We discuss SANS courses, including the one I just took (SEC504). How did I do in class? You can listen to the show and find out.
Since it's been a few weeks, we also discuss all the interesting WannaCry reports, the ease at which this vulnerability was exploited, and why would a company allow access to SMB (tcp port 445) from the Internet?
We discuss some upcoming training that we are holding starting 14 June. Ms. Sunny Wear will be doing 3 sessions discussing the use of Burp, and showing how to exploit various web application vulnerabilities. Details are in the show notes and in our Slack Channel.
Ms. Sunny Wear is doing a web app security class
Starts June 14th at 1900 Eastern (1600 Pacific, 2300 UTC)
Sign up for the class at the $20 dollar Patreon level (if you plan on attending)
Sign up for immediate video access at the $10 Patreon level (cannot attend class, but want to follow along)
Everyone will have access to the Slack Channel to follow along with the class, ask questions, etc (join our #slack channel for more information)
https://www.patreon.com/bds_podcast
Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-018-SANS_course-EternalBlue-Samba-DerbyCon.mp3
RSS: www.brakeingsecurity.com/rss
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2
#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
--------
Jay Beale’s Class “aikido on the command line: hardening and containment”
JULY 22-23 & JULY 24-25 AT BlackHat 2017
---------
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
SHOW NOTES:
SANS experience
Pity Quincenera - I (bryan) sucked
Need more experience
Speed kills (I (bryan) got flustered and I shutdown) you took speed?
No Kali - was surprised, until I thought of why :D
Was not helpful to my team (jacek, ryan, Michael C., David)
John Strand was phenomenal
Frank Kim was great
The audio was not, unfortunately :(
Samba/SMB (port 445) vulns
Use case for having it exposed?
**** OPEN TO SUGGESTIONS *****
What does that say about the company?
No security team, or the security team is ineffectual about telling people about the risks?
What
MS17-010 is the new MS08-067
http://thehackernews.com/2017/05/samba-rce-exploit.html
Over 400,000 open to the web
https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
Training announcement:
Ms. Sunny Wear doing a web app security class
Starts June 14th
Sign up for the class at the $20 dollar Patreon level
Sign up for immediate video access at the $10 Patreon level
https://www.patreon.com/bds_podcast
Who’s Slide is it Anyways? @ImprovHacker
#infosec #podcast #webAppSec #application #security