POPULARITY
We interview Morey Haber, Chief Information Security Officer (CISO) and Chief Technology Officer (CTO) of BeyondTrust on the publication of his latest book, ‘Identity Attack Vectors: Implementing an Effective Identity and Access Management Solution’, co-authored with Darren Rolls, CISO & CTO, SailPoint This latest book is the third in a series with Apress books, with the previous two being Privileged Attack Vectors and Asset Attack Vectors. 10 E-Books are available to Listeners! Listen in for details. As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security. Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber attacks continue to increase in volume and sophistication, it is not a matter of if, but when, an organisation will have an incident. Threat actors target accounts, users, and their associated identities, to conduct their malicious activities through privileged attacks and asset vulnerabilities. Poor identity and privilege management can be leveraged to compromise accounts and credentials within an organisation. The book covers how role-based identity assignments, entitlements, and auditing strategies can be implemented to mitigate the threats leveraging accounts and identities and how to manage compliance for regulatory initiatives. Identity Attack Vectors details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organisations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program. Key Topics covered in the book: The concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector How to implement an effective Identity Access Management (IAM) program to manage identities and roles, and provide certification for regulatory compliance Where identity management controls play a part of the cyber kill chain and how privileges should be managed as a potential weak link How to build upon industry standards to integrate key identity management technologies into a corporate ecosystem How to plan for a successful deployment, implementation scope, measurable risk reduction, auditing and discovery, regulatory reporting, and oversight based on real-world strategies to prevent identity attack vector. Morey has more than 20 years of IT industry experience and joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology management solutions for vulnerability, and privileged and remote access. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook. Recorded 25 November 2019. FURTHER LISTENING Episode 176 - Privileged Access Management (PAM) and analysis of the BeyondTrust Microsoft Vulnerabilities Report 2019 https://blubrry.com/mysecurity/51406933/episode-176-privileged-access-management-pam-and-analysis-of-the-beyondtrust-microsoft-vulnerabilities-report-2019/ Episode 172 - Privileged Access Management (PAM) with BeyondTrust CISO & CTO, Morey Haber https://blubrry.com/mysecurity/48710291/episode-172-privileged-access-management-pam-with-beyondtrust-ciso-cto-morey-haber/ Episode 148 - Privileged Access Management, SingHealth Breach & Beyond Trust solution addressing ASD Top4 - Essential 8 https://blubrry.com/mysecurity/43342483/episode-148-privileged-access-management-singhealth-breach-beyond-trust-solution-addressing-asd-top4-essential-8/
Wikileaks published a cache of documents and information from what appears to be a wiki from the Central Intelligence Agency (CIA). This week, we discuss the details of the leak (as of 11Mar 2017), and how damaging it is to blue teamers. To help us, we asked Mr. Dave Kennedy (@hackingDave) to sit down with us and discuss what he found, and his opinions of the data that was leaked. Mr. Kennedy is always a great interview, and his insights are now regularly seen on Fox Business News, CNN, and MSNBC. Dave isn't one to rest on his laurels. For many of you, you know him as the co-organizer of #derbycon, as well as a board member of #ISC2. We ask him about initiatives going on with ISC2, and how you (whether or not you're a ISC2 cert holder). You can help with various committees and helping to improve the certification landscape. We talk about how to get involved. We finish up asking about the latest updates to DerbyCon, as well as the dates of tickets, and we talk about our CTF for a free ticket to DerbyCon. Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-009-dave_kennedy_vault7_isc2_derbycon_update.mp3 Youtube: https://www.youtube.com/watch?v=lqXGGg7-BlM iTunes: https://itunes.apple.com/us/podcast/2017-009-dave-kennedy-talks-abotu-cias-vault7-isc2/id799131292?i=1000382638971&mt=2 #Bsides #London is accepting Call for Papers (#CFP) starting 14 Febuary 2017, as well as a Call for Workshops. Tickets are sold out currently, but will be other chances for tickets. Follow @bsidesLondon for more information. You can find out more information at https://www.securitybsides.org.uk/ CFP closes 27 march 2017 ------ HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/ SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/ --show notes-- http://www.bbc.com/news/world-us-canada-10758578 WL: “CIA ‘hoarded’ vulnerabilities or ‘cyber-weapons’ Should they not have tools that allow them to infiltrate systems of ‘bad’ people? Promises to share information with manufacturers BrBr- Manufacturers and devs are the reason the CIA has ‘cyber-weapons’ Shit code, poor software design/architecture Security wonks aren’t without blame here either http://www.bbc.com/news/technology-39218393 -RAND report Report suggested stockpiling is ‘good’ “On the other hand, publicly disclosing a vulnerability that isn't known by one's adversaries gives them the upper hand, because the adversary could then protect against any attack using that vulnerability, while still keeping an inventory of vulnerabilities of which only it is aware of in reserve.” Encryption does still work, in many cases… as it appears they are having to intercept the data before it makes it into secure messaging systems… http://abcnews.go.com/Technology/wireStory/cia-wikileaks-dump-tells-us-encryption-works-46045668 (somewhat relevant? Not sure if you want to touch on https://twitter.com/bradheath/status/837846963471122432/photo/1) Wikileaks - more harm than good? Guess that depends on what side you’re on What side is Assange on? (his own side?) Media creates FUD because they don’t understand Secure messaging apps busted (fud inferred by WL) In fact, data is circumvented before encryption is applied. Some of the docs make you wonder about the need for ‘over-classification’ Vulnerabilities uncovered Samsung Smart TVs “Fake-Off” Tools to exfil data off of iDevices BrBr- Cellbrite has sold that for years to the FBI CIA appears to only have up to iOS 9 (according to docs released) Car hacking tech Sandbox detection (notices mouse clicks or the