Podcasts about detectionlab

Chris Long is a Staff Security Engineer at Material Security, and you might know him from some of his open-source work at Detection Lab. In the episode today, we talk about his work with Facebook and Uber using osquery, and his thoughts on the present and future state of cybersecurity.  Topics discussed: Chris's story and how he got into cybersecurity  The day-to-day of a Staff Security Engineer  How Chris used osquery while he worked at Facebook  The benefits and power of osquery  How Chris went from an osquery skeptic to seeing the strengths  Why Chris started DetectionLab and how it helps security professionals  Top tips for device management and security strategy for organizations  Biggest challenges organizations face related to security today  Changes we can expect to see in cybersecurity over the coming years Where to Get in Touch Find Chris on LinkedIn Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.

Hello friends! Sorry to be late with this episode (again) but we've been heads-down in a lot of cool security work, coming up for air when we can! Today's episode features: A little welcome music that is not the usual scatting of gibberish I torture you with Some cool tools I'm playing with in the lab that we'll do future episodes on in the future: DetectionLab to practice detecting all the bad things! BadBlood to dirty up your AD (your test AD with groups, computers, permissions, etc.). I wish the user import script would let you choose a list of bad passwords to assign the users, but you can also run it manually if you want. Cobalt Strike - we're doing a demo right now! Most of today's episode focuses on SharpGPOAbuse, a tool that can be used to abuse "generic write" access to GPOs (which you might identify after running BloodHound). Here's a sample syntax you could run: SharpGPOAbuse.exe --AddUserTask --TaskName "Totes Safe Windoze Updatez" --Author SAMPLECOADMINISTRATOR --Command "cmd.exe" --Arguments "/c net group "Domain Admins" SomeLowPrivUser /ADD DOMAIN" --GPOName "Name of GPO with Generic Write Access" This will push a ScheduledTasks.xml file to sample.companyPoliciesLONG-STRING-REPRESENTING-THE-GPO-IDUserPreferencesScheduledTasks Now if you find that the task is not pushing correctly, it may be that SharpGPOAbuse.exe hasn't been able to update either the GPT.INI file (in the root of the GPO path) and/or the versionNumber value assigned to the GPO itself. If you need to adjust the versionNumber and GPT.INI value manually, definitely read this Microsoft article so you know how the number is generated and how to increment it properly. This flippin' sweet RastaMouse blog article also helped this click for me. If you can't seem to update versionNumber using the PowerShell in Rasta's article, you can also open up ADSI Edit and navigate to Default naming context > DC=your,DC=com > CN=System > CN=Policies > CN=LONG-STRING-REPRESENTING-THE-GPO-ID then get the properties of the folder, scroll down and manually adjust the value for versionNumber.

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

DetectionLab is a collection of Vagrant and Packer scripts that allows you to automate the creation of a small active directory network that is pre-loaded with endpoint security tooling and logging best practices with a single command. It's cross-platform and the only requirements to bring up the lab are are Virtualbox / VMware and Vagrant. Full Show Notes: https://wiki.securityweekly.com/Episode593 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Chris Long, Security Engineer at Palantir for our Technical Segment to talk about DetectionLab, a collection of Vagrant and Packer scripts that allow you to automate the creation of networks! In the Security News, 5G networks must be secured from hackers and bad actors, Zero-Day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War II German message decrypts to go on display at the National Museum of Computing! In our final segment, we air a Pre Recorded interview with InfoSec World Speaker Connie Mastovich, the Sr. Security Compliance Analyst at Reclamere to talk about the Dark Web!   Full Show Notes: https://wiki.securityweekly.com/Episode593 Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. Visit https://www.securityweekly.com/psw for all the latest episodes! To learn more about DetectionLab, visit: https://detectionlab.network Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chris Long, Security Engineer at Palantir for our Technical Segment to talk about DetectionLab, a collection of Vagrant and Packer scripts that allow you to automate the creation of networks! In the Security News, 5G networks must be secured from hackers and bad actors, Zero-Day vulnerability highlights the responsible disclosure dilemma, a flaw in multiple airline systems exposes passenger data, security bugs in video chat tools enable remote attackers, and an original World War II German message decrypts to go on display at the National Museum of Computing! In our final segment, we air a Pre Recorded interview with InfoSec World Speaker Connie Mastovich, the Sr. Security Compliance Analyst at Reclamere to talk about the Dark Web!   Full Show Notes: https://wiki.securityweekly.com/Episode593 Visit https://infosecworld.misti.com/ and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. Visit https://www.securityweekly.com/psw for all the latest episodes! To learn more about DetectionLab, visit: https://detectionlab.network Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly