) - EVILGINX IOC's (18:00) - 2nd Tool: GoPhish (18:48) - GoPhish IOC's (20:31) - 3rd Tool: NGINX (21:45) - 4th Tool: Digital Ocean Cloud Provider (22:10) - 5th Tool: Mailgun Email Service (22:52) - 6th Tool: CDN-Azure (23:33) - Coding a Phish – 1st Tool: Ansible (26:09) - 2nd Tool: Terraform (28:36) - 3rd Tool: Docker (30:22) - Combining Ansible and Terraform (32:14) - Ansible Secrets (34:04) - DEMO: Executing a Phishing Engagement (41:57) - What's Next (43:19) - QnA (56:03) - PostShow Banter™ — Ohs and Ahs

Join the BHIS Community Discord: https://discord.gg/bhis Music By Beau: https://www.nobandwidth.io 00:00 – 2021-04-01 – PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ 05:29 – You’re So Vanity 08:39 – Let’s Talk About Florida Man 11:27 – Kellon is here – Intro Sec Con Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,588 other subscribers Email Address Subscribe (00:00) - 2021-04-01 - PreShow Banter™ — Intro Sec Con & The Birth of PreShowBanterCon-A-Thon 2021!™ (08:28) - Let's Talk About Florida Man (11:12) - Kellon is here - Intro Sec Con

Originally Aired on July 6, 2021 Articles discussed in this episode: 00:00 – BHIS | Talkin’ Bout News 2021-07-06 02:32 – Story # 1 – CISA self-assessment audit tool – https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 – Story # 2 – Insurance rates up 32% – https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 – Story # 3 – 0 Day for Windows OS PrintNightmare – https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 – Story # 4 – Kaseya Indicators of Compromises – https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 – Story # 5 – Dotnet Core for PowerShell – https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 – Story # 6 – Intuit shares data with Equifax – https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 – Alissa Torres’ Shout Outs (see description for links) 52:00 – Story # 7 – The Audacity of Spyware – https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: * https://www.dianainitiative.org/event-schedule/* https://dfrws.org/conferences/dfrws-usa-2021/* https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/* https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/ Check out our Cyber Range, not just a place to work through challenges and play,

Articles discussed in this episode: 00:00 - BHIS | Talkin’ Bout News 2021-07-06 02:32 - Story # 1 - CISA self-assessment audit tool - https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/amp/ 08:24 - Story # 2 - Insurance rates up 32% - https://www.theregister.com/2021/07/05/cyber_insurance_report/ 20:48 - Story # 3 - 0 Day for Windows OS PrintNightmare - https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c 31:32 - Story # 4 - Kaseya Indicators of Compromises - https://cyberworkx.in/2021/07/06/kaseya-says-its-not-a-supply-chain-attack-and-releases-indicators-of-compromises/ 41:16 - Story # 5 - Dotnet Core for PowerShell - https://cyberworkx.in/2021/07/04/critical-remote-code-execution-vulnerability-in-dotnet-core-for-powershell/ 42:54 - Story # 6 - Intuit shares data with Equifax - https://krebsonsecurity.com/2021/07/intuit-to-share-payroll-data-from-1-4m-small-businesses-with-equifax/ 48:33 - Alissa Torres’ Shout Outs ( see description for links ) 52:00 - Story # 7 - The Audacity of Spyware - https://mashable.com/article/audacity-spyware-privacy-policy Alissa Torres’ Shout Outs: https://www.dianainitiative.org/event-schedule/ https://dfrws.org/conferences/dfrws-usa-2021/ https://www.activecountermeasures.com/event/hacking-packet-captures-the-foundations-of-network-security/ https://wildwesthackinfest.com/antisyphon//advanced-endpoint-investigations/

Originally Aired on June 28, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Way West Recap06:38 – Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/12:58 – Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware19:41 – Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html29:27 – Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/44:27 – Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/45:43 – Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/52:56 – Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/55:38 – Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,555 other subscribers Email Address Subscribe

00:00 - PreShow Banter™ — Way West Recap 06:38 - Story 1 : https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/ 12:58 - Story 2 : https://www.vice.com/en/article/bvzd8v/hackers-use-fake-call-center-to-trick-victims-into-installing-ransomware 19:41 - Story 3 : https://thehackernews.com/2021/06/bios-disconnect-new-high-severity-flaws.html 29:27 - Story 4 : https://venturebeat.com/2021/06/16/cybereason-80-of-orgs-that-paid-the-ransom-were-hit-again/ 44:27 - Story 5 : https://nypost.com/2021/06/23/john-mcafee-dies-by-suicide-inside-prison-in-barcelona/ 45:43 - Story 6 : https://www.marketplace.org/2021/06/23/texas-homeowners-startled-by-hijacked-thermostats/ 52:56 - Story 7 : https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/ 55:38 - Story 8 : https://securelist.com/ferocious-kitten-6-years-of-covert-surveillance-in-iran/102806/

