Talkin' Bout [Infosec] News

Originally aired on 11/09/2020 Articles discussed in this episode: * https://www.darkreading.com/threat-intelligence/6-ways-passwords-fail-basic-security-tests/d/d-id/1339299* https://www.infosecurity-magazine.com/news/national-guard-uvm-health-network/* https://www.zdnet.com/article/toy-maker-mattel-discloses-ransomware-attack/ Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,843 other subscribers Email Address Subscribe

Originally aired on October 26, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,845 other subscribers Email Address Subscribe

Originally aired on October 21, 2020. Check out our Cyber Range, not just a place to work through challenges and play, but also an open direct/hands-on training environment. https://www.blackhillsinfosec.com/services/cyber-range/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 2,828 other subscribers Email Address Subscribe

Many people get started in security as a Security Operations Center (SOC) analyst. In this Black Hills Information Security (BHIS) webcast we discuss the core skills that a SOC analyst needs in order to be successful. Trust us, these skills are more than just watching the SIEM and letting the SOAR platform handle everything through a AI powered single pane of glass. Security has been and will continue to be, hard. This webcast will help people who are getting started be more successful and hopefully happier in their jobs. I mean, we can’t make people happy. But, being good at one’s job is a good step in that direction. The rest is on you. We also cover some techniques that can be used to help stop SOC burnout. Because that is a real thing….. It is a real thing that many SOC analysts go through. When they do, they often entertain dreams of getting out of security and buying a food truck. Let’s help stop that. The world does not need another mediocre falafel truck powered by the crushed hopes and dreams of another infosec burnout. Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_TheSOCAge.pdf Join the BHIS Discord Community — https://discord.gg/aHHh3u5 “Pay What You Can” SOC Core Skills 16-Hour Training Course: https://wildwesthackinfest.com/online-training/soc-core-skills-john-strand/ 0:00:00 – PreShow Banter™ – A Weird Flex 0:12:24 – FEATURE PRESENTATION: SOC Analyst Key Skills 0:16:53 – Server Analysis 0:20:13 – There’s A Guide For That 0:26:54 – Memory Forensics 0:34:16 – Egress Traffic Analysis 0:43:39 – Logs Are Better Than Bad, They’re a Train Wreck 0:48:40 – “False Positives”

They say it “takes a village” to help raise a child… well, it also takes a village to help raise an infosec professional. With so many technologies, techniques, and tools and the need for soft-skills and the ability to navigate different types of relationships, we all need help. That’s where a formal mentor can be your guide into the unknown. We ALL can benefit from being mentored and being a mentor. In this live Black Hills Information Security (BHIS) webcast, we’ll discuss:– How to know if you need a mentor– How to find a mentor– How to be a mentor– How to be a mentee– How to ask someone to be a mentor– Multiple mentors– Difference between mentors, friends, tutors, career counselors, etc.– What to discuss during a mentoring session– How to make the best use of everyone’s time– When to end a mentoring relationship Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/10/SLIDES_InfoSecMentoring_HowtoFindandBe.pdf Join Our BHIS Discord Community – https://discord.gg/aHHh3u5 0:00:00 – PreShow Banter™ – We’re There, Trust Us 0:07:33 – PreShow Banter™ – Trace Labs CTF 0:24:47 – FEATURE PRESENTATION: InfoSec Mentoring 0:28:23 – Mentors, the Fresh Maker™ 0:30:27 – How To Find a Cult Leader, I Mean Mentor. 0:34:37 – B-Sides Orlando DEMO 0:42:17 – How To Be a Mentor 0:56:12 – How to Be A Mentee 1:03:42 – Your Moment of Self-Doubt 1:05:34 – Will You Be My Mentor? 1:11:56 – Reach Out 1:14:41 – Multiple Mentors 1:16:36 ... (00:00) - PreShow Banter™ – We're There, Trust Us (06:46) - PreShow Banter™ – Trace Labs CTF (23:21) - FEATURE PRESENTATION: Info Sec Mentoring (26:54) - Mentors, the Fresh Maker™ (28:55) - How To Find a Cult Leader, I Mean Mentor. (32:59) - B-Sides Orlando DEMO (40:29) - How To Be a Mentor (53:56) - How to Be A Mentee (01:01:17) - Your Moment of Self-Doubt (01:03:06) - Will You Be My Mentor? (01:09:22) - Reach Out (01:11:57) - Multiple Mentors (01:13:50) - Mentors, Friends, & Counselors (01:16:14) - You Discuss Me (01:17:28) - Time is Valuable (01:17:46) - This is the End (01:19:24) - End of Show Banter

