Tuesday, November 7, 2017

2017-037 - Asset management techniques, and it's importance, DDE malware


Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-037-asset_management.mp3

We started off the show talking to Mr. Boettcher about what DDE is and how malware is using this super legacy Windows component (found in Windows 2) to propogate malware in MS Office docs and spreadsheets. We also talk about how to protect your Windows users from this.

We then get into discussing why it's so important to have proper asset management in place. Without knowing what is in your environment, you could suffer gaps in coverage of your anti-virus/EDR software, unable to patch systems properly and even make it easier for lateral movement.

Finally, we discuss our recent "Introduction to Reverse Engineering" course with Tyler Hudak (@secshoggoth), and Ms. Berlin's upcoming trip to New Zealand.

RSS: http://www.brakeingsecurity.com/rss

Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2 

#Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

 

Join our #Slack Channel! Sign up at https://brakesec.signup.team

#iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/

#SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

SHOW NOTES:

 

Oreilly con report

Malware report from Mr. Boettcher

DDE (Dynamic Data Exchange), all the rage

https://en.wikipedia.org/wiki/Windows_2.0

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27325/en_US/McAfee_Labs_Threat_Advisory-W97MMacroLess.pdf

http://home.bt.com/tech-gadgets/computing/10-facts-about-windows-2-11364027546216

https://www.ghacks.net/2017/10/23/disable-office-ddeauto-to-mitigate-attacks/

 

Why asset management?

Know what’s in your environment

CIS Top 20...no wait, it’s the TOP THREE of the 20.

It all builds on this…

Know what’s in your environment

http://www.open-audit.org/

https://metacpan.org/pod/App::Netdisco <- NetDisco (great for network equipment)

 

Where do you store that data? Or is it just enough to know where to get it?

Systems you can pull asset data from:

Patching systems

Chef

WSUS

FIM systems

Tripwire

DLP systems

Vuln Scanners

AV/EDR management

router/switch tables

DNS

Asset management systems are a gold mine for an attacker

Names

IPs

email addresses

 

Coverage gaps in these systems will cause you to lose asset visibility

 

http://www.businessinsider.com/programmer-automates-his-job-2015-11


Here is a new episode of Brakeing Down Security Podcast!

No comments: