Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-037-asset_management.mp3
We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this.
We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment, you could suffer gaps in coverage of your anti-virus/EDR software, unable to patch systems properly and even make it easier for lateral movement.
Finally, we discuss our recent "Introduction to Reverse Engineering" course with Tyler Hudak (@secshoggoth), and Ms. Berlin's upcoming trip to New Zealand.
RSS: http://www.brakeingsecurity.com/rss
Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2
#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast
Join our #Slack Channel! Sign up at https://brakesec.signup.team
#iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/
#SoundCloud: https://www.soundcloud.com/bryan-brake
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast
#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir
#Player.FM : https://player.fm/series/brakeing-down-security-podcast
#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
SHOW NOTES:
Oreilly con report
Malware report from Mr. Boettcher
DDE (Dynamic Data Exchange), all the rage
https://en.wikipedia.org/wiki/Windows_2.0
http://home.bt.com/tech-gadgets/computing/10-facts-about-windows-2-11364027546216
https://www.ghacks.net/2017/10/23/disable-office-ddeauto-to-mitigate-attacks/
Why asset management?
Know what’s in your environment
CIS Top 20...no wait, it’s the TOP THREE of the 20.
It all builds on this…
Know what’s in your environment
https://metacpan.org/pod/App::Netdisco <- NetDisco (great for network equipment)
Where do you store that data? Or is it just enough to know where to get it?
Systems you can pull asset data from:
Patching systems
Chef
WSUS
FIM systems
Tripwire
DLP systems
Vuln Scanners
AV/EDR management
router/switch tables
DNS
Asset management systems are a gold mine for an attacker
Names
IPs
email addresses
Coverage gaps in these systems will cause you to lose asset visibility
http://www.businessinsider.com/programmer-automates-his-job-2015-11
No comments:
Post a Comment