Worlds collide as Black Hills Information Security (BHIS) brings together legendary developers in open source software (OSS) hunting and adversarial emulation projects for a discussion on the current state of the landscape and what’s coming next. As our panel hosts, Jordan and Kent (Atomic Purple Team, PlumHound), continue to focus on advocating and evangelizing for Purple Teaming in the information security community, they have invited Roberto Rodriguez & Nate Guagenti (HELK Project, Mordor) and Marcello Salvati (CrackMapExec, SILENTTRINITY) to discuss the collision of OSS Hunting and Adversarial Emulation platforms, with additional commentary from John Strand. The group will discuss Roberto Rodriguez (@Cyb3rWard0g) and Nate Guagenti’s (@neu5ron) development and maintenance of the HELK project while focusing on the ongoing development of Mordor, Datasets, and Azure Resource Manager templates. Joining the world-class hunters is Marcello Salvati (Byt3bl33d3r), developer of CrackMapExec and SILENTTRINITY to continue the discussion of OSS adversarial simulation. John Strand will add commentary on the history of adversarial simulation, hunting, and where the industry may be headed. Webcast Hosts: * Jordan Drysdale @rev10d * Kent Ickler @krelkci Special Guests: * Roberto Rodriguez @cyb3rward0g * Nate Guagenti @neu5ron * Marcello Salvatti @byt3bl33d3r * John Strand @strandjs Join the BHIS Community Discord https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_WhenWorldsCollide.pdf 00:00:00 – PreShow Banter™ — We’ve Lost Control 00:10:47 – FEATURE PRESENTATION: When Worlds Collide 00:14:26 – Threat Intelligence Sharing 00:25:57 – Won’t Stop Can’t Stop 00:32:06 – A Tired Community 00:38:54 – Re-Investing Open Source Projects (00:00) - PreShow Banter™ — We've Lost Control (09:40) - FEATURE PRESENTATION: When Worlds Collide (13:13) - Threat Intelligence Sharing (24:03) - Won't Stop Can't Stop (29:38) - A Tired Community (35:59) - Re-Investing Open Source Projects (42:08) - Open Threat Research (47:18) - Understand Adversary Tradecraft (49:04) - Mordor Labs (01:05:43) - Mordor Datasets (01:08:17) - HELK (01:14:14) - Threat Hunter Playbook (01:30:42) - PostShow Banter

John Strand // Ok, that was a bit of a dramatic title. But, it works. In this Black Hills Information Security (BHIS) webcast, John covers the tips and tricks on how to effectively present technical topics to large and small groups. This presentation includes, but is not limited to: crotch sniffing dogs, heart attacks, how to effectively deal with chafing, don’t drink the water, choosing the right shoes, presenting to management, seriously, chafing is a problem, chickens, getting over impostor syndrome, becoming a PowerPoint ninja, every piece of presenting advice you have ever heard is wrong, using your podium as a weapon, shutting down trolls and tips for presenting in the dark, with no heat/AC and very little water… to over 100 people, and keeping them all happy. BHIS Discord Community https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_HowToPresent.pdf 00:00:00 – PreShow Banter™ — War Stories 00:12:33 – PreShow Banter™ — WWHF 09-2020 Preview 00:15:52 – FEATURE PRESENTATION: How To Present 00:26:25 – Lessons! 00:43:42 – Don’t Drink the Water 00:46:34 – Imposter 00:59:02 – Keynote Presentations 01:07:30 – Projections 01:17:32 – The Boss Level 01:20:15 – Conversations That Matter 01:26:54 – End of Show Questions

Have you ever installed a Python tool / library only to then find out other Python based tools you’ve installed previously are now completely broken? Running Kali? Ever try installing a Python tool with apt-get and another with pip? (00:00) - PreShow Banter™ – Jokes Not Safe For Work (11:31) - PreShow Banter™ – SponsorWare for GitHub (20:13) - Feature Presentation: Pretty Little Python Secrets (25:19) - 1st Circle of Hell: Managing Python Versions (30:58) - 2nd Circle of Hell: Python Dependencies (33:25) - Installing Python Tools/Libraries (39:18) - Isolate, Isolate, Isolate (46:29) - Pipx – The Easy Button (51:15) - Making Python Apps Semi-Portable (53:09) - ZipApps! (01:03:32) - Shiv! (01:11:26) - If all else fails.. Docker ! (01:17:12) - Conclusion

