2016-011-Hector Monsegur, serialization, and bug bounties

Download Here: http://traffic.libsyn.com/brakeingsecurity/2016-011-Hector_Monsegur-bug_bounties-serialization.mp3

iTunes Direct Link:

Hector Monsegur has had a colorful history. A reformed black hat who went by the name 'Sabu' when he was involved in the hacker collectives "Lulzsec" and "Anonymous", he turned state's evidence for the FBI, working to stop further hacking attempts by the same people he was working with.

https://en.wikipedia.org/wiki/Hector_Monsegur

This week, we got to sit down with Hector, to find out what he's been doing in the last few years. Obviously, a regular job in the security realm for a large company is not possible for someone with a colorful past that Mr. Monsegur has. So we discuss some of the methods that he's used to make ends meet.

Which brings us to the topic of bug bounties. Do they accomplish what they set out to do? Are they worth the effort companies put into them? And how do you keep bounty hunters from going rogue and using vulnerabilities found against a company on the side?

In an effort to satisfy my own curiosity, I asked Hector if he could explain what a 'serialization' vulnerability is, and how it can be used in applications. They are different than your run of the mills, every day variety OWASP error, but this vulnerability can totally ruin your day...

https://www.contrastsecurity.com/security-influencers/java-serialization-vulnerability-threatens-millions-of-applications

https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status/

Finally, we ask Hector some advice for that 'proto black hat' who is wanting to head down the road that Hector went. The answer will surprise you...

We hope you enjoy this most interesting interview with a enigmatic and controversial person, and hope that the information we provide gives another point of view into the mind of a reformed "black hat" hacker...

 

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast

RSS FEED: http://www.brakeingsecurity.com/rss

On #Twitter: @brakesec @boettcherpwned @bryanbrake

#Facebook: https://www.facebook.com/BrakeingDownSec/

#Tumblr: http://brakeingdownsecurity.tumblr.com/

Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969

Player.FM : https://player.fm/series/brakeing-down-security-podcast

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

#infosec, #blackhat, hector #monsegur, #hacker, #anonymous, #lulzsec, #FBI, #Sabu, #serialization, #bug #bounties, #hackerone, #bugcrowd, #podcast, #de-serialization, #penetration tests, #social #engineering, #CISSP

Here is a new episode of Brakeing Down Security Podcast!

2016-010-DNS_Reconnaissance

DNS... we take it for granted... it's just there. And we only know it's broken when you boss can't get to Facebook.
This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it's creation, how it's hierarchical structure functions to allow resolution to occur, and even why your /etc/hosts is important.
We discuss some of the necessary fields in your DNS records. MX, ALIAS, CNAME, SOA, TXT, and how DNS is used for non-repudiation in email.
We also touch on how you can use DNS to enumerate an external network presence when you are the red team, and what you should know about to make it harder for bad actors to not use your external DNS in amplification attacks.
Finally, you can't have a discussion about DNS without talking about how to secure your DNS implementation. So we supply you with a few tips and best practices.
Plenty of informational links down below, including links to the actual RFCs (Request for Comment) which detail how DNS is supposed to function. Think of them as the owner's manual for your car.
Direct Download: http://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3
#iTunes:
Comments, Questions, Feedback: bds.podcast@gmail.com
Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss

On #Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
Player.FM : https://player.fm/series/brakeing-down-security-podcast
Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/