lack of them) Reported by eEye: https://wikileaks.org/ciav7p1/cms/page_2621847.html Technique: Process Hollowing: https://wikileaks.org/ciav7p1/cms/page_3375167.html Not new: https://attack.mitre.org/wiki/Technique/T1093 **anything Mr. Kennedy feels is important to mention** What can blue teamers do to protect themselves? Take an accounting of ‘smart devices’ in your workplace Educate users on not bringing smart devices to work And at home (if they are remote) Alexa, Restrict smart devices in sensitive areas SCIFs, conference rooms, even in ‘open workplace’ areas Segment possibly affected systems from the internet Keep proper inventories of software used in your environment Modify IR exercises to allow for this type of scenario? Reduce ‘smart’ devices Grab that drill and modify the TV in the conference room Cover the cameras on TV Is that too paranoid? Don’t setup networking on smart devices or use cloud services on ‘smart’ devices Remind devs that unpatched or crap code can become the next ‘cyber-weapon’ ;)
Interview with Marc Maiffret Marc Maiffret is the Chief Technology Officer at BeyondTrust, a leading vulnerability and compliance management company, and was a co-founder of eEye Digital Security. How did you get your start in information security? Tell us about your work at eEye and your work in the early days there. Back in 2007, you left eEye to start work on a mobile phone application - what would do you think is needed in the Mobile arena now that is NOT security related? What research do you think needs to be done that no one is doing now?
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has rarely been touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena. I predict we will see more kernel vulnerabilities in the future, as more core networking components are being implemented at the driver level. In this presentation I will walk through the remote exploitation of a kernel level vulnerability. A number of payloads will be discussed and demonstrated, and I will explain how to overcome the various obstacles that arise when attempting to exploit ring 0 vulnerabilities. As a final demonstration, we will say goodnight to the Windows OS entirely. Barnaby Jack is a Senior Research Engineer at eEye Digital Security. His role at eEye involves developing internal technologies, malicious code analysis, vulnerability research-and applying this research to the eEye product line. His main areas of interest include reverse engineering and operating system internals. He has been credited with the discovery of numerous security vulnerabilities, and has published multipl
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
This presentation will cover the eEye BootRoot project, an exploration of technology that boot sector code can use to subvert the Windows NT-family kernel and retain the potential for execution, even after Windows startup-a topic made apropos by the recent emergence of Windows rootkits into mainstream awareness. We will provide some brief but technical background on the Windows startup process, then discuss BootRoot and related technology, including a little-known stealth technique for low-level disk access. Finally, we will demonstrate the proof-of-concept BootRootKit, loaded from a variety of bootable media. Derek Soeder is a Software Engineer and after-hours researcher at eEye Digital Security. In addition to participating in the ongoing development of eEye's Retina Network Security Scanner product, Derek has also produced a number of internal technologies and is responsible for the discovery of multiple serious security vulnerabilities. His main areas of interest include operating system internals and machine code-level manipulation. Ryan Permeh is a Senior Software Engineer at eEye Digital Security. He focuses mainly on the Retina and SecureIIS product lines. He has worked in the porting of nmap and libnet to Windows, as well as helping with disassembly and reverse engineering, and exploitation efforts within the eEye research team.
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
Almost every possible method and technique regarding Windows exploitation has been discussed in depth. Surprisingly, a topic that has rarely been touched on publicly is the remote exploitation of Win32 kernel vulnerabilities; a number of kernel vulnerabilities have been published, yet no exploit code has surfaced in the public arena. I predict we will see more kernel vulnerabilities in the future, as more core networking components are being implemented at the driver level. In this presentation I will walk through the remote exploitation of a kernel level vulnerability. A number of payloads will be discussed and demonstrated, and I will explain how to overcome the various obstacles that arise when attempting to exploit ring 0 vulnerabilities. As a final demonstration, we will say goodnight to the Windows OS entirely. Barnaby Jack is a Senior Research Engineer at eEye Digital Security. His role at eEye involves developing internal technologies, malicious code analysis, vulnerability research-and applying this research to the eEye product line. His main areas of interest include reverse engineering and operating system internals. He has been credited with the discovery of numerous security vulnerabilities, and has published multipl
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
This presentation will cover the eEye BootRoot project, an exploration of technology that boot sector code can use to subvert the Windows NT-family kernel and retain the potential for execution, even after Windows startup-a topic made apropos by the recent emergence of Windows rootkits into mainstream awareness. We will provide some brief but technical background on the Windows startup process, then discuss BootRoot and related technology, including a little-known stealth technique for low-level disk access. Finally, we will demonstrate the proof-of-concept BootRootKit, loaded from a variety of bootable media. Derek Soeder is a Software Engineer and after-hours researcher at eEye Digital Security. In addition to participating in the ongoing development of eEye's Retina Network Security Scanner product, Derek has also produced a number of internal technologies and is responsible for the discovery of multiple serious security vulnerabilities. His main areas of interest include operating system internals and machine code-level manipulation. Ryan Permeh is a Senior Software Engineer at eEye Digital Security. He focuses mainly on the Retina and SecureIIS product lines. He has worked in the porting of nmap and libnet to Windows, as well as helping with disassembly and reverse engineering, and exploitation efforts within the eEye research team.