POPULARITY
This week, we look at a very successful person, who never seemed like they'd turn out to be so successful. He was a six time NBA champion, who played next to the great of all time. He also spent money in dumb ways, drove a little tipsy, was a little careless with guns, and the police know the address where he and his reality show star wife lived. Not to mention, more lawsuits than you could shake a stick at, including one that names a 5 year old girl as a target. What a mess! Grow tall after most people are done growing, win everything you could possibly win, and still be thought of as mainly a sidekick with Scottie Pippen!! Check us out, every Tuesday! We will continue to bring you the biggest idiots in sports history!! Hosted by James Pietragallo & Jimmie Whisman Donate at... patreon.com/crimeinsports or with paypal.com using our email: crimeinsports@gmail.com Get all the CIS & STM merch at crimeinsports.threadless.com Go to shutupandgivememurder.com for all things CIS & STM!! Contact us on... twitter.com/crimeinsports crimeinsports@gmail.com facebook.com/Crimeinsports instagram.com/smalltownmurder
Full notes and graphics are on www.brakeingsecurity.com Episode 2020-006 Book club “And maybe blurb for the cast could go something like this. Book club is starting up again with Hands-On AWS penetration testing with Kali Linux from Gilbert and Caudill. You read and get together to discuss or demo every Monday. Get the book, start reading and meet us for the kick off Monday the 24 at 10pm eastern. The book club meets virtually on zoom, and organizes on slack..get invited like this.” Book: https://smile.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725 NolaCon Training: https://nolacon.com/training/2020/security-detect-and-defense-ttx Roberto Rodriguez Bio @Cyb3rWard0g on Twitter Threat Intel vs. Threat Hunting = what’s the difference? What datasets are you using? Did you start with any particular dataset, or created your own? Technique development - what skills are needed? C2 setup Detection mechanisms Honeypots How can people get involved? Blacksmith - create ‘mordor’ environment to push scripts to setup honeypot/nets https://Threathunterplaybook.com https://github.com/hunters-forge/ThreatHunter-Playbook https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190815181010.html https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 https://medium.com/threat-hunters-forge/writing-an-interactive-book-over-the-threat-hunter-playbook-with-the-help-of-the-jupyter-book-3ff37a3123c7 https://www.exploit-db.com/exploits/47995 - Sudo buffer overflow Mordor: The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. YAML Example: https://github.com/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/WIN-190810201010.yaml Notebook Example: https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190810201010.html Jupyter notebook - Definition: https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/what_is_jupyter.html Lateral Movement - WMI - IMAGE Below SIGMA? What is a Notebook? Think of a notebook as a document that you can access via a web interface that allows you to save input (i.e live code) and output (i.e code execution results / evaluated code output) of interactive sessions as well as important notes needed to explain the methodology and steps taken to perform specific tasks (i.e data analysis). https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 Have a goal for expanding to other parts of ATT&CK? Threat Hunter Playbook - Goals Expedite the development of techniques an hypothesis for hunting campaigns. Help Threat Hunters understand patterns of behavior observed during post-exploitation. Reduce the number of false positives while hunting by providing more context around suspicious events. Share real-time analytics validation examples through cloud computing environments for free. Distribute Threat Hunting concepts and processes around the world for free. Map pre-recorded datasets to adversarial techniques. Accelerate infosec learning through open source resources. Sub-techniques: https://medium.com/mitre-attack/attack-sub-techniques-preview-b79ff0ba669a Slack Channel: https://launchpass.com/threathunting Twitter; https://twitter.com/mattifestation https://twitter.com/tifkin_ https://twitter.com/choldgraf https://twitter.com/Cyb3rPandaH
This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System Hardening! In the Security News, Lenovo confirms 36TB Data Leak security vulnerability, Slack resets passwords after 2015 data breach, why BlueKeep hasn't reeked havoc yet, and why you don't need a burner at a hacking conference! To learn more about MITRE ATT&CK, visit: https://attack.mitre.org Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!
Katie Nickels is the ATT&CK Threat Intelligence Lead at MITRE Corporation. MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes!
