Talkin' Bout [Infosec] News

Originally Aired on March 3, 2021 Articles discussed in this episode: * https://www.msn.com/en-us/money/other/microsoft-these-exchange-server-zero-day-flaws-are-being-used-by-hackers-so-update-now/ar-BB1ec0In Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,093 other subscribers Email Address Subscribe

Originally Aired on March 1, 2021 Articles discussed in this episode: * https://threatpost.com/yeezy-sneaker-bots-boost-sun/164312/* https://www.darknet.org.uk/2021/02/gitlab-watchman-audit-gitlab-for-sensitive-data-credentials/* https://www.wired.com/story/gab-hack-data-breach-ddosecrets/* https://www.cyberark.com/resources/threat-research-blog/hunting-azure-blobs-exposes-millions-of-sensitive-files* https://github.com/cyberark/blobhunter Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,084 other subscribers Email Address Subscribe

Originally Aired on February 24, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/government-and-defense/fireeye-and-microsoft-execs-senators-dissect-mandatory-breach-disclosure-in-wake-of-solarwinds/* https://www.wired.com/story/russia-gru-hackers-us-grid/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,080 other subscribers Email Address Subscribe

Originally Aired on February 22, 2021 Articles discussed in this episode: * https://www.reuters.com/article/us-northkorea-cybercrime-pfizer-idUKKBN2AG0NI* https://threatpost.com/silver-sparrow-malware-30k-macs/164121/* https://www.securityweek.com/chinese-hackers-cloned-equation-group-exploit-years-shadow-brokers-leak Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,071 other subscribers Email Address Subscribe

Originally Aired on February 17, 2021 Articles discussed in this episode: * https://www.scmagazine.com/home/security-news/everyones-half-asleep-and-bosses-dont-want-trouble-the-struggle-to-secure-utilities/* https://attack.mitre.org/matrices/enterprise/* https://www.scmagazine.com/home/security-news/network-security/siem-rules-ignore-bulk-of-mitre-attck-framework-placing-risk-burden-on-users/* https://www.securityweek.com/cybercriminals-leak-files-allegedly-stolen-law-firm-jones-day Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,063 other subscribers Email Address Subscribe

Originally Aired on February 8, 2021 Articles discussed in this episode: * https://threatpost.com/500-malicious-chrome-extensions-millions/152918/* https://threatpost.com/fake-forcepoint-google-chrome-extension-hacks/163728/* https://threatpost.com/industrial-networks-hackable-security-holes/163708/* https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-poisoning-sheriff-says-idUSKBN2A82FV* https://twitter.com/SkelSec/status/1346553596855390212 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,027 other subscribers Email Address Subscribe

Originally Aired on February 1, 2021 Articles discussed in this episode: * https://threatpost.com/microsoft-365-bec-innovation/163508/* https://threatpost.com/critical-libgcrypt-crypto-bug-arbitrary-code/163546/* https://www.newyorker.com/magazine/2021/02/08/the-next-cyberattack-is-already-under-way?&web_view=true Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 3,008 other subscribers Email Address Subscribe

ORIGINALLY AIRED ON JANUARY 25, 2021 Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,989 other subscribers Email Address Subscribe

ORIGINALLY AIRED ON JANUARY 20, 2021 Articles discussed in this episode: * https://www.theregister.com/2021/01/20/malwarebytes_solarwinds_hack_latest/* https://threatpost.com/solarwinds-malware-arsenal-raindrop/163153/* https://threatpost.com/dnspooq-flaws-allow-dns-hijacking-of-millions-of-devices/163163/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,982 other subscribers Email Address Subscribe

A few short years ago, penetration testers did not have to work too hard for their malware command channels to execute. Fast forward to today in the age of Endpoint Detection and Response, User Behavior Analytics, and advanced built-in O/S defenses, your standard toolkit for malware generation/execution does not work anymore. All is not lost! Using some relatively simple programming techniques, and tactical changes, we can still gain malware execution to establish our C2 channels. With some additional tactical changes post-exploitation, we can still move around below the radar but we need to move with greater care and stealth than ever before. Join the BHIS Discord Community– https://discord.gg/aHHh3u5 00:00 – The Soundboard Has Too Many Buttons 04:10 – FEATURE PRESENTATION: Malware Execution in the Age of Advanced Defenses 05:36 – Attacker / Threat Actor Emulation 09:41 – That Matrix 10:34 – Endpoint Defense Maturity 13:25 – C2 Implant Execution 19:41 – Metasploit: Why Is My Network Traffic Caught? 23:09 – C2 – Customize and LOL 41:13 – The More You Know… 44:11 – Recon/Discovery Artifacts 46:15 – Amusement with AMSI 47:33 – Simple! 48:10 – AMSI Bypass 50:27 – Event Tracing Bypass 51:34 – Attack Combo! 52:24 – Conclusion (00:00) - The Soundboard Has Too Many Buttons (04:10) - FEATURE PRESENTATION: Malware Execution in the Agge of Advanced Defenses (05:36) - Attacker / Threat Actor Emulation (09:41) - That Matrix (10:34) - Endpoint Defense Maturity (13:25) - C2 Implant Execution (19:41) - Metasploit: Why Is My Network Traffic Caught? (23:09) - C2 - Customize and LOL (41:13) - The More You Know... (44:11) - Recon/Discovery Artifacts (46:15) - Amusement with AMSI (47:33) - Simple! (48:10) - AMSI Bypass (50:27) - Event Tracing Bypass (51:34) - Attack Combo! (52:24) - Conclusion