Monday, May 29, 2017

2017-018-SANS_course-EternalBlue_and_Samba_vulnerabilities-DerbyCon contest details


We discuss SANS courses, including the one I just took (SEC504). How did I do in class? You can listen to the show and find out.

Since it's been a few weeks, we also discuss all the interesting WannaCry reports, the ease at which this vulnerability was exploited, and why would a company allow access to SMB (tcp port 445) from the Internet?

We discuss some upcoming training that we are holding starting 14 June. Ms. Sunny Wear will be doing 3 sessions discussing the use of Burp, and showing how to exploit various web application vulnerabilities.  Details are in the show notes and in our Slack Channel.

 

Ms. Sunny Wear is doing a web app security class

Starts June 14th at 1900 Eastern (1600 Pacific, 2300 UTC) 

Sign up for the class at the $20 dollar Patreon level (if you plan on attending)

Sign up for immediate video access at the $10 Patreon level (cannot attend class, but want to follow along)

Everyone will have access to the Slack Channel to follow along with the class, ask questions, etc (join our #slack channel for more information)

https://www.patreon.com/bds_podcast

 

Direct Link:   http://traffic.libsyn.com/brakeingsecurity/2017-018-SANS_course-EternalBlue-Samba-DerbyCon.mp3

RSS: www.brakeingsecurity.com/rss

 

Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

--------

Jay Beale’s Class “aikido on the command line: hardening and containment”

JULY 22-23 & JULY 24-25    AT BlackHat 2017

https://www.blackhat.com/us-17/training/aikido-on-the-command-line-linux-hardening-and-containment.html

 

---------

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

 

 

 SHOW NOTES:

 

SANS experience

Pity Quincenera - I (bryan) sucked

Need more experience

Speed kills (I (bryan) got flustered and I shutdown) you took speed?

No Kali - was surprised, until I thought of why :D

Was not helpful to my team (jacek, ryan, Michael C., David)

John Strand was phenomenal

Frank Kim was great

The audio was not, unfortunately :(

 

 

Samba/SMB (port 445) vulns

Use case for having it exposed?

**** OPEN TO SUGGESTIONS *****

What does that say about the company?

No security team, or the security team is ineffectual about telling people about the risks?

What

MS17-010 is the new MS08-067

http://thehackernews.com/2017/05/samba-rce-exploit.html

Over 400,000 open to the web

https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

 

Training announcement:

 

Ms. Sunny Wear doing a web app security class

Starts June 14th

Sign up for the class at the $20 dollar Patreon level

Sign up for immediate video access at the $10 Patreon level 

https://www.patreon.com/bds_podcast

 

 

Who’s Slide is it Anyways? @ImprovHacker

https://docs.google.com/forms/d/e/1FAIpQLSeLS0barWRdKVjPPyZ82lvC0UQMaDTJXRwF11qItlbZOrrf6A/viewform?c=0&w=1

 

#infosec #podcast #webAppSec #application #security


Here is a new episode of Brakeing Down Security Podcast!

No comments: