POPULARITY
Guests: Ed Skoudis, President at SANS Technology Institute [@SANS_EDU]On LinkedIn | https://www.linkedin.com/in/edskoudis/At RSAC | https://www.rsaconference.com/experts/ed-skoudisHeather Mahalik Barnhart, Faculty Fellow & DFIR Curriculum Lead at SANS, Sr Dir of Community Engagement at Cellebrite [@Cellebrite]On LinkedIn | https://www.linkedin.com/in/heather-mahalik-cellebrite/On Twitter | https://twitter.com/HeatherMahalikAt RSAC | https://www.rsaconference.com/experts/heather-mahalikJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrichAt RSAC | https://www.rsaconference.com/experts/johannes-ullrich____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this new episode of the On Location Podcast with Sean and Marco, listeners were treated to an in-depth preview of the RSA Conference SANS Keynote, featuring engaging dialogues with industry luminaries Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich. Each brought to the fore their unique perspectives and expertise, providing a fascinating glimpse into the current state and future direction of cybersecurity.Ed Skoudis, President of the SANS Technology Institute College, stands at the forefront of cybersecurity education, guiding the future of the field through his leadership and vision. As moderator of the RSA Conference keynote panel, Skoudis emphasized the panel's history and its focus on burgeoning cybersecurity threats and innovations. His dual role as a SANS fellow and the founder of CounterHack challenges underscores a commitment to practical, real-world applications of cybersecurity knowledge.Heather Mahalik Barnhart brings a wealth of experience as the Curriculum Lead at SANS and a Senior Director of Community Engagement at Celebrite. Her expertise in mobile threats and digital intelligence is pivotal in an era where mobile devices are ubiquitous. Barnhart's focus on the escalation of mobile security threats underscores the critical need for continuous vigilance and advanced protective measures in cybersecurity practices.Johannes Ullrich, Dean of Research for the SANS Technology Institute College, brings his profound insights into web application security to the discussion. His leadership at the Internet Storm Center provides him with a unique vantage point on the latest cyber threats and defensive strategies. Ullrich's work exemplifies the essential nature of forward-looking research in developing effective cybersecurity defenses.The conversation highlights not just individual achievements but also the collective effort of the panel to address current cyber threats while preparing for future challenges. The keynote panelists discussed their approach to selecting topics that not only resonate with current issues but also anticipate future threats. This proactive approach is a testament to their deep understanding of the cybersecurity landscape and their commitment to equipping professionals with the knowledge to stay one step ahead.Terrence Williams, a new addition to the panel and a notable figure in cloud security from Amazon, and Steve Sims, an authority on offensive security curriculum at SANS, were also mentioned as key contributors to the upcoming keynote session. Their inclusion promises to bring fresh insights and a broader perspective to the discussions, enriching the discourse on cybersecurity's most pressing and complex issues.Key Questions AddressedHow does SANS choose the five topics for the RSA Conference SANS Keynote?What are the key cybersecurity trends and threats for the future?How can individuals and organizations mitigate these identified threats?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:
Guests: Ed Skoudis, President at SANS Technology Institute [@SANS_EDU]On LinkedIn | https://www.linkedin.com/in/edskoudis/At RSAC | https://www.rsaconference.com/experts/ed-skoudisHeather Mahalik Barnhart, Faculty Fellow & DFIR Curriculum Lead at SANS, Sr Dir of Community Engagement at Cellebrite [@Cellebrite]On LinkedIn | https://www.linkedin.com/in/heather-mahalik-cellebrite/On Twitter | https://twitter.com/HeatherMahalikAt RSAC | https://www.rsaconference.com/experts/heather-mahalikJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrichAt RSAC | https://www.rsaconference.com/experts/johannes-ullrich____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this new episode of the On Location Podcast with Sean and Marco, listeners were treated to an in-depth preview of the RSA Conference SANS Keynote, featuring engaging dialogues with industry luminaries Ed Skoudis, Heather Mahalik Barnhart, and Johannes Ullrich. Each brought to the fore their unique perspectives and expertise, providing a fascinating glimpse into the current state and future direction of cybersecurity.Ed Skoudis, President of the SANS Technology Institute College, stands at the forefront of cybersecurity education, guiding the future of the field through his leadership and vision. As moderator of the RSA Conference keynote panel, Skoudis emphasized the panel's history and its focus on burgeoning cybersecurity threats and innovations. His dual role as a SANS fellow and the founder of CounterHack challenges underscores a commitment to practical, real-world applications of cybersecurity knowledge.Heather Mahalik Barnhart brings a wealth of experience as the Curriculum Lead at SANS and a Senior Director of Community Engagement at Celebrite. Her