This week, we welcome Katie Nickels, ATT&CK Threat Intelligence Lead at the MITRE Corporation, to talk about the MITRE ATT&CK Framework! In our second segment, a security roundtable discussion on Vulnerability Management, Patching, Hunt Teaming, Asset Management, and System Hardening! In the Security News, Lenovo confirms 36TB Data Leak security vulnerability, Slack resets passwords after 2015 data breach, why BlueKeep hasn't reeked havoc yet, and why you don't need a burner at a hacking conference! To learn more about MITRE ATT&CK, visit: https://attack.mitre.org Full Show Notes: https://wiki.securityweekly.com/Episode612 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
MITRE Pre-Attack techniques https://attack.mitre.org/techniques/pre/ https://www.bbc.com/news/business-48905907 Zoom - https://www.wired.com/story/zoom-flaw-web-server-fix/ Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
ANNOUNCEMENTS: INFOSEC CAMPOUT TICKETS ARE STILL ON SALE. Go to https://www.infoseccampout.com for Eventbrite link and more information. Part 2 of our Discussion with Chris Sanders (@chrissanders88) Topics discussed: Companies dropping existing frameworks for ATT&CK Matrix, why? Rural Technology Fund - What it is, how does it work, Who can help make it more awesome. https://chrissanders.org/2019/05/infosec-mental-models/ I’ve argued for some time that information security is in a growing state of cognitive crisis… Demand outweighs supply Because so many organizations need experience, they are unable to appropriately invest in entry-level jobs and devote the necessary time for internal training. That’s an HR and hiring manager issue, right? --brbr No. --bboettcher Information cannot be validated or trusted There are few authoritative sources of knowledge about critical components and procedures. Large systemic issues persist with no ability to tackle them in a large, mobilized, or strategic manner. The industry is unable to organize or widely combat the biggest issues they face. Groups of individuals, everyone thinking they have the ‘right answer’, just like linux flavors --brbr https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html https://www.helpnetsecurity.com/2018/07/10/windows-shimcache-threat-hunting/ Dependence on tools: http://traffic.libsyn.com/brakeingsecurity/2016-006-Moxie_vs_Mechanism-dependence_on_tools.mp3 https://en.wikipedia.org/wiki/Cognitive_revolution https://buzzmachine.com/2019/04/25/a-crisis-of-cognition/ How do we solve it? We must thoroughly understand the processes used to draw conclusions. S.M.A.R.T.? Experts must develop repeatable, teachable methods and techniques. Educators must build and advocate pedagogy that teaches practitioners how to think. https://www.maximumfun.org/shows/sawbones - sawbones podcast (amanda mentioned) Mental Model? We use them all the time? Gotta simplify the complex... Distribution and the Bell Curve Operant Conditioning https://www.latimes.com/science/la-sci-emotional-stereotypes-about-women-20190530-story.html The Scientific Method Applied Models 13 Organ Systems 4 Vital Signs 10 Point Pain scale Defense in Depth OSI model Investigation Process https://en.wikipedia.org/wiki/Inductive_reasoning Model Desperation Companies dumping existing models and embracing something else The problem is that we’re model hungry and we’ll rapidly use and abuse any reasonable model that presents itself. Ultimately, we want good models because we want a robust toolbox. But, not everything is a job for a hammer and we don’t need fourteen circular saws. What makes a good model? Simple Useful Imperfect? (wuh?)-brbr Creating models Begins by asking a question… (what is the weather going to look like tomorrow? --brbr) What defines the sandwich? (kind of like “https://en.wikipedia.org/wiki/Theory_of_forms” --brbr) Discuss the Rural Tech Fund https://twitter.com/RuralTechFund https://ruraltechfund.org/ Practical Threat Hunting - https://twitter.com/chrissanders88/status/1133388347194454018 Practical Packet Analysis - https://nostarch.com/packetanalysis3 Suggesting books: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 https://www.amazon.com/Undoing-Project-Friendship-Changed-Minds/dp/0393354776 More references on Chris’ site https://chrissanders.org/2019/05/infosec-mental-models/ Book Club Cult of the dead cow - June Tribe of Hackers - July The Mastermind - August The Cuckoo’s Egg - September Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
The Brand Journalism Advantage Podcast With Phoebe Chongchua
In this episode learn how to create a website that is user-friendly and attracts your core clients. Dennis Plucinik from ATTCK shares his top 5 tips on creating a successful website. See show notes.
Are you attacking your business that leads to success? In this episode, Dennis Plucinik (Founder of Attck) shows us how to do it and more. First he starts off by sharing his journey entrepreneurship at an early age and how he use to draw comic book characters while on the bench of his baseball games. Later he talks about overcoming cancer and how it framed his entrepreneurial journey. Dennis also shares why he buys lunch for his employees which leads to a Reflection Point segment. After the break, We dive into Dennis' company ATTCK and what it was like doing some work for the United Nations. He later goes on to share why its important to not steal your employees time. Later he goes on to talk about the preparing for marathons and goes on to give words of encouragement Check the website for Dennis' company ATTCK Follow Dennis on LinkedIn, Facebook, & Twitter Follow The Startup Life Podcast Facebook Page Want exclusive content from The Startup Life Podcast? Sign up to be a patron on The Binge Podcast Network Patreon Pageand Select The Startup Life All-Access Tier. Want gear from The Startup Life? Check out our gear! Check out other great podcasts from The Binge Podcast Network. Edited by: Alejandro Giron Music Credits: **Show Theme** Behind Closed Doors - Otis McDonald **Break Theme** Cielo - Huma-Huma **Reflection Point Theme** Light Thought var 3 by Kevin MacLeod
Dennis Plucinik has twenty years of experience designing and developing websites and applications. Prior to founding ATTCK, Dennis led award winning teams at NYC’s biggest digital ad firms including Huge, R/GA, Sapient, Razorfish, & Wieden+Kennedy. Dennis has designed and built enterprise products for clients including Disney, Nike, Uniqlo, Target, Morgan Stanley, & HBO. He specializes in user experience design and front-end development. Connect Website –https://attck.com/ Linkedin – https://www.linkedin.com/in/dennisplucinik/ Twitter – https://twitter.com/dennisplucinik Facebook – https://www.facebook.com/dennis.plucinik Youtube – https://www.youtube.com/channel/UCBC-l1OEVVDQQ3UM_r6xCAQ Behance – https://www.behance.net/dennisplucinik Github – https://github.com/dennisplucinik Personal Website – http://www.dennisplucinik.com/about/ People Mentioned Elon Musk - https://twitter.com/elonmusk Resources Calm - https://www.calm.com/ Superhuman - https://superhuman.com/ Books How to Win Friends and Influence People by Dale Carnegie: https://amzn.to/2bY5SZ2
This week, we welcome Philip Niedermair, CEO at the National Cyber Group, to discuss the National Cyber Education Program! In our second interview, we welcome back Josh Abraham, Staff Engineer at Praetorian, to talk about the MITRE attack framework for attackers! In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack! Full Show Notes: https://wiki.securityweekly.com/Episode602 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Philip Niedermair, CEO at the National Cyber Group, to discuss the National Cyber Education Program! In our second interview, we welcome back Josh Abraham, Staff Engineer at Praetorian, to talk about the MITRE attack framework for attackers! In the Security News, how Tenable experts found 15 flaws in wireless penetration systems, Julian Assange refused exfiltration to the US, PoC exploits for old SAP config flaws increase risk of attacks, and how 1.75 million dollars was stolen from a Church through a phishing attack! Full Show Notes: https://wiki.securityweekly.com/Episode602 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly
Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for attackers! Full Show Notes: https://wiki.securityweekly.com/Episode602 Follow us on Twitter: https://www.twitter.com/securityweekly
Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders! Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://securityweekly.com/esw for all the latest episodes!
Josh Abraham is in studio! He is a Staff Engineer at Praetorian, and he is going to talk about the MITRE attack framework for defenders! Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://securityweekly.com/esw for all the latest episodes!
