Podcasts about spiderlabs

Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably the vertical stroke, “|.” Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed appears to be an HTML document. Of course, it’s malicious. The research can be found here: HTML Lego: Hidden Phishing at Free JavaScript Site

Guest Karl Sigler of Trustwave's SpiderLabs joins Dave Bittner to talk about their research: "Hidden Phishing at Free JavaScript Site". The research describes an interesting phishing campaign SpiderLabs encountered recently. In this campaign, the email subject pertains to a price revision, followed by some numbers. There is no email body, but there is an attachment about an ”investment.” The attachment’s convoluted filename contains characters the file-naming convention doesn’t allow, notably the vertical stroke, “|.” Even though "xlsx" is in the filename, double-clicking the attachment will prompt the user to open it with the default web browser. Thus, the file indeed appears to be an HTML document. Of course, it’s malicious. The research can be found here: HTML Lego: Hidden Phishing at Free JavaScript Site

Dive back into the world of Red Team operations with today's guest, John Cartrett of the SpiderLabs team at Trustwave. He leads clandestine-style operations in simulated attacks on organizations to help them find their least expected and most dangerous vulnerability points and tighten them up. Despite being a newly hot practice that a lot of people are just getting into, John has been red teaming for five years, with another thirteen years before that of IT experience and other forms of offensive testing. Listeners are always asking how to get started in red teaming and what they need to know to get on that ladder, so we'll be talking about career strategies and skill sets — but I also want to know whether anything has changed or will now change in the light of the current global COVID-19 pandemic. With red team staffs currently scattered and isolating at home and the economy suffering, will this change the nature of red teaming now or in the years to come?– Get free training for your entire cybersecurity team (10 or more): https://www.infosecinstitute.com/cyberwork– Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/– View transcripts and additional episodes: https://www.infosecinstitute.com/podcastJohn is a Principal Consultant and the Red Team lead for the SpiderLabs team at Trustwave. His responsibilities mainly include managing all red team services in the Americas from start to finish, as well as being a subject matter expert on red team services globally. He has eighteen years of information technology experience and ten years of offensive testing experience with the last five years focused on clandestine-style Red Teaming. He has directed and executed close to one hundred full-scope red team operations for organizations of all sizes and geographic locations. He has obtained many certifications from organizations such as Microsoft,Cisco, GIAC and Offensive Security, as well as attended thousands of hours of skills-based training.About InfosecAt Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

Red teaming is one of the most fascinating activities an ethical hacker can be involved in. The practice usually involves an independent group that assumes the role of a hacker to show organisations what vulnerabilities or backdoors pose a threat to their cyber security. Sounds like every organisation should employ one…but is it always necessary? And if so, how do you know if your organisation is ready for red teaming? On this episode of the teissPodcast I speak with Ed Williams, EMEA director at SpiderLabs, Trustwave, about red teaming and deciding when is the right time for an organisation to engage a red team. Ed, a patriotic Welshman and ardent rugby enthusiast, explains some common tactics hackers use to manipulate people, where red teaming should sit in the overall cyber security strategy and how can cyber maturity be achieved through red teaming.

There were a lot of amazing new tools and techniques released at Hacker Summer Camp 2017. In this week's episode of Tradecraft Security Weekly Beau Bullock (@dafthack) talks about some of the more interesting items he saw at the Black Hat and DEF CON conferences. Full Show Notes: https://wiki.securityweekly.com/TS_Episode13 LINKS:  Kali Linux Revealed - https://www.kali.org/download-kali-linux-revealed-book/ Spiderlabs Portia - https://github.com/SpiderLabs/portia Duo isthislegit and phimm - https://duo.com/blog/new-open-source-phishing-tools-isthislegit-and-phinn Revoke-obfuscation - https://www.fireeye.com/blog/threat-research/2017/07/revoke-obfuscation-powershell.html & https://github.com/danielbohannon/Revoke-Obfuscation EAPHammer - https://github.com/s0lst1c3/eaphammer Kwetza - https://github.com/sensepost/kwetza Koadic - https://github.com/zerosum0x0/koadic SRDI - https://github.com/monoxgas/sRDI Yasuo - https://github.com/0xsauby/yasuo Printer Exploit Kit - https://www.pcmag.com/news/355256/your-printer-can-steal-and-deface-your-documents & https://github.com/RUB-NDS/PRET

Uptake (https://uptake.com/) . Prior to Uptake, Nicholas was the Vice President of Global Services at Trustwave (https://www.trustwave.com/home/) where he led more than 2000 incident response and forensic investigations globally, ran thousands of ethical hacking & application security tests for clients, and conducted bleeding-edge security research to improve Trustwave's products. Before Trustwave, Nick ran the security consulting practices at VeriSign, & Internet Security Systems. In 2004, he drafted an application security framework that became known as the Payment Application Best Practices (PABP). In 2008, this framework was adopted as a global standard called Payment Application Data Security Standard (PA-DSS). As a speaker, he has provided unique insight around security breaches, malware, mobile security and InfoSec trends to public ( OWASP (https://www.owasp.org/) ) & private audiences (Including DHS, US-CERT, Interpol, United States Secret Service) throughout the world. Nick's research has been featured by media including: The Washington Post, eWeek, PC World, CNET, Wired, Network World, Dark Reading, Fox News, USA Today, Forbes, Computerworld, CSO Magazine, CNN, The Times of London, NPR, Gizmodo, Fast Company, Financial Times & The Wall Street Journal. Nick is also the creator of The Cavalry (https://www.iamthecavalry.org/about/overview/) movement. In this interview we discuss his early start with computers, what is a hacker, developing a methodology for penetration testing, how he developed the SpiderLabs name, analytics and automation, when you should evaluate opportunities, moving past the fear of public speaking, his personal "drink-a-different-beer-a-day" contest, research and public disclosure of vulnerabilities, how to secure Internet connected devices, where he recruits talent, and much more. I hope you enjoy this discussion. Please leave your comments below! Where you can find Nick: LinkedIn (https://www.linkedin.com/in/c7five) Twitter (https://twitter.com/c7five) THOTCON (http://thotcon.org/) I am the Cavalry (https://www.iamthecavalry.org/about/overview/)

