Talkin' Bout [Infosec] News

Originally Aired on April 7, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/phishing/array-of-recent-phishing-schemes-use-personalized-job-lures-voice-manipulation/* https://www.coindesk.com/hackers-mined-crypto-on-githubs-servers-report* https://www.securityweek.com/white-hats-earn-440000-hacking-microsoft-products-first-day-pwn2own-2021* https://www.infosecurity-magazine.com/news/consulting-firm-data-breach/* https://github.com/Neo23x0/Raccine* https://github.com/ralphte/build_a_phish* https://support.microsoft.com/en-us/windows/protect-your-pc-from-ransomware-08ed68a7-939f-726c-7e84-a72ba92c01c3* https://www.infosecurity-magazine.com/news/florida-school-district-40m-ransom/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,208 other subscribers Email Address Subscribe

Originally Aired on April 5, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/* https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/* https://threatpost.com/call-of-duty-cheats-gamers-malware/165209/* https://outflank.nl/services/outflank-security-tooling/* https://thehackernews.com/2021/04/22-year-old-charged-with-hacking-water.html* https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,198 other subscribers Email Address Subscribe

Originally Aired on March 29, 2021 Articles discussed in this episode: * https://www.bleepingcomputer.com/news/security/engineer-reports-data-leak-to-nonprofit-hears-from-the-police/* https://thehackernews.com/2021/03/solarwinds-orion-vulnerability.html* https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html* https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,178 other subscribers Email Address Subscribe

Originally Aired on March 24, 2021 Articles discussed in this episode: * https://www.theverge.com/2021/3/22/22345792/microsoft-discord-acquisition-report-10-billion* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://grahamcluley.com/police-raid-apartment-alleged-verkada-hacker/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,176 other subscribers Email Address Subscribe

During remote red team exercises, it can be difficult to keep from leaking information to the target organization’s security team. Every interaction with the target’s website, every email sent, and every network service probed leaves some trace that the red team was there. Mature blue teams can correlate those pieces of information to identify red team actions and infrastructure, and use that information to either block the red team outright or execute deception operations to frustrate further attacks. In this Black Hills Information Security (BHIS) webcast, Michael will discuss common sources of data leakage during remote red team exercises and steps red teamers can take to eliminate or disguise the leakage outright, or to compartmentalize their actions and keep the blue team from connecting the dots. He’ll also discuss how red teamers can see the attack from the defender’s point of view so that these concepts can be applied to new tools and technologies in the future. Join the BHIS Community Discord: https://discord.gg/bhis​ 0:00:00​ – PreShow Banter™ — It’s Not Delivery, Its Frozen 0:09:36​ – PreShow Banter™ — One Rural to Rule Them All 0:11:51​ – PreShow Banter™ — Proudly Sucking at Charity 0:13:08​ – PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund 0:20:39​ – PreShow Banter™ — Meth Lab For Computers 0:25:41​ – FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams 0:27:00​ – WHOAMI 0:30:42​ – Why OPSEC is Important For Red Teams 0:34:01​ – Possible Countermeasures 0:36:37​ – Other Red Team Threats 0:38:06​ – Assessing Red Team Actions (00:00) - PreShow Banter™ — It's Not Delivery, Its Frozen (09:36) - PreShow Banter™ — One Rural to Rule Them All (11:51) - PreShow Banter™ — Proudly Sucking at Charity (13:08) - PreShow Banter™ — SPECIAL GUEST: Rural Tech Fund (20:39) - PreShow Banter™ — Meth Lab For Computies (25:41) - FEATURE PRESENTATION: OPSEC Fundamentals for Remote Red Teams (26:59) - WHOAMI (30:42) - Why OPSEC is Important For Red Teams (34:01) - Possible Countermeasures (36:37) - Other Red Team Threats (38:06) - Assessing Red Team Actions (39:26) - Building OPSEC Standard Procedures (40:42) - Local Workstation Setup (45:01) - OS Modifications (49:44) - TOOL Configurations (56:35) - Source IP Addresses (01:01:36) - Fail-Safe VPN (01:02:57) - Other Third-Party Services (01:10:05) - Network Services (01:15:19) - Testing New Tools (01:21:42) - Got Questions (01:27:03) - PostShow Banter™ — Access Granted