expertise in mobile threats and digital intelligence is pivotal in an era where mobile devices are ubiquitous. Barnhart's focus on the escalation of mobile security threats underscores the critical need for continuous vigilance and advanced protective measures in cybersecurity practices.Johannes Ullrich, Dean of Research for the SANS Technology Institute College, brings his profound insights into web application security to the discussion. His leadership at the Internet Storm Center provides him with a unique vantage point on the latest cyber threats and defensive strategies. Ullrich's work exemplifies the essential nature of forward-looking research in developing effective cybersecurity defenses.The conversation highlights not just individual achievements but also the collective effort of the panel to address current cyber threats while preparing for future challenges. The keynote panelists discussed their approach to selecting topics that not only resonate with current issues but also anticipate future threats. This proactive approach is a testament to their deep understanding of the cybersecurity landscape and their commitment to equipping professionals with the knowledge to stay one step ahead.Terrence Williams, a new addition to the panel and a notable figure in cloud security from Amazon, and Steve Sims, an authority on offensive security curriculum at SANS, were also mentioned as key contributors to the upcoming keynote session. Their inclusion promises to bring fresh insights and a broader perspective to the discussions, enriching the discourse on cybersecurity's most pressing and complex issues.Key Questions AddressedHow does SANS choose the five topics for the RSA Conference SANS Keynote?What are the key cybersecurity trends and threats for the future?How can individuals and organizations mitigate these identified threats?Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:
Guests: Katie Nickels, Certified Instructor and Director of Intelligence Operations at SANS Institute [@sansforensics] and Red Canary [@redcanary]On LinkedIn | https://www.linkedin.com/in/katie-nickels/On Twitter | https://twitter.com/likethecoinsOn Mastodon | https://infosec.exchange/@likethecoinsJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrich____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this new RSA Conference Coverage podcast episode with ITSPmagazine, cybersecurity experts and SANS instructors, Katie Nickels and Johannes Ullrich, delve into the "Five Most Dangerous New Attack Techniques" panel, a discussion they've been part of for the past few years. They shed light on how they identify these top techniques by examining their increasing prevalence and potential impact. Joined by an outstanding panel of experts, including Heather Mahalik, a mobile technology specialist, and Steve Sims, an offensive security guru, they offer unique insights from different sides of the industry while also highlighting the importance of practical, hands-on advice and defense strategies against these threats.The panel emphasizes the importance of practical, hands-on advice and defense strategies to combat these emerging threats. Furthermore, Johannes shares valuable information about the Internet Storm Center's role in monitoring attacks and disseminating knowledge within the cybersecurity community.Tune in to this must-listen episode for a sneak peek of the latest attack techniques, evolving defense mechanisms, and the collaborative efforts of the cybersecurity community that will be presented during the panel so you can stay one step ahead of the attackers.Don't forget to share and subscribe to ITSPmagazine's RSA Conference Coverage to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesSession | The Five Most Dangerous New Attack Techniques: https://www.rsaconference.com/USA/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20TechniquesInternet Storm Center Diaries: https://isc.sans.edu/Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
Guests: Katie Nickels, Certified Instructor and Director of Intelligence Operations at SANS Institute [@sansforensics] and Red Canary [@redcanary]On LinkedIn | https://www.linkedin.com/in/katie-nickels/On Twitter | https://twitter.com/likethecoinsOn Mastodon | https://infosec.exchange/@likethecoinsJohannes Ullrich, Dean of Research at SANS Technology Institute [@sansforensics]On LinkedIn | https://www.linkedin.com/in/johannesullrich/On Twitter | https://twitter.com/sans_iscOn Mastodon | https://infosec.exchange/@jullrich____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcwebBrinqa | https://itspm.ag/brinqa-pmdpSandboxAQ | https://itspm.ag/sandboxaq-j2en____________________________Episode NotesIn this new RSA Conference Coverage podcast episode with ITSPmagazine, cybersecurity experts and SANS instructors, Katie Nickels and Johannes Ullrich, delve into the "Five Most Dangerous New Attack Techniques" panel, a discussion they've been part of for the past few years. They shed light on how they identify these top techniques by examining their increasing prevalence and potential impact. Joined by an outstanding panel of experts, including Heather Mahalik, a mobile technology specialist, and Steve Sims, an offensive security guru, they offer unique insights from different sides of the industry while also highlighting the importance of practical, hands-on advice and defense strategies against these threats.The panel emphasizes the importance of practical, hands-on advice and defense strategies to combat these emerging threats. Furthermore, Johannes shares valuable information about the Internet Storm Center's role in monitoring attacks and disseminating knowledge within the cybersecurity community.Tune in to this must-listen episode for a sneak peek of the latest attack techniques, evolving defense mechanisms, and the collaborative efforts of the cybersecurity community that will be presented during the panel so you can stay one step ahead of the attackers.Don't forget to share and subscribe to ITSPmagazine's RSA Conference Coverage to keep up with the latest trends in technology and cybersecurity.