Sunday, April 29, 2018

2018-014- Container Security with Jay Beale


 

 

Container security

 

Jay Beale  @inguardians , @jaybeale

 

Containers

  • What the heck is a container?
    • Linux distribution with a kernel
      • Containers run on top of that, sharing the kernel, but not the filesystem
    • Namespaces
      • Mount
      • Network
      • Hostname
      • PID
      • IPC
      • Users
  • Somebody said we’ve had containers since before Docker
    • Containers started in 2005, with OpenVZ
    • Docker was 2013, Kubernetes 2014
  • Image Security
    • CoreOS Clair for vuln scanning images
    • Public repos vs private
    • Don’t keep the image running for so long?
    • Don’t run as root
  • More Containment stuff
    • Non-privileged containers
    • Remap the users, so root in container isn’t root outside
    • Drop root capabilities
    • Seccomp for kernel syscalls
    • AppArmor or SELinux
  • All of above is about Docker, what about Kubernetes
    • Get onto most recent version of K8S - 1.7 and 1.8 brought big security improvements
    • Network policy (egress firewalls)
    • RBAC (define what users and service accounts can do what)
    • Use namespaces per tenant and think hard about multi-tenancy
    • Use the CIS guides for lockdown of K8S and the host
    • Kube-bench

Difference between containers and sandboxing

 

Roll your own -

    Containers

        Using public registries - leave you vulnerable

        Use your own private repos for deploying containers

 

Reduce attack surface

Reduce user access

 

Automation will allow more security to get baked in.

 

https://www.infoworld.com/article/3104030/security/5-keys-to-docker-container-security.html



https://blog.blackducksoftware.com/8-takeaways-nist-application-container-security-guide





https://www.vagrantup.com/downloads.html

 

https://www.vmware.com/products/thinapp.html

 

https://www.meetup.com/SEASec-East/events/249983387/





S3 buckets / Azure Blobs

 

https://docs.microsoft.com/en-us/azure/architecture/aws-professional/services

 

https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Friday, April 20, 2018

2018-013-Sigma_malware_report, Verizon_DBIR discussion, proper off-boarding of employees


Report from Bsides Nash - Ms. Berlin

New Job

Keynote at Bsides Springfield, MO

Mr. Boettcher talks about Sigma Malware infection.

 

http://www.securitybsides.com/w/page/116970567/BSidesSpfd

**new website upcoming**

Registration is coming and will be updated on next show (hopefully)

DBIR -https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_execsummary_en_xg.pdf

 

VERIS framework

http://veriscommunity.net/

 

53,000 incidents

 

2,216 breaches?!

 

73% breaches were by outsiders

 

28% involved internal actors (but needs outside help?)

 

Not teaching “don’t click the link”, but instead teach, “I have no curiosity”

   

Discuss "Dir. Infosec" Slack story as method to halt infection

 

https://www.tripwire.com/state-of-security/security-awareness/women-information-security-amanda-berlin/

The “Living off the Land” trend continues with attack groups opting for tried-and-trusted means to infiltrate target organizations. Spear phishing is the number one infection vector employed by 71 percent of organized groups in 2017. The use of zero days continues to fall out of favor.

 

Off boarding people… so much process to get people on, but it’s just not mature getting people out...

 

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Posted by at 1 comment:
Labels: , , , , , , , , , , , , , ,

Wednesday, April 11, 2018

2018-012: SIEM tuning, collection, types of SIEM, and do you even need one?


Bryan plays 'stump the experts' with Ms. Berlin and Mr. Boettcher this month...

We discuss SIEM logging, and tuning...

How do SIEM deal with disparate log file types?

What logs should be the first to be gathered?

Is a SIEM even required, or is just a central log repo enough?

Which departments benefit the most from logging? (IT, IR, Compliance?)

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Tuesday, April 3, 2018

2018-011: Creating a Culture of Neurodiversity


Megan Roddie discusses being a High functioning Autistic, and we discuss how company and management can take advantage of the unique abilities of those with high functioning autism.

Direct Link:  http://traffic.libsyn.com/brakeingsecurity/2018-011.mp3

 

Matt Miller's Assembly and Reverse Engineering Class:

Still can sign up! The syllabus is here:  https://drive.google.com/open?id=1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0

 

 

SHOW NOTES:

 

Link to Megan’s slides

 Megan Roddie (@megan_roddie

  1. Diversity - Why managers should strive for diverse teams - First, Break All the Rules: What the World's Greatest Managers Do Differently
    1. Strengths - hire people based on their strengths, not their weaknesses (see StrengthsFinder 2.0)
      1. regarding Grant and Lee
        1. Megan: 1. Achiever, 2. Learner, 3. Intellection, 4. Focus, 5. Harmony
        2. Bryan:  Learner, Ideation, Futuristic, Significance, Focus
        3. Amanda: Restorative, Learner, Input, Ideation, Focus
        4. Brian: Maximizer, Learner, Responsibility, Individualization, Belief
      2. Scores
    3. Weaknesses - weaknesses are made irrelevant by the strengths of others.  If one employee has a weakness, you can hire someone who has great strength in that area.
    4. Sports teams quote (Slide 6)
    1. What is it? (vs. neurotypical)
    2. What are weaknesses of HFAs?
    3. What are strengths of HFAs? (Slides 17 - 22)
  3. HFA
    1. One-on-one time is the SINGLE most effective management tool, works with HFAs and neurotypicals alike → guide
    2. Examples (Slide 28)
    3. Pants
    4. Introductions (vendor meet at BSides example)
    5. Some (most?) neurotypicals get offended
  4. How to manage or work with HFAs
    1. Tips (slides 32-34)
    2. Structure and Routine → Productivity
    3. Clarity → Thorough Work
    4. Patience and Understanding → Dedicated & Passionate Employee
  5. Needs