Originally Aired on March 22, 2021 Articles discussed in this episode: * https://threatpost.com/google-spectre-poc-exploit-chrome/164787/* https://threatpost.com/office-365-phishing-attack-financial-execs/164925/* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/* https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,168 other subscribers Email Address Subscribe (00:00) - Intro (01:00) - Critics fume after Github removes exploit code for Exchange vulnerabilities (17:44) - Google Releases Spectre PoC Exploit For Chrome (28:40) - “Expert” hackers used 11 0-days to infect Windows, iOS, and Android users

Originally Aired on March 17, 2021 Articles discussed in this episode: * https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams* https://media.cert.europa.eu/static/SecurityAdvisories/2021/CERT-EU-SA2021-014.pdf* https://security.googleblog.com/2021/03/introducing-sigstore-easy-code-signing.html* https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/* https://twitter.com/PythonResponder/status/1372023079719817218?s=20 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,163 other subscribers Email Address Subscribe

The Livestream of our first Backdoors & Breaches (B&B) session using our new Tabletop Simulator (TTS) version of the game was a success! If you have STEAM / TABLETOP SIMULATOR / BACKDOORS & BREACHES WORKSHOP, you can play using the same version of the game. 11:05​ – Backdoors & Breaches Session Begins! Our good friend Edward Miro wrote an extensive guide on how to install and use B&B on TTS. Check it out below! https://www.blackhillsinfosec.com/backdoors-breaches-tabletop-simulator-guide/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,144 other subscribers Email Address Subscribe

It is another year for the Sacred Cash Cow Tipping Webcast. For those of you who are new to our email list within the past year, this is a webcast where we cover the various tools and techniques that Black Hills Information Security (BHIS) uses to bypass endpoint security protections. The point of this webcast is not so much to teach people how to bypass these products, but rather to show that they can be bypassed. Hopefully, this leads to some conversations about defense-in-depth and how many vendors exaggerate their capabilities. We also discuss how simply writing signatures for specific strains of malware is a waste of time. Well, I mean, it has its place. But it is not something that should be the primary cornerstone of your security support structure.  There is a lot to unpack in this webcast, one of the main things to unpack is why we are still doing it. We are still doing this because it is still necessary. We still have vendors and CISOs perpetuating the myth that a security product can protect you from all attacks. This is an oversimplification, and it needs to be exterminated like a termite or a cockroach.  In past years we have had vendors threaten to sue… and some cooler vendors send us beer.   Hopefully, this year ends in beer. Join the BHIS Community Discord: https://discord.gg/bhis​ 0:00:00​ – PreShow Banter™ — We Love You 3000 0:02:56​ – PreShow Banter™ — SolarWinds Forever 0:07:26​ – PreShow Banter™ — Watching Bitcoins Being Mined 0:08:53​ – PreShow Banter™ — TeacherCoin™ 0:11:12​ – PreShow Banter™ — Babies’ Toys For Your Hands 0:15:45​ – FEATURE PRESENTATION: Sacred Cash Cow Tipping 2021 0:21:28​ – Ralph May: Due Diligence 0:25:42​ – Ralph May: ScareCrow 0:32:56​ – Ralph May: RDP 0:35:51​ – Marcello: Sentinel One (00:00) - PreShow Banter™ — We Love You 3000 (02:56) - PreShow Banter™ — SolarWinds Forever (07:26) - PreShow Banter™ — Watching Bitcoins Being Mined (08:53) - PreShow Banter™ — TeacherCoin™ (11:12) - PreShow Banter™ — Babies' Toys For Your Hands (14:06) - PreShow Banter™ — This is Huge (15:45) - FEATURE PRESENTATION: Sacred Cash Cow Tipping 2021 (21:28) - Ralph May: Due Dilligence (25:42) - Ralph May: ScareCrow (32:55) - Ralph May: RDP (35:50) - Marcello: Sentinel One (44:52) - Jordan Drysdale: Windows Subsystem for Linux (53:31) - Rob (mubix) Fuller: Initial Access (01:05:15) - Rob (mubix) Fuller: Post Exploitation (01:10:58) - Joff Thyer: Strip PowerShell Script Comments (01:17:49) - Joff Thyer: Build a .NET Assembly to Execute Shellcode (01:20:57) - Joff Thyer: Load/Run DLL/Assembly in PowerShell (01:23:27) - PostShow Banter™

Originally Aired on March 8, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,118 other subscribers Email Address Subscribe