____________________________ResourcesSession | The Five Most Dangerous New Attack Techniques: https://www.rsaconference.com/USA/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20TechniquesInternet Storm Center Diaries: https://isc.sans.edu/Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
You can't put a price on bants! Friends and enemies welcome as this week Christa, Si, and Desi recap HTCIA and DFRWS. Deep dive into ticket prices and accessibility. Wonder whether there is innovation in the vendor space. Consider running their own virtual Forensic Focus conference in 2023. They briefly touch on neurodiversity, potential guests, and we all get treated to Si's long preamble and and slightly shorter outro. Show Notes: DFRWS APAC 2022 Program - https://dfrws.org/apac-2022-program/ BSides AUS - https://www.bsidesau.com.au/ BSides UK - https://www.securitybsides.org.uk/# HTCIA - https://htcia.org/ Heather Mahalik's talk on verifying evidence CYACOMB Prioritizing time sensitive investigations with Rapid Digital Triage - Alan McConnell Hansken Forensics - https://www.hansken.nl/ Velociraptor - https://www.rapid7.com/products/velociraptor/ Sydney Declaration IAFS 2023 - https://iafs2023.com.au/sydney-declaration/
Host John Hubbard, Blueprint host and SANS Cyber Defense Curriculum Lead, moderated a panel of cyber security experts including Heather Mahalik, Katie Nickels and Jeff McJunkin for this powerful discussion.John and guests share their wisdom on trends they are seeing in the cyber industry and offer advice as to how we should be looking at cyber defense in 2022 and beyond.Guests: Heather MahalikKatie NickelsJeff McJunkinFilmed live at SANSFIRE 2022Sponsor's Note:Support for the Blueprint podcast comes from the SANS Institute.If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.Check out the details at sansurl.com/450 Hope to see you in class!Follow SANS Cyber Defense: Twitter | LinkedIn | YouTubeFollow John Hubbard: Twitter | LinkedIn
In the second episode of Chewing the FAT, Phil and Adam host special guest Heather Mahalik to discuss SANS coming together with the leading industry vendors to produce a validation guide plus we run through some of the recent Digital Forensics industry news.For the second Forensic Faux Pas segment to air, special guest Heather shares a couple of their embarrassing stories of things that went wrong from their early days plus some great stories from our listeners.Links for some of the content we discussed during the show:The State of Android Health Data (Part 1) – Garmin https://thebinaryhick.blog/2021/05/22/the-state-of-android-health-data-part-1-garmin/ Rabbit Hole from CCL (Alex Caithness) https://uploads-ssl.webflow.com/5f02f2c93eab87a6ea84e2f3/60364c14ce5f0e240b78de9c_RabbitHole_DD_2021.pdf MSAB partner with Detego: https://www.forensicfocus.com/news/detego-joins-forces-with-msab-in-strategic-digital-forensics-partnership/#:~:text=Detego%C2%AE%20Joins%20Forces%20With%20MSAB%20In%20Strategic%20Digital%20Forensics%20Partnership,-17th%20May%202021&text=Detego%2C%20global%20leaders%20in%20rapid,in%20mobile%20device%20digital%20forensics. Should encryption be curbed to combat child abuse? https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/business-57050689.amp Impacts of COVID 19 on the risk of online child sexual exploitation: https://www.arts.unsw.edu.au/sites/default/files/documents/eSafety-OCSE-pandemic-report-salter-and-wong.pdf Microsoft and UK government make it easier for public sector to use Azure: https://news.microsoft.com/en-gb/2021/05/11/microsoft-and-uk-government-make-it-easier-for-public-sector-organisations-to-use-the-azure-cloud/ Heather's link to DFIR Summit: https://www.sans.org/event/digital-forensics-summit-2021Six Steps to Mobile Validation – Working Together for the Common Good A joint effort with collaboration from across several major DF vendors resulted in a joint standards paper being released by SANS shortly afterwards, promoting good practice. https://www.sans.org/blog/six-steps-to-successful-mobile-validation-paper/Signal Story:Original claim and reply posted in Dec 2020, about "breaking signal encryption"https://signal.org/blog/cellebrite-and-clickbait/ 21st April 2021, posted new blog outlining vulnerabilities in Cellebrite software.https://signal.org/blog/cellebrite-vulnerabilities/Cellebrite response: https://www.cellebrite.com/en/our-mission-remains-clear/We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.You can visit the Formobile website at: https://formobile-project.eu/This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. Hosted on Acast. See acast.com/privacy for more information.