CJ and Bryan will share the knowledge they’ve accumulated, by helping 1,000’s of organizations determine what they need and don’t need when it comes to penetration tests and security assessments, over the years. Topics Covered: * Selecting the type of test * Selecting the company to test * When to test * Issues around conducting a test This webcast is for penetration testers and offensive security professionals to see behind-the-scenes of how scoping, Rules of Engagement, and client relations are established. For the defenders and Blue Team professionals, this webcast will help you understand what to expect when deciding if and when you want to test the defenses you’ve put in place. What to Expect When You Are Expecting…a Penetration Test by Larry Pesce and Suzanne Pereira: https://youtu.be/aJatJZI__V4 Join the Black Hills Information Security Discord Community: https://discord.gg/aHHh3u5 Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/08/SLIDES_WhatToExpect.pdf 00:00 – PreShow Banter™ – Look What I Can Do! 05:17 – And Now For The Expected Presentation 15:21 – What Kind of Test is Right for Me 27:04 – How Big Will It Get? 36:34 – How Much Will it Cost? 45:25 – What Are the Risks? 50:55 – The Big Day 54:00 – Post-Testum Depression 1:00:40 – May I Have Another? 1:05:12 –... (00:00) - PreShow Banter™ – Look What I Can Do! (05:17) - And Now For The Expected Presentation (15:22) - What Kind of Test is Right for Me (27:05) - How Big Will It Get? (36:36) - How Much Will it Cost? (45:28) - What Are the Risks? (50:58) - The Big Day (54:03) - Post-Testum Depression (01:00:44) - May I Have Another? (01:05:16) - Post-Show Rapid Fire Questions

Jordan Drysdale & Kent Ickler // Jordan and Kent are back again to continue strengthening organizations’ information security human capital (That’s all you folks!). Organization Leadership and Security Practitioners can gain understanding on the potential designed-to-fail Purple Teams initiatives never reached their full potential. The Duo reviews how systemic organizational career pathing created an insoluble Red vs Blue dichotomy. MORE IMPORTANTLY: The team is announcing a recipe for Purple Team Wins: The Atomic Purple Team (Lifecycle) Framework Organizations struggling to efficiently leverage the skillsets of all information security staff will benefit from considering the Atomic Purple Team Lifecycle Framework’s business-driven workflow. The workflow takes its roots from tested continuous improvement frameworks like ISO9001, ISO27001, Six Sigma, and the like. Watch how a methodical balance of risk analysis, attack, hunt and defend methodologies, and business considerations can effectively and continually improve an organizations’ security posture. As an added bonus, the framework incorporates concepts of Human Capital Management and knowledge-flow methodologies to encourage tacit knowledge exchange to further organic growth of the skillsets of all those involved in the Atomic Purple Team framework. But wait, there’s more! Budget headaches? Learn how the Atomic Purple Team framework’s methodical flow also aligns to natural business operations management and reporting. The framework provides a clear path to cabinet-approved Purple Team budget appropriations to ensure long term security posture improvement. Lastly, Jordan and Kent will demonstrate the Atomic Purple Team Lifecycle in action by running complete live Attack and Hunt/Defend lifecycle(s), all the way to risk management and budgetary thoughts. Join the Black Hills Information Security Discord discussion server — https://discord.gg/aHHh3u5 Need slides and much more — https://github.com/DefensiveOrigins/A… 0:00 – Family Stories 1:07 – Atomic Purple Team Framework (00:00) - Family Stories (01:07) - Atomic Purple Team Framework (03:28) - Executive Problem Statement (04:41) - Red Team, Blue Team, Purple Team (07:18) - Who / What is APT? (09:22) - Atomic Purple Team Lifecycle (18:18) - 1. Threat / Risk Assessment (Ingest) Types (19:59) - 2. Planning — What are the Tools (20:50) - 3. Attack / Execute / Engage (21:37) - 4. Hunt and Defend (22:01) - 5. Adjust & Harden (23:14) - 6. Reporting and Request for Deployment (27:07) - Lifecycles Start in Development (28:15) - Lifecycles End in Production (28:43) - APT Lab INfrastructure (29:48) - Off-Roading: Lab Demo (33:21) - Lifecycle Walkthrough — Goal Setting (34:50) - Purple Team Lifecycle Walkthrough (44:02) - Hunt and Defend Methodology (45:02) - Adjusting to Threat (47:21) - APTLC Playbook (48:49) - The Report (53:15) - Lessons Learned