2019-020-email_security_controls-windows_scheduler

Bryan got phished (almost) - story time!

 

https://isc.sans.edu/forums/diary/Do+you+block+new+domain+names/17564/

 

Through OpenDNS

https://learn-umbrella.cisco.com/product-videos/newly-seen-domains-in-cisco-umbrella

Available January 2017, Umbrella filters newly seen or created domains. By using new domains to host malware and other threats, attackers can outsmart security systems that rely on reputation scores or possibly outdated block lists. Umbrella now stops these domains before they even load.

 

Also “unknown” category? pros/cons

 

Good filter time for domains?

 

Amanda: windows logging issues

well…. FUCKING EVERYTHING CREATES TASKS IN SCHEDULER

 

https://www.microsoft.com/en-us/windowsforbusiness/windows-atp

 

Breach news:

 

https://www.dutchnews.nl/news/2019/05/hackers-steal-key-info-about-home-hunters-from-housing-agency/

FTA: The hackers now have their name, address, contact information and copies of their passport or ID card, which includes their personal identification number, or BSN.

This is sufficient to allow the hackers to open bank accounts or take out loans by using other people’s identity.

 

https://www.bleepingcomputer.com/news/security/over-757k-fraudulently-obtained-ipv4-addresses-revoked-by-arin/

Mostly colos, data centers, ‘aaS’ providers

Many in the Mid-West

 

Book Club

Cult of the dead cow - June

Tribe of Hackers - July

The Mastermind - August

The Cuckoo’s Egg - September

 

https://www.infoseccampout.com

EventBrite Link:

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Here is a new episode of Brakeing Down Security Podcast!

2019-019-Securing your RDP and ElasticSearch, InfoSec Campout news

https://static1.squarespace.com/static/556340ece4b0869396f21099/t/5cc9ff79c830253749527277/1556742010186/Red+Team+Practice+Lead.pdf

https://www.reddit.com/r/netsec/comments/bonwil/prevent_a_worm_by_updating_remote_desktop/

 

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://security.berkeley.edu/resources/best-practices-how-articles/system-application-security/securing-remote-desktop-rdp-system

https://www.bleepingcomputer.com/news/security/unsecured-survey-database-exposes-info-of-8-million-people/

https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-security.html

https://www.elastic.co/blog/found-elasticsearch-security

https://dzone.com/articles/securing-your-elasticsearch-cluster-properly

Auth is possible, using reverse proxy… this is basic auth :( https://github.com/Asquera/elasticsearch-http-basic

 

Here’s one that uses basic auth and LDAP: https://mapr.com/blog/how-secure-elasticsearch-and-kibana/

2fa setup: https://www.elastic.co/guide/en/cloud/current/ec-account-security.html

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Here is a new episode of Brakeing Down Security Podcast!

2019-018-Lesson's I learned, github breach, ransoming github repos

Things I learned this week:

 

https://www.securusglobal.com/community/2013/12/20/dumping-windows-credentials/

https://www.helpnetsecurity.com/2019/04/29/docker-hub-breach/

 

https://www.zdnet.com/article/a-hacker-is-wiping-git-repositories-and-asking-for-a-ransom/

https://attack.mitre.org/techniques/T1003/

https://github.com/giMini/PowerMemory

 

https://en.wikipedia.org/wiki/Local_Security_Authority_Subsystem_Service

 

https://attack.mitre.org/techniques/T1208/

Here is a new episode of Brakeing Down Security Podcast!

2019-017-K8s Security, Kamus, interview with Omer Levi Hevroni

K8s security with Omer Levi Hevroni (@omerlh)

 

service tickets -

Super-Dev

 

Omer’s requirements for storing secrets:

 

Gitops enabled

Kubernetes Native

Secure

    “One-way encryption”

 

Omer’s slides and youtube video:

https://www.slideshare.net/SolutoTLV/can-kubernetes-keep-a-secret

https://www.youtube.com/watch?v=FoM3u8G99pc&&index=14&t=0s

 

We’ve all experienced it: you’re working on a task, adding some code, and then you need to store some sensitive configuration value. It could be an API key, client secret or an encryption key ― something that’s highly sensitive and must be kept secret. And this is where things get messy. Usually, secret storage is highly coupled with how the code is deployed, and different platforms have different solutions. Kubernetes has a promise to simplify this process by using the native secret object, which, as the name implies, can be used to store secrets or sensitive configurations. Unfortunately, Kubernetes secrets are fundamentally broken, and a developer who tries to use them will definitely have some issues. But no need to worry ― there are solid alternatives for storing secrets securely on Kubernetes platform. One solution is to use Kamus, an open-source, git-ops solution, that created by Soluto, for managing secrets on Kubernetes. Kamus can encrypt a secret so it can be decrypted only by your app on runtime - and not by anyone else. The first part of this session will cover the challenges faced when using Kubernetes secrets (from a usability and security point of view). The second part will discuss some of the existing solutions (Sealed Secrets, Helm Secrets and others), their pros, and cons, and then feature Kamus: how it works, what problems it solves, how it differs from other solutions, and what threats it can help mitigate (and what threats it can’t). The talk will cover all that is required to know so you can run Kamus on your own cluster and use it for secret management. Join me for this session to learn how you can build a Kubernetes cluster than can keep a secret ― for real. Speakers Omer Levi Hevroni

 

Kubernetes Secrets

    Bad, because manifest files hold the user/password, and are encoded in Base64

        Could be uploaded to git = super bad

https://kubernetes.io/docs/concepts/configuration/secret/

https://docs.travis-ci.com/user/encryption-keys/

 

Kamus threat model on Github: https://kamus.soluto.io/docs/threatmodeling/threats_controls/

https://medium.com/@BoweiHan/an-introduction-to-serverless-and-faas-functions-as-a-service-fb5cec0417b2

    “FaaS is a relatively new concept that was first made available in 2014 by hook.io and is now implemented in services such as AWS Lambda, Google Cloud Functions, IBM OpenWhisk and Microsoft Azure Functions.”

Best practices: https://kubernetes.io/docs/tasks/administer-cluster/securing-a-cluster/

https://github.com/owasp-cloud-security/owasp-cloud-security

https://www.omerlh.info/2019/01/19/threat-modeling-as-code/

https://telaviv.appsecglobal.org/

 

https://github.com/Soluto/kamus

 

https://kamus.soluto.io

 

Infosec Campout = www.infoseccampout.com

Here is a new episode of Brakeing Down Security Podcast!