BrakeSec Education Podcast

We continue our trek down the list of SANS Top 20 Critical Security Controls this week with #12 and #13 - Boundry Defense, and Controlled use of Administrative Privileges. Learn what you can do to shore up your network defenses, and how to handle admin privileges... When to give that kind of access, and how to make privileged access as secure as possible while still allowing administrators to do their work.

https://www.sans.org/media/critical-security-controls/CSC-5.pdf

http://www.openspf.org/

https://4sysops.com/

Our very own Ms. Berlin and Mr. Lee Brotherston (@synackpse), veteran of the show, co-authored an #O'Reilly book called the "Defensive Security Handbook"

We talk with Amanda and Lee (or Lee and Amanda :D ) about why they wrote the book, how people should use the book, and how you can maximize your company's resources to protect you.

The best thing is that you can pick up the ebook right now! It's available for pre-order on Safari books (Link), or pre-order on Amazon.com (Link)

Hope you enjoy!

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-010-Defensive_Security_handbook.mp3

Youtube Channel: https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw

Itunes: (look for '2017-010') https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2

Previous Lee Brotherston episodes:

Threat Modeling w/ Lee Brotherston

Is your ISP MiTM-ing you

Lee fills in for Mr. Boettcher, along with Jarrod Frates

TLS fingerprinting application

#Bsides #London is accepting Call for Papers (#CFP) starting 14 Febuary 2017, as well as a Call for Workshops. Tickets are sold out currently, but will be other chances for tickets. Follow @bsidesLondon for more information. You can find out more information at https://www.securitybsides.org.uk/

CFP closes 27 march 2017

------

HITB announcement:

“Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/

---------

Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/

SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

Topics:

• Secure Framework documents
• Modifying chromebooks so you can use Debian/Ubuntu
• Memcached is the new DDoS hotness
• Announcement of the next BrakeSec Training Class (see Show Notes below for more info)

Link to secure framework document: https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d

#Spotify: https://brakesec.com/spotifyBDS

#RSS: https://brakesec.com/BrakesecRSS

#Youtube Channel: http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site: https://brakesec.com/bdswebsite

Join our #Slack Channel! Email us at [email protected]

or DM us on Twitter @brakesec

#iHeartRadio App: https://brakesec.com/iHeartBrakesec

#SoundCloud: https://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: [email protected]

Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec

--Show Notes--

Announcements:

Matt Miller’s class on Assembly and Reverse engineering

Starts 2 April - 6 sessions

2nd Class - 6 sessions, beginning 21 May

Beginner course on Assembly

Advanced course, dealing with more advanced topics

$150 for each class, or a $250 deal if you sign up for both classes

paypal.me/BDSPodcast/150USD - Specify in the NOTES if you want the “Beginner” or “Advanced” course

paypal.me/BDSPodcast/250USD - If you want both courses

We need a minimum of 10 students per class

Projects:

Chromebook with Debian

Bit of a pain, if I could be honest..

Needed USB hub with eth0, and a USB soundcard

USB3 low profile thumbdrives would be better

https://www.amazon.com/gp/product/B01K5EBCES/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1

https://www.securecontrolsframework.com/ ←--well well worth the signup

https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d - ‘secure.xlsx’

http://www.dummies.com/programming/certification/security-control-frameworks/

Numerous security frameworks already exist:

Cisco

NiST

CoBIT

ITIL (can be utilized)

SWIFT https://www.accesspay.com/wp-content/uploads/2017/09/SWIFT_Customer_Security_Controls_Framework.pdf

“My weird path to #infosec” on twitter

https://en.wikipedia.org/wiki/Hydrocolloid_dressing

Marcus Carey https://twitter.com/marcusjcarey

Prolific Author, Defender, Enterprise Architect at ReliaQuest

https://twitter.com/egyp7

https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950

“GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.”

Security model - everyone’s is diff

How do you work with your threat model?

A proper threat model

Attack Simulation -

How is this different from doing a typical Incident Response tabletop? Threat modeling systems?

How is this different than a pentest?

Is this automated red teaming? How effective can automated testing be?

Is this like some kind of constant scanning system?

How does this work with threat intel feeds?

Can it simulate ransomware, or any attacks?

Hedgehog principles

A lot of things crappily, and nothing good

Mr. Boettcher: “Why suck at everything...”

Atomic Red Team - https://github.com/redcanaryco/atomic-red-team

ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/

Tribe of Hackers

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book

The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more

• Learn what it takes to secure a Red Team job and to stand out from other candidates
• Discover how to hone your hacking skills while staying on the right side of the law
• Get tips for collaborating on documentation and reporting
• Explore ways to garner support from leadership on your security proposals
• Identify the most important control to prevent compromising your network
• Uncover the latest tools for Red Team offensive security

https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street.

• Get the scoop on the biggest cybersecurity myths and misconceptions about security
• Learn what qualities and credentials you need to advance in the cybersecurity field
• Uncover which life hacks are worth your while
• Understand how social media and the Internet of Things has changed cybersecurity
• Discover what it takes to make the move from the corporate world to your own cybersecurity venture
• Find your favorite hackers online and continue the conversation