https://youtu.be/ZXNzG8ilfiw 00:00 - Talkin’ Bout Ransomware 01:26 - Story 1: https://nypost.com/2021/06/06/texas-mom-arrested-after-posing-as-her-13-year-old-daughter-at-middle-school/ 06:26 - Story 2: https://cyberworkx.in/2021/06/07/worlds-first-known-malware-targeting-windows-containers-to-compromise-cloud-environments/ 10:42 - Story 3: https://threatpost.com/revil-spill-details-us-attacks/166669/ 22:27 - Story 4: https://www.eff.org/deeplinks/2021/06/van-buren-victory-against-overbroad-interpretations-cfaa-protects-security 24:43 - Story 5: https://cyberworkx.in/2021/06/05/microsoft-teams-is-getting-better-security-end-to-end-encryption-for-voice-calls-from-july/ 30:33 - Story 6: https://lock.cmpxchg8b.com/passmgrs.html Join the BHIS Community Discord: https://discord.gg/bhis

Originally Aired on June 1, 2021 Articles discussed in this episode: 00:00 – PreShow Banter™ — Fishing Attacks 02:40 – Story 1: https://m1racles.com/ 05:33 – Story 2: https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ 11:26 – Story 3: https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps 15:29 – Story 4: https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 23:44 – Story 5: https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ 26:26 – Story 6: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,444 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — Fishing Attacks (02:40) - Story 1 : https://m1racles.com/ (05:33) - Story 2 : https://arstechnica.com/gadgets/2021/05/vulnerability-in-vmware-product-has-severity-rating-of-9-8-out-of-10/ (11:26) - Story 3 : https://www.securityweek.com/nuclear-flash-cards-us-secrets-exposed-learning-apps (15:29) - Story 4 : https://www.darkreading.com/risk/cyber-insurance-firms-start-tapping-out-as-ransomware-continues-to-rise/d/d-id/1341109 (23:44) - Story 5 : https://www.zdnet.com/article/various-japanese-government-entities-had-data-stolen-in-cyber-attack-report/ (26:26) - Story 7 : https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/

In this Black Hills Information Security (BHIS) webcast, you will learn tools and techniques for performing penetration tests against Microsoft Azure environments. Increasingly, more organizations are migrating resources to being hosted in the cloud. With this comes a greater potential for misconfiguration if there isn’t a solid understanding of the attack surface. While there are many similarities between traditional on-premises pentesting and cloud-based pentesting, the latter is an animal of its own. This webcast attempts to clear up some of the fogginess around cloud-based pentesting, specific to Microsoft Azure environments, including Microsoft 365. In order to adequately determine the attack surface, the appropriate coverage areas are highlighted. Differences between Azure resources and Microsoft 365 can oftentimes be confusing but knowing these differences is key to helping you pivot and escalate privileges. Conditional access policies are great for defining different scenarios for how users can authenticate securely but can also be misconfigured. There are security protections for stopping certain password attacks but some of these can be bypassed. Ultimately, a methodology for testing Azure environments along with tools and techniques are presented in this talk. 36:31 – Webcast officially starts Join us on the BLACK HILLS INFOSEC Discord server for interaction with Beau and your fellow attendees: https://discord.gg/bhis Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,437 other subscribers Email Address Subscribe (00:00) - FEATURE PRESENTATION: Getting Started in Pentesting the Cloud – Azure (02:32) - WHOAMI (03:20) - Talk Roadmap (05:33) - Why Azure? (08:06) - Identifying Attack Surface (12:50) - Recon & External Attacks (19:31) - Password Attacks (21:37) - Password Protection & Smart Lockout (23:05) - Authentication (26:52) - Conditional Access Policies & MFA (34:11) - Post Compromise (36:46) - Command Line Access (37:40) - LINK: CloundPentest Cheatsheets: https://github.com/dafthack/CloudPentestCheatsheets (37:53) - Azure Subscription Hierarchy (41:31) - Resource Specific Issues (41:55) - Serverless Environment Variables (48:59) - Leveraging Scanning Tools (51:11) - Key Takeaways (52:37) - PostShow Banter™ — They Got Questions, Beau

Join our Incident Master Ean Meyer as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Ean | EanMeyer Defenders: Qasim | hashtaginfosec Kaitlyn | Kadawi Blake | zer0cool Vee | Po1Zon_P1x13 Ralph | ralphte1 Game Play Master: Jason | BanjoCrashland Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,408 other subscribers Email Address Subscribe