Wednesday, July 31, 2019

2019-029-dissecting a real Social engineering attack (part 1)


Intro - Ms. DirInfosec “Anna”

Call Centers suffer from wanting to give good customer service and need to move the call along.

    Metrics are tailored to support an environment conducive to these kinds of attacks

https://en.wikipedia.org/wiki/Social_engineering_(security)

Social engineering will prey on people’s altruism 

    “Pregnant woman needing help through the security door”

    “Person on crutches”
    “Delivery person with arms full”

    “Can’t remember information, others filling in missing bits”

    Call Center Reps are _paid_ to be helpful. “Customer is never wrong”

 

Creating a sense of urgency to spur action


Real-life scenario: "bob calls asking about status of an order"

Questions: 

  1. What were you doing for training prior to these calls? (it’s alright if you weren’t doing anything) :)

Pre-training audio (#1 and #2)

 

  1. What was their reaction about the calls received?

 

  1. Did the training take the first time?
    1. What difficulties did you have after the first training?
    2. ‘Getting better Audio’ (#3)
    1. Fake calls?
    2. Show examples?
  2. Talk about the training, what kind of training:
    1. Post audio (#4 and #5)
  3. How did your call center reps handle the training?
  4. For a business standpoint, what had to be changed to accommodate the new processes

 

https://www.pindrop.com/blog/tackling-113-fraud-increase-call-centers-webinar-recap/

https://www.bai.org/banking-strategies/article-detail/beating-crooks-at-call-center-fraud

 

@consultingCSO on twitter

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!

Tuesday, July 23, 2019

2019-028-fileless_malware_campaign,privacy issues with email integration-new_zip_bomb_record


FIleless malware campaign - https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/fileless-threats

 

https://www.andreafortuna.org/2017/12/08/what-is-reflective-dll-injection-and-how-can-be-detected/


https://www.extremetech.com/computing/294852-new-zip-bomb-stuffs-4-5pb-of-data-into-46mb-file 

 

https://articles.forensicfocus.com/2019/07/15/finding-and-interpreting-windows-firewall-rules/



https://www.theregister.co.uk/2019/02/11/google_gmail_developer/     

Privacy issues:

    Companies integrating with email systems

    Pulling all information from the inboxes

    Collecting that information

    Storing for long periods of time (‘training the AI’)

    Check for SOC2 and press them on their data storage and privacy policies

    Have language in your 3rd party agreements to understand sharing and collection

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 

 



Cool Tools:

https://github.com/AxtMueller/Windows-Kernel-Explorer

https://github.com/TheSecondSun/Revssl


Download here!

Sunday, July 14, 2019

2019-027-GDPR fines for British Airways, FTC fines Facebook, Zooma-palooza


MITRE Pre-Attack techniques https://attack.mitre.org/techniques/pre/

https://www.bbc.com/news/business-48905907

Zoom - https://www.wired.com/story/zoom-flaw-web-server-fix/

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Download here!

Monday, July 8, 2019

2019-026-Ben Johnson discusses hanging your shingle, going independent


 

 

Starting a new business (hanging the shingle)

 

What’s a way to become an independent consultant?

Especially if you don’t have a reputation?

 

Ben's reading list:

“Mindset: the New Psychology of success”

“Essentialism”

“Extreme ownership”

“Team of teams”

 

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

 


Download here!

Monday, July 1, 2019

2019-025-Ben Johnson discusses identity rights management, and controlling your AuthN/AuthZ issues


Identity analytics

 

“Identity analytics is the next evolution of the IGA (Identity Governance & Administration) market. Identity professionals can use this emerging set of solutions combining big data and advanced analytics to increase identity-related risk awareness and enhance IAM processes such as access certification, access request and role management.” --gartner

Identity related risk awareness

Access certification is the process of validating access rights within systems. ... With access certification, organizations and regulations aim to formally validate users within systems and ensure their access rights are appropriate.

 

Access request - a system must validate that a user has need-to-know

Role management - users must be validated in a particular role or roles (admin, superuser, backup controller, launch manager, code committer)

What kind of threats are you protecting against?

What do you solve that proper administration of users can do?

How does technology like this improve IAM processes? 

If it gathers heuristics, what happens when a user changes? (loses an arm, finger, or sneezes during password login, or just ages?)

 

Where is the best fit for these kinds of systems? 

Where should you put these systems if you’re in a blended environment? And how does this work with systems like Active Directory?

Privacy issues… what if any do you have to deal with in this case? 

That was my next question

Entitlements? What’s the difference between AuthN?

Identity creep -Ben gave a talk on it  https://www.brighttalk.com/webcast/17685/362274

Does this monitor, or will it also prevent? 

If it doesn’t, can it send alerts to you IPS to isolate?

“Blast radius”

https://whatis.techtarget.com/definition/behavioral-biometrics

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!