In the first ever episode of Chewing the FAT, Phil and Adam introduce themselves, run through some of the recent Digital Forensics industry news, and share their thoughts on some recently published digital evidence guidance. For the first Forensic Faux Pas segment to air, Phil and Adam share a couple of their embarrassing stories of things that went wrong from their days in the lab.Links for some of the content we discussed during the show:ACPO - https://library.college.police.uk/docs/acpo/digital-evidence-2012.pdfISO 17025 - https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/912389/107_FSR-C-107_Digital_forensics_2.0.pdfForMobile - https://formobile-project.eu/COP Report - https://www.college.police.uk/article/consultation-extracting-data-electronic-devices-releasedCTF Twitter - https://twitter.com/ChewintheFATPodDFIR Twitter # - https://twitter.com/hashtag/dfirForensic Discord Server - https://discord.com/invite/JUqe9EkJosh Hickman - https://thebinaryhick.blog/Heather Mahalik - https://www.cellebrite.com/en/ios-location-artifacts-explained/Jessica Hyde, Magnet Forensics - https://www.magnetforensics.com/blog/ways-to-share-in-dfir/Oleg Afonin, Elcomsoft - https://blog.elcomsoft.com/2021/02/ios-recovery-mode-analysis-reading-ios-version-from-locked-and-disabled-iphones/MSAB - https://www.msab.com/2020/09/17/super-fast-iphone-extraction-times/Belkasoft - https://belkasoft.com/forensic_extraction_of_data_from_mobile_apple_devicesPhill Moore, ThisWeekin4n6 https://thisweekin4n6.com/Android Triage - https://www.andreafortuna.org/2021/04/10/android-triage-a-really-useful-forensic-tool-by-mattia-epifani/Autospy - https://www.cybertriage.com/2021/our-100-unbiased-4cast-awards-nominations/Alexis Brignoni, Realm - https://abrignoni.blogspot.com/search?q=realmMagnet Forensics, Chromebook Acquisition Assistant - https://www.magnetforensics.com/resources/magnet-chromebook-acquisition-assistant/We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground. You can visit the Formobile website at: https://formobile-project.eu/This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800. Hosted on Acast. See acast.com/privacy for more information.