This week, we welcome Jay Prassl, CEO of Automox joins us to discuss Patch Management struggles and how to overcome them! In our second interview, we're joined by Josh Abraham in studio, who is a Staff Engineer at Praetorian, to talk about the MITRE attack framework for defenders! In the Enterprise news, ThreatConnects new features make creating security playbook's easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine! To get involved with Automox, visit: https://securityweekly.com/automox Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Jay Prassl, CEO of Automox joins us to discuss Patch Management struggles and how to overcome them! In our second interview, we're joined by Josh Abraham in studio, who is a Staff Engineer at Praetorian, to talk about the MITRE attack framework for defenders! In the Enterprise news, ThreatConnects new features make creating security playbook's easier, SolarWinds adds password management to security portfolio, Checkpoint Systems announces HALO IoT platform, and BlackHat USA offers an inside look at Intel's security engine! To get involved with Automox, visit: https://securityweekly.com/automox Why Praetorian Benchmarks to MITRE ATT&CK: https://p16.praetorian.com/blog/why-praetorian-benchmarks-to-mitre-attack Full Show Notes: https://wiki.securityweekly.com/ES_Episode135 Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Today we discuss Work-Life Balance with the ATTCK Marketing man himself, Dennis Plucinik!Dennis Plucinik, ATTCK’s founder, started his company with the goal of doing things right. He’d spent years in the digital advertising world, where work and personal life blend into one and “work hard, play hard together” means never leaving the office—and having colleagues for drinking buddies. He found himself wondering if a company with a different kind of work culture could succeed. An environment free from stressful deadlines, late nights, weekends, and the myriad other reasons why great people quit their jobs. Quote: "If you like doing what you do, then you never work a day." Dennis wanted to create a workplace where tasks get done during work hours only, and where employees don’t feel guilty for leaving at 6 PM. ATTCK takes on the projects that Dennis and the ATTCK team feel are best suited for them—projects that bring in more than just money. Top 3 Hot Points:A new way of organizational structure. Healthy lifestyle commitments and beating opioid addiction. Work-Life Balance, like what you do. [spp-tweet tweet="How do you attack your own Work-Life balance?! ATTCK Your Marketing too! @DennisPlucinik "] Final Words:How are people approaching their life? What do they want to get out of it? What I'm trying to do is just to be happy with the decisions that I make. I think that's an important set of principles to live by. So, you know, if you understand yourself, you understand things that make you happy, and what you really want out of it. For me, that's surrounding myself with people who produce great work. I absolutely love what I do. I think that's also very important to know. It sometimes doesn't feel like work, right? But that's like the old cliche, it doesn't feel like work. If you like doing what you do, then you never work a day. It's not totally true, things get very difficult on hard days. If you find something that you're absolutely passionate about, it'll drive you through. It'll carry you through those hard times. So find something that you love doing and be passionate about it. It's not easy to do. It took me a long time to be able to do this. It's worth it in the end. Resources: ATTCK.com (https://attck.com/) @ATTCKCO on Facebook (https://www.facebook.com/attckco/) @DennisPlucinik on LinkedIn (https://www.linkedin.com/in/dennisplucinik/) @DennisPlucinik on Twitter (https://twitter.com/dennisplucinik) @DennisPlucinik on Instagram (https://www.instagram.com/dennisplucinik/) On This Episode You Will Hear:[spp-timestamp time="00:30"] Introduction [spp-timestamp time="10:00"] It's a very sort of flat organizational structure. So it's meant to say a couple of things. Everybody here supports each other equally. When you're focused on one person, the whole company is focused on that one person. It's a little deep. That literally was the theory before we built this. I love it. It's very creative! [spp-timestamp time="20:00"] If I'm not sure about something or not confident I can carry it through, I won't do it. I don't gamble, I don't play blackjack or anything else. I think I gambled with the surgery I had, I most likely didn't need in the end. Turns out I didn't need it. But I couldn't gamble and did it anyway. I didn't want this to come up 10 years later and say, oh we actually didn't get everything and now you're gonna die. I just didn't want to gamble that. So that's sort of my MO, I've got to be certain about what I'm doing. [spp-timestamp time="29:30"] I had some pretty serious neuropathy, which is nerve damage to your extremities, incredibly painful. The only solution was a couple of solutions that are not really perfect. The long and short of it is that as a result of the surgery, I ended up getting very quick addicted to opioids like within two weeks.
This week, in Peru, Indiana, an unlikely couple from different sides of the tracks have what appears to be a story book romance... until you dig a little deeper, and find some very interesting tales from the past. To the outside world, they seem like the perfect couple, in the perfect house, with the perfect life. The problem is that someone ends up dead, leading to finger pointing, and a frustrating investigation! It's definitely an interesting one!! Along the way, we find out most circus performers are probably pedophiles, that being stabbed doesn't have to ruin the vibe, and that sometimes jury members are clearly open to negotiation!! Hosted by James Pietragallo & Jimmie Whisman New episodes every Thursday!! Please subscribe, rate, and review! Listen on Apple Podcasts, Spotify, Stitcher, or wherever you listen to podcasts! Head to shutupandgivememurder.com for all things Small Town Murder! For merchandise: crimeinsports.threadless.com Check out James and Jimmie's other show: Crime in Sports Follow us on social media! Facebook: facebook.com/smalltownpod Instagram: instagram.com/smalltownmurder Twitter: twitter.com/MurderSmall Contact the show: crimeinsports@gmail.com