Talkin' Bout [Infosec] News

Join Incident Master Ean Meyer as we play another round of Backdoors & Breaches.

There has been a huge explosion of different free and open-source options for EDR in the security space. Which is nice because the commercial offerings are stupid expensive. In this Black Hills Information Security (BHIS) webcast, we look at OpenEDR, Elastic, and Velociraptor. With all these great options, there is no reason your organization should not have one of these offerings. Further, they are essential for any IR gig you may do. You may be a shop that is looking at commercial offerings, however, you should always look at the free offerings first. Remember, you are not paying for what the commercial product offers, you are paying for what it does versus what the free offerings do not. Join the BHIS Community Discord: https://discord.gg/bhis 0:00:00 – FEATURE PRESENTATION: Your Free & Open EDR Options! 0:02:03 – Why We here? 0:04:46 – EDR? Like that there electronic music? 0:11:48 – Vendors 0:14:21 – MITRE Evaluations 0:19:17 – So, Why EDR? 0:23:05 – Free and Open Source? 0:28:48 – OSSEC 0:31:12 – So, WAZUH 0:38:28 – Velociraptor 0:41:09 – DEMO: Velociraptor 0:48:35 – Vendors and Free/OS 0:49:57 – Elastic (Formerly Endgame) 0:55:09 – OPEN EDR – From Comodo 0:58:41 – Conclusions 1:01:53 – Backdoors & Breaches Virtual Slides for this webcast can be found here: (00:00) - FEATURE PRESENTATION: Your Free & Open EDR Options! (02:03) - Why We here? (04:46) - EDR? Like that there electronic music? (11:48) - Vendors (14:21) - MITRE Evaluations (19:17) - So, Why EDR? (23:05) - Free and Open Source? (28:48) - OSSEC (31:12) - So, WAZUH (38:28) - Velociraptor (41:09) - DEMO: Velociraptor (48:35) - Vendors and Free/OS (49:57) - Elastic (Formerly Endgame) (55:09) - OPEN EDR - From Comodo (58:41) - Conclusions (01:01:53) - Backdoors and Breaches Virtual (01:07:05) - John Pitches BHIS SOC

Originally Aired on May 10, 2021 Articles discussed in this episode: * https://whyy.org/segments/the-greatest-hoax-on-earth/ * https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-network-disruption-at-colonial-pipeline * https://arstechnica.com/gadgets/2021/05/peloton-takes-3-months-to-fix-flaw-that-exposed-users-private-information/ * https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/ * https://www.macrumors.com/2021/05/10/hacked-airtag-links-to-custom-url-lost-mode/ * https://jalopnik.com/security-researchers-hack-a-tesla-from-a-drone-1846833249 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,362 other subscribers Email Address Subscribe

This is a joint emergency webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand. There have been a couple of very scary ransomware stories in the news over the past few weeks. We figured it would be a good idea to throw a quick emergency webcast together to cover some of these new developments and hit on some very real and very easy things to mitigate against some of these attacks. We say “some” because these attacks are evolving. Traditionally, there are two classes of ransomware, but we are seeing a third start to develop which is harder to deal with. But not impossible. Yes, we will be talking about deception and attribution. Yes, we will be talking about beacon analysis. Because they are kind of our things. But, we will also discuss some new open-source technologies. And… something you can just turn on. The point is these attacks are rapidly evolving. The attack on Colonial shows just a glimpse of how bad these attacks are going to get. Also, we are seeing how we cannot view Operation Technology (OT) as a completely different security creature. Everything is interconnected. We need to start treating security more holistically and stop saying things like, “we just want to focus on the OT/SCADA/PCI/HIPAA enclave.” Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2021/05/SLIDES_LetsTalkAboutRansomware.pdf Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,344 other subscribers Email Address Subscribe (00:00) - PreShow Banter™ — John Strand Has Windows Updates (25:39) - FEATURE PRESENTATION: OK, Let’s Talk About Ransomware (01:25:34) - Wrap-up Questions

Originally Aired on May 5, 2021 Articles discussed in this episode: * https://thehackernews.com/images/-V6c2_ZHgMzI/YJFAaQl5RjI/AAAAAAAAA_8/wNs6d4zWc1MHLJ5VPaSpzHvXkFIIcwfZQCLcBGAsYHQ/s0/reset-passsword.jpg * https://threatpost.com/dell-kernel-privilege-bugs/165843/ * https://www.bleepingcomputer.com/news/security/new-windows-pingback-malware-uses-icmp-for-covert-communication/ * https://signal.org/blog/the-instagram-ads-you-will-never-see/ * https://nakedsecurity.sophos.com/2021/05/04/apple-products-hit-by-fourfecta-of-zero-day-exploits-patch-now/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,321 other subscribers Email Address Subscribe

Originally Aired on May 3, 2021 Articles discussed in this episode: * https://threatpost.com/deepfake-attacks-surge-experts-warn/165798/ * https://threatpost.com/linux-kernel-bug-wider-cyberattacks/165640/* https://www.reddit.com/r/netsec/comments/n36x7h/arbitrary_code_execution_in_exiftool/* https://krebsonsecurity.com/2021/04/experians-credit-freeze-security-is-still-a-joke/* https://github.com/alievk/avatarify-python * https://media.ccc.de/v/29c3-5327-en-writing_a_thumbdrive_from_scratch_h264 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,306 other subscribers Email Address Subscribe

Join our Incident Master BanjoCrashland as we play another round of Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. https:/steamcommunity.com/sharedfiles/filedetails/?id=2401033477 Incident Master: Jason Blanchard | BanjoCrashland Defenders: Matt Thomas | slegna Richard Phung | p3hndrx Maril Vernon | SheWhoHacks Kaitlyn Wimberley | kadawi Blake Regan | zer0cool Ralph May | ralphte1 John Strand | strandjs Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,295 other subscribers Email Address Subscribe

Originally Aired on April 26, 2021 Articles discussed in this episode: * https://usdaynews.com/celebrities/celebrity-death/dan-kaminsky-death-cause/* https://signal.org/blog/cellebrite-vulnerabilities/* https://arstechnica.com/gadgets/2021/04/hackers-backdoor-corporate-password-manager-and-steal-customer-data/* https://youtu.be/G0gOAvpGoJg Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,281 other subscribers Email Address Subscribe

Originally Aired on April 19, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack* https://apnews.com/article/russia-safe-harbor-ransomeware-hacking-c9dab7eb3841be45dff2d93ed3102999* https://threatpost.com/critical-cloud-bug-vmware-carbon-black/165278/* https://www.theverge.com/2021/4/18/22390379/federal-investigators-breach-software-codecov-solarwinds* https://threatpost.com/google-project-zero-cuts-bug-disclosure-timeline-to-a-30-day-grace-period/165432/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,264 other subscribers Email Address Subscribe

Originally Aired on April 12, 2021 Articles discussed in this episode: * https://threatpost.com/azure-functions-privilege-escalation/165307/* https://www.theverge.com/2021/4/8/22374464/linkedin-data-leak-500-million-accounts-scraped-microsoft* https://news.linkedin.com/2021/april/an-update-from-linkedin* https://www.bbc.com/news/world-middle-east-56708778* https://www.tenable.com/blog/cve-2018-13379-cve-2019-5591-cve-2020-12812-fortinet-vulnerabilities-targeted-by-apt-actors Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,241 other subscribers Email Address Subscribe