She's been a Digital Forensic Examiner for over 18 years, and has worked many investigations! She's also a researcher, blogger, author and instructor of all she knows. She loves wine, bourbon, vacations and my family (...but not necessarily in the order, LOL!) We talk cold cases and finding work like balance!Instagram: @hmahalik11Twitter: @HeatherMahalikWebsite: smarterforensics.comSupport the show (https://www.buymeacoffee.com/heyheather)
FOR585: Smartphone Forensic Analysis In-Depth (blank) . To say that digital forensics is central to Heather's life is quite an understatement. Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to media associated with terrorism. She has helped law enforcement, eDiscovery firms, military, and the federal government extract and manually decode artifacts used in solving investigations around the world. Heather began working in digital forensics in 2002, and has been focused on mobile forensics since 2010 - there's hardly a device or platform she hasn't researched or examined or a commercial tool she hasn't used. She also maintains www.smarterforensics.com (www.smarterforensics.com) . Heather is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack't Publishing. In this episode, we discuss coming back to law enforcement, cloud forensics, what drives her research, early mentors, the start of cellphone forensics, mobile device threats, developing presentations, and so much more! Where you can find Heather: Twitter (https://twitter.com/HeatherMahalik) LinkedIn (https://www.linkedin.com/in/heather-mahalik-3615535/) SANS (https://www.sans.org/instructors/heather-mahalik) Blog (https://smarterforensics.com/blog/)
SC Magazine as one of its "2016 Women to Watch." (https://www.scmagazine.com/home/security-news/features/women-to-watch/) and a recipient of the Enfuse 2018 Difference Makers Award for her efforts in educational outreach. She has more than 15 years of experience in computer and network security that spans government, academic, and corporate environments. Her current role as Founder and Senior Consultant at SANS FOR526 Advanced Memory Forensics and Threat Detection (https://www.sans.org/course/memory-forensics-in-depth) course, she is passionate about memory management and forensic artifact hunting. In this episode we discuss, being confused with Heather Mahalik (https://www.linkedin.com/in/heather-mahalik-gasf-gcfe-cfce-ence-mfce-3615535/) , running a helpdesk, file system forensics, memory forensics, balancing blue teams and red teams, when to add threat hunting to your program, the value of certifications, balancing work and life, keeping skills current, and so much more. Where you can find Alissa: LinkedIn (https://www.linkedin.com/in/alissatorres) Twitter (https://twitter.com/sibertor) SANS (https://www.sans.org/instructors/alissa-torres)
In today’s chat, Sean Martin connects with all four of the SANS panelists for their RSA Conference keynote panel entitled "The Five Most Dangerous New Attack Techniques and How to Counter Them." This RSA Conference session is always a hit and is again led this year by Research Director and Founder of the SANS Institute, Alan Paller. Alan is joined on stage by Ed Skoudis, Heather Mahalik and Johannes Ullrich — and I chat with all of them to get a sneak peek into what they will be talking about this year with regards to the latest threats, attacks and the methods used to carry them out. All of our RSA Conference coverage, including these chats on the road, is made possible by the generosity of our sponsors. We’d like to thank edgescan, Bugcrowd, STEALTHbits and Devo for their support, and encourage you to have a look at their directory listings on ITSPmagazine to see how they can help you with your risk, security and compliance programs. Edgescan: https://www.itspmagazine.com/company-directory/edgescan Bugcrowd: https://www.itspmagazine.com/company-directory/bugcrowd STEALTHbits: https://www.itspmagazine.com/company-directory/stealthbits Devo: https://www.itspmagazine.com/company-directory/devo For more Chats on the Road to RSA Conference 2019, please visit: https://www.itspmagazine.com/itsp-chronicles/chats-on-the-road-to-rsa-conference-2019-san-francisco
Live from the Magnet User Summit in Las Vegas with Jessica Hyde, Heather Mahalik, Jad Saliba, Matthew Seyer and David Cowen
Heather Mahalik is leading the forensic effort as a Principal Forensic Scientist for ManTech CARD. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode478#Interview:_Heather_Mahalik.2C_The_SANS_Institute_-_7:00PM-8:00PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
Heather Mahalik is leading the forensic effort as a Principal Forensic Scientist for ManTech CARD. Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Episode478#Interview:_Heather_Mahalik.2C_The_SANS_Institute_-_7:00PM-8:00PM Subscribe to YouTube Channel: https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg Security Weekly Website: http://securityweekly.com Follow us on Twitter: @securityweekly
We interview Heather Mahalik from SANS Institute on mobile phone forensics, our listener feedback segment will be The Host's Perspective, and our security news covers Facebook facial recognition, hacking smart cities, and why Ashley Madison has agreed to a security overhaul. Stay tuned!
We interview Heather Mahalik from SANS Institute on mobile phone forensics, our listener feedback segment will be The Host's Perspective, and our security news covers Facebook facial recognition, hacking smart cities, and why Ashley Madison has agreed to a security overhaul. Stay tuned!