Podcast Links we used for information:
http://www.slideshare.net/BizuworkkJemaneh/dns-42357401
300+ million domains registered: https://www.verisign.com/en_US/internet-technology-news/verisign-press-releases/articles/index.xhtml?artLink=aHR0cDovL3ZlcmlzaWduLm13bmV3c3Jvb20uY29tL2FydGljbGUvcnNzP2lkPTIwMTIwNTI%3D
https://technet.microsoft.com/en-us/library/cc770432.aspx
http://security-musings.blogspot.com/2013/03/building-secure-dns-infrastructure.html
http://tldp.org/HOWTO/DNS-HOWTO-6.html
https://en.wikipedia.org/wiki/Domain_Name_System
https://en.wikipedia.org/wiki/DNS_spoofing
http://www.esecurityplanet.com/network-security/how-to-prevent-dns-attacks.html
http://www.firewall.cx/networking-topics/protocols/domain-name-system-dns/161-protocols-dns-response.html
http://www.thegeekstuff.com/2012/05/ettercap-tutorial/
https://isc.sans.edu/forums/diary/New+tricks+that+may+bring+DNS+spoofing+back+or+Why+you+should+enable+DNSSEC+even+if+it+is+a+pain+to+do/16859/
https://support.google.com/a/answer/48090?hl=en
http://www.ecsl.cs.sunysb.edu/tr/TR187.pdf
https://tools.ietf.org/html/rfc882
https://tools.ietf.org/html/rfc883
https://tools.ietf.org/html/rfc1034
https://tools.ietf.org/html/rfc1035


Here is a new episode of Brakeing Down Security Podcast!

2016-009-Brian Engle, Information Sharing, and R-CISC

We've reached peak "Br[i|y]an" this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center.
"Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsenal against cyber criminals by sharing leading practices and threat intelligence in a safe and secure way." -- R-CISC website
To learn more, visit https://r-cisc.org/ 
We discussed with Brian a bit of the history of the #R-CISC, and why his organization was brought into being. We ask Brian "How do you get companies who make billions of dollars a year to trust another competitor enough to share that they might have been compromised?" "And how do you keep the information sharing generic enough to not out a competitor by name, but still be actionable enough to spur members to do something to protect themselves?"


Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security using Patreon: https://www.patreon.com/bds_podcast
RSS FEED: http://www.brakeingsecurity.com/rss
Direct Download:
On #Twitter: @brakesec @boettcherpwned @bryanbrake
#Facebook: https://www.facebook.com/BrakeingDownSec/
#Tumblr: http://brakeingdownsecurity.tumblr.com/
Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
Player.FM : https://player.fm/series/brakeing-down-security-podcast
Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
iTunes:
#actionable, #brian, #engle, #cissp, #cpes, #data, #financial, #infections, #isac, #malware, #podcast, #rcisc, #retail, #security, #infosec, #threat #intelligence

Photo of Brian Engle courtesy of https://r-cisc.org

**I (Bryan) apologize for the audio. I did what I could to clean it up. Seriously don't know what happened to screw it up that badly. I can only imagine it was bandwidth issues on my Skype connection**

Here is a new episode of Brakeing Down Security Podcast!

2016-008-Mainframe Security

This week's supersized episodes is brought to us thanks to previous guest Cheryl Biswas. You might remember her from our "Shadow IT" podcast a few months ago. She reached out to us to see if we were interested in doing a podcast on mainframe security with her and a couple of gentlemen that were not unknown to us.
Of course we jumped at the chance! You might know them as @mainframed767 and @bigendiansmalls (Chad) on Twitter. They've been trying to get people to be looking into mainframes and mainframe security for years. Mainframes are usually used by financial organizations, or older organizations. In many cases, these systems are managed by a handful of people, and you will have little or no help if you are a red teamer or pentester to make sure these systems are as secured as they possibly can.
So, Cheryl (@3ncr1pt3d), @bigendiansmalls, and @mainframed767 (Philip) walk us through how a mainframe functions. We discuss what you might see when a scan occurs, that if runs a mainframe OS, and a Linux 'interface' OS.
We also discuss methods you can use to protect your organization, and methods you can use as a redteamer to learn more about mainframes.
Chad's talk at DerbyCon 2015: https://www.youtube.com/watch?v=b5AG59Y1_EY
Chad discussing mainframe Security on Hak5: https://www.youtube.com/watch?v=YBhsWvlqLPo
Linux for mainframes: http://www-03.ibm.com/systems/linuxone/
Philip's talks on Youtube: https://www.youtube.com/playlist?list=PLBVy6TfEpKmEL56fb5AnZCM8pXXFfJS0n

Brian and I wish to thank Cheryl for all her help in making this happen. You can find her blog over at Alienvault's site... https://www.alienvault.com/blogs/author/cheryl-biswas

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
Tumblr: http://brakeingdownsecurity.tumblr.com/
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
**NEW** Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
**NEW** Listen to us on Player.FM!! : https://player.fm/series/brakeing-down-security-podcast

Here is a new episode of Brakeing Down Security Podcast!

