Thursday, October 29, 2015

2015-044-A MAD, MAD, MAD, MAD Active Defense World w/ Ben Donnelly!


It's a madhouse this week! We invited Ben Donnelly (@zaeyx) back to discuss a new software framewoek he's crafted, called #MAD Active Defense. Ben wants to make Active Defense simple enough for even the busiest blue teamer.

The interface takes it design from other well known #software frameworks, namely #Metasploit, #REcon-ng, and even a bit of #SET, he said.

We even did a quick demo of MAD, discussed the tenets of #Active #Defense, and talked about a little skunkworks project of Ben's that you will find enjoyable.

 

Promethean Security MAD GitHub: https://github.com/PrometheanInfoSec/MAD

***We have a video to accompany this... this will be a placeholder until we can get it uploaded and formatted accordingly**

Check us out using the TuneIn App!: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

RSS: http://www.brakeingsecurity.com/rss

 

 


Here is a new episode of Brakeing Down Security!

Wednesday, October 21, 2015

2015-043: WMI, WBEM, and enterprise asset management


WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.

Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use.  It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system. 

Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.

#assetmanagement #remotemanagement #wbem #wmi #windows

DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu

Wbemtest: http://blogs.technet.com/b/chad/archive/2012/03/08/tip-45-wbemtest-the-underappreciated-tool.aspx

WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx

TuneIn podcast Link: http://help.tunein.com/customer/portal/topics/406030-broadcaster-help/articles

RSS: http://www.brakeingsecurity.com/rss

 

Show notes


Here is a new episode of Brakeing Down Security!

Wednesday, October 14, 2015

2015-042: Log_MD, more malware archaeology, and sifting through the junk


Just before #Derbycon, we invited Michael Gough (@hackerhurricane) to join us on the #podcast. 

For the last 3-4 months, my co-host Brian and he were engaged in the creation of a software tool that would make #log #analysis of #windows systems quicker, and together they have achieved that with "Log-MD", short for Log Malicious Discovery.

For hosts infected with #Malware and #bots, they always leave a fingerprint of what they are doing behind. This software takes your system, configures it to get the maximum #logging output possible, then puts everything in a nice readable format, enabling you to filter out known good items, leaving you with bad items, or suspicious activity.  This allows you to analyze #logfiles and find malware in less time than before. This will make #forensics of infected systems faster and more economical.

We do some discussion of #Log-MD, and then we have MIchael demo LOG-MD for us.

Video demo: https://youtu.be/0_J90sOVY8c

log-MD site: http://log-md.com/

RSS: http://www.brakeingsecurity.com/rss


Here is a new episode of Brakeing Down Security!

Saturday, October 10, 2015

Derbycon Audio - post-Derby interviews!


In our last bit of Derbycon audio, I discussed DerbyCon experiences with Mr. Boettcher, Magen Wu (@tottenkoph), Haydn Johnson (@haydnjohnson), and Ganesh Ramakrishnan (@hyperrphysics).  We find out what they liked, what they didn't like, and you get a lot of great information about packing for a con, things you can do to improve your convention going experience.

Hopefully, you'll hear the amount of fun we had, and find the time to go to a convention. There are literally hundreds, many only few hours by plane away. Some can be found in your own town or within driving distance.


Here is a new episode of Brakeing Down Security!