7 Minute Security

Today's episode is a horror story about how I recently lost 5+ years of CrashPlan backups due to what I'm calling a...small clerical error. Yes, this oopsie was 100% my fault, but I think backup providers can do a better job of warning us (via text or automated call rather than just email) before blowing away our life's work.

This week I've continued to play with the awesome Sweet Security IDS solution you can throw on a Raspberry Pi 3. A big update to share is that there is a beta branch which has some cool new features, such as the ability to break the Bro + ELK stack across multiple machines. I also lost a lot of sleep these last few days playing with Security Onion and will do a future episode focusing only on that!

I've been wanting to get a Bro IDS installed for a long time now - and for several reasons: It looks fun! My customers have expressed interest It will be part of my upcoming ILTACON session. So this weekend I started getting the hardware portion ready, which includes: Ubiquiti Edge Router X (~$99) TP-Link TL-SG105E (~$35) CanaKit Raspberry Pi 3 Complete Starter Kit (~$70) If you need additional information such as screenshots/configs etc to get the VLANs passing properly from the Edge Router X to TP-LINK switch, let me know. Otherwise for now I'm just focusing on crafting content for part 2, where we'll dive into actually turning the Pi into a Bro sensor using Sweet Security.

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options: --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

Tell me I can't be the only one who regularly wants to combine a bunch of small Nessus scans files into a big fat Nessus scan file, and then make pretty pictures/graphs/summaries that the customer can easily understand? Over the last few weeks I must've tried every Powershell and Python script I could get my hands on, yet still didn't find the magic bullet solution. That is, until I found this little beauty of a tool: NamicSoft. It's a $65 tool for Windows that will not only combine multiple Nessus files into one huge file, but it offers a ton of export/reporting features to make the Nessus data more valuable. Oh, and it can also digest Burp and Nexpose data as well! More on today's episode...

Through kind of a weird series of events, I have an opportunity to speak at ILTACON this summer in Vegas (baby!). I'll be talking about some things you can do if you suspect your perimeter is breached, as well as low-hanging fruit you can implement to better defend against breaches. I'm pumped. And I've done the most important part and chosen a PowerPoint theme: A Few Good Men :-) I've spoken with some of you in the past and know a few of you spend your days and sleepless nights hunting threats. If so I'd love to talk to you to get some creative ideas as it relates to crafting the session content.

This week I had the fun opportunity to do a "blind" network security assessment - where basically we had to step into a network we'd never seen before and make some security posture recommendations. I've found that the following software/hardware is quite helpful for this type of assessment: The PwnPulse helps a ton in scanning wired and wireless networks...and even Bluetooth! I've covered the Pulse in past episodes - check out part 1 and part 2. Network Detective will do a ton of helpful Active Directory enumeration and point out potential red flags, such as: Accounts that haven't been logged into for a long time Accounts with passwords that haven't been refreshed in a long time Privileged groups that need review (Domain Admins, Enterprise Admins, etc.) AD policy issues (*warning: by default Network Detective only pulls back a few policies by default. Check out scripts such as my Environment Check to grab a dump of all GPOs. Thycotic Privileged Account Discovery is a free tool that can crawl AD wor

I'm continuing to love the our PwnPro and had a chance to use it on a customer assessment this week. For the most part the setup/install was a breeze. Just had a few hiccups that the Pwnie support team straightened me out on right away. In the episode I mention some command line tools and syntax that helped me work with the Pulse. One was using fping to sweep large subnets and accurately find live hosts: fping -a -g 10.0.5.0/16 > blah.txt Then, to setup the reverse shell, I just forwarded port 22 from my Ubiquiti gear to my internal Kali host, and then ran this to make the reverse connection: ssh pwnie@localhost -p 3333 Lastly, to setup the reverse shell so you can proxy Web traffic to an alternate host/port, such as the Nessus port, setup your shell like so: ssh pwnie@localhost -p 3333 -ND 8080 Then leave that window open and setup your Web browser so that you do a SOCKS5 proxy to localhost:8080. Finally, visit http://ip.of.your.host:XXXX. So if your Pulse was 1.2.3.4 and had Nessus running, you'd v

Warning! Warning! This is an off-topic episode! I try really hard to create valuable weekly content about IT/security. However, sometimes a virtual grenade goes off in my life and prevents me from having the necessary time/resources to get my act together. This has been one of those weeks. :-) So today I'm going off-topic and talking about an alleged burglary of some electronics at my home. And once we identified the culprit, wow...nobody was more surprised than me.

Intro I mentioned last week that I was speaking at the Secure360 conference here in the Twin Cities, and at that time I was preparing a talk called Pentesting 101: No Hoodie Required. I was so nervous that I've basically spent the last week breathing heavily into paper bags and wishing I was on sedatives. But I have good news to report in today's episode, friends! The talk was very well received and the attendees didn't get out torches and pitchforks! #winning! So today's episode (audio below) talks more about the public speaking experiences and highlights some lessons learned: Things I'd do again next time I'd not tempt the demo gods and still pre-record my hacking movies ahead of time. I saw some people do live demos of very technical things and it did not go well for a few of them :-( I would still spend way too many hours cutting together my movies in iMovie so that they followed a good tempo when presented live I would still have a copy of my presentation on two different laptops, 3 USB thumb drive

The nervous butterflies are chewing up my organs this week. Why? Because I'm speaking at Secure360 next Tuesday and Wednesday. I'm trying to build a presentation that: Appeals to both techie nerds like me, as well as regular human people Strikes a healthy balance between fun and informative So, my outline is roughly as follows: Intros Lets talk about pentesting vs. vulnerability scans Build your own hackin' lab for $500! Good/bad training (CEH vs. OSCP) Lets hack some stuff following a methodology! Tune in today's episode for more...

So a few weeks ago I did an episode about the AlienVault Certified Security Engineer certification, and last Friday I took a stab at the test. I failed. It kicked my butt. Today I'm here to both rant about the unfairness of the test and offer you some study tips so you don't suffer a similar fate. P.S. - you should definitely check out this blog as it's one of the few valuable study guides I could find out there on the Interwebs.

I'm kicking the tires on the PwnPro which is an all-in-one wired, wireless and Bluetooth assessment and pentesting tool. Upon getting plugged into a network, it peers with a cloud portal and lets you assess and pentest from the comfort of your jammies back at your house! Oh, and did I mention it runs Kali on the back end? Delicious. Today's episode dives into some of what I've been learning about the PwnPro as I run it through its paces at work and warm it up for our first customer assessment...

I've been working with the Bash Bunny for the past few weeks in preparation for a presentation/demo I'm doing in a few weeks. Today I want to talk about what the Bunny is, the cool things it can do, and some of my favorite payloads. Also, I started thinking about what conversation topics spawn from a demo of the Bunny. Specifically, I want to know how people would defend against the Bunny using AD policies, peripheral controls, etc. Check out the Hak5 thread I started about this, as it has got some great ideas.

Find the show notes here!

Show notes are here.

Show notes are here

Show notes for today's episode can be found here!

Show notes are here.

Show notes are here.