2015-007-FingerprinTLS profiling application with Lee Brotherston

We first heard about FingerprinTLS from our friend Lee Brotherston at DerbyCon last September. Very intrigued by how he was able to fingerprint client applications being used, we finally were able to get him on to discuss this.
We do a bit of history about #TLS, and the versions from 1.0 to 1.2
Lee gives us some examples on how FingerprintTLS might be used by red teamers or pentest agents to see what applications a client has on their system, or if you're a blue team that has specific application limitations, you can find out if someone has installed an unauthorized product, or you could even block unknown applications using this method by sensing the application and then creating an IPS rule from the fingerprint.
Finally, something a bit special... we have a demo on our Youtube site that you can view his application in action!
Video demo: https://youtu.be/im6un0cB3Ns


https://upload.wikimedia.org/wikipedia/commons/thumb/4/46/Diffie-Hellman_Key_Exchange.svg/2000px-Diffie-Hellman_Key_Exchange.svg.png
http://blog.squarelemon.com/tls-fingerprinting/
https://github.com/LeeBrotherston/tls-fingerprinting
http://www.slideshare.net/LeeBrotherston/tls-fingerprinting-sectorca-edition
https://www.youtube.com/watch?v=XX0FRAy2Mec
http://2015.video.sector.ca/video/144175700
Cisco blog on malware using TLS... http://blogs.cisco.com/security/malwares-use-of-tls-and-encryption

Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr
TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
BrakeSec Podcast Twitter: http://www.twitter.com/brakesec
Bryan's Twitter: http://www.twitter.com/bryanbrake
Brian's Twitter: http://www.twitter.com/boettcherpwned
Join our Patreon!: https://www.patreon.com/bds_podcast
Tumblr: http://brakeingdownsecurity.tumblr.com/
RSS FEED: http://www.brakeingsecurity.com/rss
Comments, Questions, Feedback: bds.podcast@gmail.com
**NEW** Google Play Store: https://play.google.com/music/podcasts/portal/#p:id=playpodcast/series&a=100584969
**NEW** Listen to us on Player.FM!! : https://player.fm/series/brakeing-down-security-podcast

Here is a new episode of Brakeing Down Security Podcast!

2016-006-Moxie_vs_Mechanism-Dependence_On_Tools

This week starts with an apology to Michael Gough about comments I (Bryan) mangled on the "Anti-Virus... What is it good for?" podcast. Then we get into the meat of our topic...
Automation is a great thing. It allows us to do a lot more work with less personnel, run mundane tasks without having to think about them, and even allow us to do security scans on web applications and assets in your enterprise.
But is our dependence on these tools making us lazy, or giving us a false sense of security? What is the 'happy medium' that we should find when deciding to spend the GDP of a small country for the latest compliance busting tool, or spend the necessary Operational Expenditure (OpEx) for a couple of junior personnel or a seasoned professional.
Mr. Boettcher and I discuss over reliance, blindly trusting results, and what can happen when you have too much automation, and not enough people around to manage those tools.

Here is a new episode of Brakeing Down Security Podcast!

Brakeing Down Security interviewed on "Building a Life and Career in Security" podcast!

After we interviewed Jay Schulman on our podcast, Mr. Boettcher and I did his podcast!  Listen to both of us share our bios and learn how Mr. Boettcher and I met, and how our unorthodox ways of getting into information security can show that anyone can move into that space...

https://www.jayschulman.com/episode15/

 

Jay has conducted other interviews with some great people, and he creates some great blog posts. Please check out his site at https://www.jayschulman.com

You can also hear our discuss BSIMM and learn a bit more about Jay from our podcast as well...

http://brakeingsecurity.com/2016-001-jay-schulmann-explains-bsimm-usage-in-the-sdlc

Here is a new episode of Brakeing Down Security Podcast!