 

 

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Tuesday, March 27, 2018

2018-010 - The ransoming of Atlanta, Facebook slurping PII, Dridex variants


 

Matt Miller’s #Assembly and #Reverse #Engineering class

$150USD for each class, 250USD for both classes

Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing

Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd

To sign up for both classes: https://paypal.me/BDSPodcast/250usd

 

 

Stories:

https://threatpost.com/orbitz-warns-880000-payment-cards-suspected-stolen/130601/

TLS1.3 - https://www.theregister.co.uk/2018/03/27/with_tls_13_signed_off_its_implementation_time/

https://slate.com/technology/2018/03/facebook-acknowledges-it-kept-records-of-calls-and-texts-from-android-users.html

https://www.csoonline.com/article/3264654/security/atlanta-officials-still-working-around-the-clock-to-resolve-ransomware-attack.html

https://timtaubert.de/blog/2015/11/more-privacy-less-latency-improved-handshakes-in-tls-13

 

 

Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Sunday, March 18, 2018

2018-009- Retooling for new infosec jobs, sno0ose, Jay Beale, and mentorship


Direct Link: http://traffic.libsyn.com/brakeingsecurity/2018-009-internships-mentorships-retooling-finding-that-unicorn-pentester.mp3

Topics discussed:

  • How Jay Beale (@jaybeale @inguardians) and Brad A. (@sno0ose) do mentorship and apprenticeship in their respective orgs.
  • Best methods to retool yourself if you are trying to move to a new industry
  • Why 'hitting the ground running' isn't the sign of an immature organization...

Matt Miller’s #Assembly and #Reverse #Engineering class

$150USD for each class, 250USD for both classes

Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing

Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd

To sign up for both classes: https://paypal.me/BDSPodcast/250usd

Tickets are already on sale for "Hack in the Box" in Amsterdam from 9-13 April 2018, and using the checkout code 'brakeingsecurity' discount code gets you a 10% discount". Register at https://conference.hitb.org/hitbsecconf2018ams/register/

Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

 

Join our #Slack Channel! Email us at bds.podcast@gmail.com

or DM us on Twitter @brakesec

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

SHOW NOTES:

 

Guests: Mr. Jay Beale

Guest: Mr. Brad Ammerman @?????????

 

Announcements:

RE/ASM class (Matt Miller)

SeaSec East Meetup at Black Lodge

Jay’s class at Black Hat

https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html

Slack channel

“M3atshield”

 

What jobs are good segues into either blue or red teams/pentesting?

SOC Analyst (network security, pcap, IR)

SysAdmin (obviously)

Cod devs (audits, binary analysis, they know the code internals)

System architects (they know the nuts and bolts)

Security architects (segue to red team, they know how to defend, threat analysis)

Project management /management (client/customer facing, can understand the business side)

 

Journeyman pipelines vs. intern pipelines

Different than interns = Already highly skilled in ‘something’

Code devs

Physical security

audit/compliance

project/program management

System admin

Management

“generalist”

 

Retooling can be difficult

May be a paycut

Fear of failure

How do we alleviate that? (mentorship model?)

 

Companies looking for skilled people can’t look for what they want

Think in the bigger picture

 

Is not being able to see the value in a non-infosec person coming to the team a sign of immaturity in a company?

The phrase “must be able to hit the ground running”

Turn off for those wanting to make that change

Feel they must already know the job

 

People should be considered as like a block of clay, not an immutable stone.

People can change if they want to…

2 party comfort zone. Both the person changing role/title, and the company understanding where the person sits in the position.

 

mentorship/menteeship in an org


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,

Monday, March 12, 2018

BDIR-001: Credential stealing emails, How do you protect against it?


BDIR Episode - 001

Our guests will be:

Martin Brough - Manager of the Security Solutions Engineering team in the #email #phishing industry
Topic of the Day:

CREDENTIAL STEALING EMAILS WHAT CAN YOU DO

 

Join us for Episode-001, our guest will be:

  • Martin Brough - Manager of the Security Solutions Engineering team in the email phishing industry

Topic of the day will be:

"CREDENTIAL STEALING EMAILS WHAT CAN YOU DO"

Show Notes:

  • Introductions
  • Introduce our Guest
    • Martin Brough
      • Twitters - @HackerNinja
      • Blog - InfoSec512.com

 

More show notes at https://www.imfsecurity.com/podcasts/2018/2/28/bdir-podcast-episode-001


Here is a new episode of Brakeing Down Security Podcast!

Posted by at No comments:
Labels: , , , , , , , , , , , , , ,
Subscribe to: Comments (Atom)