This segment was broken in two parts as the technical segment with Heather Mahalik happened in the middle of it. Heather is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics. Ok, on to the stories of the week with Paul, Larry, Allison and Jack. What'd you do this summer? Disney? Six Flags? Big Data Land? After much chatter in the Twittersphere (logged here by Space Rogue) last week, Jack brings up the "Popping Penguins" article from Forbes. The article talks about this super vulnerable program that is going to be the downfall of Linux. It's called bash. Would you believe you can use bash to start a listener on your machine and then send some commands over telnet to have someone else's machine connect back to you? Uh oh. Also, beware of another application, one that runs from the desktop that lets you connect to other computers and pull down files from a machine you don't own. Yeah, that one's called a browser. Sounds equally dangerous, no? Should we uninstall bash as a security measure? Larry threw out there an article on 5 WiFi security myths to abandon. But Larry mentioned that some of these might not actually be very new. Things like don't hide SSID as some newer systems will see them anyway and digging deeper to find the SSID isn't that hard. Plus, if its owner took the steps to hide it, wouldn't that pique your interest that there may be something good running there? Sending out a weak signal may sound like a good idea as if someone can't reach it, they can't connect to it, right? But all that does is annoys its intended users and if someone really wants to get on the network, they'll simply use an antenna. The article ends with the non-myth that if you truly want WiFi security, make sure you use good encryption and a strong password. Simple, eh? Jack was looking forward to going on a good patch rant. He and Paul have done webinars about really stretching things and getting your patch cycle down to five days from the day of release. Jack said during the good old days, he'd challenge himself to getting his systems patched within 72 hours. Patch Tuesday was to be completed by Friday. In this article by Dr. Anton Chuvakin, he does indicate how it would be good for some big corporations to get their patch cycle down from 90 days to 30 days, but then argues if the bad guys only need 3, then what's the point of all that effort? Jack's feeling is that even the 30 days should be enough in many cases, but it's often politics and other "can't do" attitudes that prevent it from happening. Why is that? Get those patches in place people! One quick note on a tangent the team went off on. In their experience as pentesters, Larry and Paul mention that all to often the way they end up pwning a system is through some machine that no one knew was running, with services that no one knew were running, with an account that no one knows why it still exists. Do you have a good inventory of where your data is? What machines are in your data center? What services and accounts are on each? If those are gold to a pentester, who has to respect a customer's defined scope, guess what a malicious user is going to do to your network. Paul's looking for advice on what new phone he should get? Android? iPhone? What say you? Tweet him up with your suggestion at @securityweekly. Remember that Yahoo bug bounty program? $12.50 credit toward the Yahoo store? A little update from the rants and ridicule from last week, it was actually one guy , Ramses Martinez, Director, Yahoo Paranoids, who was very appreciative of people reporting bugs and was paying them out of pocket. He would send researchers a Yahoo tshirt but would then find out the recipient already had multiple Yahoo shirts. Martinez's idea then was to give the reporter a credit in the Yahoo store matching the value of the shirt, our of his own pocket. Since the uproar, Yahoo has installed its own bug bounty program and Martinez is no longer paying for the reports himself. Good on ya, Yahoo and even better, thank you Ramses Martinez for caring about security. Speaking of bug bounties, Google has started a bug bounty program for open source software. Repeat that, it's not just Google software that they're paying bounties for, it's software that there really is no organization behind and normally count on volunteers to fix things. Now Google is putting their money behind that effort. As Allison mentions, there hasn't ever been any motivation for anyone to report bugs and now there is. estrada-sm.jpgPaunch, the alleged author of the Blackhole exploit kit was arrested in Russia last week. Or at least we think so. Some unconfirmed reports have indicated this and Blackhole has not been updated since this time. Or maybe the guy just decided to take an extended vacation and threw the story out there himself. Either way, it might be time for Evil Bob to find a new exploit kit. (Note: Erik Estrada is not "Paunch", he's Ponch, as in Frank Poncharello) Microsoft has a new disk cleanup where it removes all the old and outdated updates. Jack gained more than 6 GB of space after running the cleanup but a word of caution, it take a concerning long time for the next reboot. You might think you killed your computer but no, it really does take that long. Check out "Tails" a security and privacy distribution and let us know what you think. Is it good? What makes it a better choice than some others? Though the number of security updates in recent versions is a little concerning. Yeah, I get it that it's good that security holes are fixed and that it's to software that the distro is including. But it's just a little concerning when you pitch it as being for security and privacy yet there are piles of security updates. It makes me wonder just how secure it is and whether it's any better than a secure version of your favorite distribution anyway. But you can certainly let me know and I'll post some comments from you in upcoming week. Tweet me at @plaverty9 There was also some discussion on iOS7 image identification, Larry has a colleague at Inguardians who wrote up an intro to using rfcat and Jack suggests taking a deeper look for yourself before jumping into the patch for MS13-81 and whether your system needs it. If it does, test thoroughly. It's got some deep stuff on it.
Heather Mahalik is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.