Hector Monsegur (@hxmonsegur on Twitter) is a good friend of the show, and we invited him to come on and discuss some of the #OSINT research he's doing to identify servers without using noisy techniques like DNS brute forcing.
We also discuss EclinicalWorks and their massive fine for falsifying testing of their EHR system, and implications for that. What happens to customers confidence in the product, and what happens if you're already a customer and realize you were duped by them?
We also discuss Hector's involvement with the TV show "Outlaw Tech". Who approached him, why he did it, why it's not CSI:Cyber or "Scorpion" and how it discusses the techniques used by bad guys.
Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
Comments, Questions, Feedback: firstname.lastname@example.org
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
going beyond DNS bruteforcing and passively discovering assets from public datasets???
Very interested in hearing about this
Straight OSINT, or what?
Hxm: Over at RSL (Rhino Sec Labs), one of the research projects I’m working on is discovery of assets (subdomains) while minimizing footprint (dns bruteforcing). Datasets include things like:
- Data from the certificate transparency project (https://www.certificate-transparency.org/)
- rDNS and forward dns dataset from https://scans.io/ Sonar Scans - Rapid7
- Sublist3r: https://github.com/aboul3la/Sublist3r
- And other datasets that are out there
- Crime Flare https://krebsonsecurity.com/tag/crimeflare-com/ -> crimeflare.com
- Discuss why brute forcing DNS leaves such a heavy footprint for blue team forensics
- How cloud providers like CloudFlare, and others, do not take advantage of DNS bruteforcing error messages
- Special shout out to Ryan Sears @ CaliDog Security for his research into this field
- Smart DNS Bruteforcing - https://github.com/jfrancois/SDBF
Training gained from internal phishing campaigns
Does it breed internal mis-trust?
Recent campaign findings
Why do it if we know one account is all it takes? Because we know it’s a ‘win’ for security?
Outlaw Tech on Science Channel
What’s it about? (let’s talk about the show)
- The show itself is on the Science channel (Discovery)
- The aim of the program is to discuss the technology behind many of the biggest crimes (heists, el chapo’s communication network, etc)
- And how I play a part in it
http://www.dw.com/en/estonia-buoys-cyber-security-with-worlds-first-data-embassy/a-39168011 - ”Estonia buoys cyber security with world's first data embassy” - interesting
-- Reminds me of the whole emissions scandal from a couple of years back. http://www.roadandtrack.com/new-cars/car-technology/a29293/vehicle-emissions-testing-scandal-cheating/
Crowdfunding to buy shadowbroker exploits ended: https://threatpost.com/crowdfunding-effort-to-buy-shadowbrokers-exploits-shuts-down/126010/
China's Cybersecurity Law: https://lawfareblog.com/chinas-cybersecurity-law-takes-effect-what-expect
Facial recognition for plane boarding: http://money.cnn.com/2017/05/31/technology/jetblue-facial-recognition/index.html
Keybase.io’s Chrome plugin -- Game changer? https://chrome.google.com/webstore/detail/easy-keybaseio-encryption/bhoocemedffiopognacolpjbnpncdegk/related?hl=en