SegInfocast #40 – Faça o download aqui. (42:56 min, 36 MB) Nesta nova edição do SegInfocast, apresentamos o áudio do Webinar #31 cujo tema foi o gerenciamento de eventos no Windows usando a pilha Elastic. O webinar foi apresentado por Rodrigo Montoro, instrutor da Clavis Segurança da Informação. Qual o objetivo deste novo webinar da Clavis Segurança da Informação? Em um sistema Windows existem milhares de eventos, que são divididos em 9 categorias e mais de 50 sub categorias. Os eventos registram diversas ações, como login/logoff, execução de comandos, modificações de arquivos/registros, filtros de pacotes entre outras. O Windows, por padrão, armazena esses eventos somente por um curto período de tempo (dependendo da configuração), o que dificulta ações complexas de monitoração e forense. No nosso dia a dia, usamos a pilha Elastic e scripts em Python para otimizar a agregação de dados e criação de alertas. Esse processo gera inteligência relevante para uso em análises históricas e telemetria de milhares de eventos diários, ajudando a atuar de forma proativa em caso de ataques. Nesse podcast, Rodrigo Montoro também explicou como configurar a sua política de auditoria no Windows e a pilha Elastic para processar e arquivar todas as informações, compartilhando algumas ideias para análise de dados. Sobre o instrutor Rodrigo Montoro é certificado LPI, RHCE e SnortCP com 15 anos de experiência em Open Source. Atualmente trabalha como pesquisador na Clavis e é sócio da Green Hat Segurança da Informação. Anteriormente trabalhou na Sucuri Security e Spiderlabs. Já palestrou em inúmeros eventos no Brasil (FISL, CONISLI, Latinoware, H2HC, BSides), EUA (Source Boston / Seattle, Toorcon, Bsides Las Vegas) e Canadá (SecTor). Possui 2 patentes na detecção de Malwares (PDF e cabeçalhos HTTP), resultados de suas pesquisas. Fundador e evangelista da comunidade Snort no Brasil desde 2003. Nas horas vagas faz triathlon e corrida em trilhas.

Paulo Sant’anna reencontra o especialista em Segurança da Informação Rodrigo Montoro (@spookerlabs), da área de Pesquisa, Desenvolvimento e Inovação da Clavis, para uma conversa sobre o Octopus. Quais foram as motivações para a criação do Octopus? Rodrigo comenta que uma situação comum em muitas empresas é o orçamento limitado para compra de soluções de segurança, estas com valores altamente elevados. Paralelo aos orçamentos apertados, os produtos de SIEM foram muitas vezes vendidos como “caixas mágicas”, no qual você plugaria ela na sua rede e teria relatórios alertandos para seus problemas de segurança, fraudes e atividades maliciosas, fazendo com que projetos onde foram investidos milhões sem resultado esperado. E para finalizar, sempre temos que pensar que conhecimento e experiência trarão resultados e não o produto em si. Octopus-Clavis-SIEM É mais um produto SIEM tradicional de mercado? O Octopus não é um produto de prateleira tradicional, mas sim uma solução que visa entregar inteligência na correlação de eventos e análise de ameaças. A empresa adquire o expertise da Clavis. A solução utiliza várias ferramentas open-source, como o ELK, tema do SegInfocast #25, o que torna possível até um entusiasta montar um Octopus próprio, se desejar. Quais as funcionalidades? O Octopus é um serviço, totalmente escalável e customizável. Ele também consegue extrair informações de diversas fontes para correlação de eventos sem cobrança adicional de conectores. E os benefícios? Trata-se de um serviço contínuo (24×7) e se beneficia da proteção ativa contra novas ameaças com a combinação de fontes diversas e proporciona aos clientes, visibilidade do ambiente através de dashboards. Se você quer saber mais detalhes sobre a solução, visite o site da Clavis! Rodrigo “Sp0oKeR” Montoro é certificado LPI, RHCE e SnortCP com 15 anos de experiência em Open Source. Atualmente trabalha como pesquisador na Clavis. Anteriormente trabalhou na Sucuri Security e Spiderlabs. Já palestrou em inúmeros eventos no Brasil (FISL, CONISLI, Latinoware, H2HC, BSides), EUA (Source Boston / Seattle, Toorcon, Bsides Las Vegas) e Canadá (SecTor). Possui 2 patentes na detecção de Malwares (PDF e cabeçalhos HTTP), resultados de suas pesquisas. Fundador e evangelista da comunidade Snort no Brasil desde 2003. Nas horas vagas faz triathlon e corrida em trilhas.

Paulo Sant’anna recebe o especialista em Segurança da Informação Rodrigo Montoro (@spookerlabs), da área de Pesquisa, Desenvolvimento e Inovação da Clavis, para bater um papo sobre análise de logs. Problemas no mercado brasileiro ligados à análise de logs O profissional da Clavis fala sobre as dificuldades encontradas no mercado atual como a alta do dólar, orçamentos limitados e falta de conhecimento em relação ao assunto (logs). Conselhos importantes para especialistas da área de TI ou gestores de um negócio Montoro (conhecido como “Sp0oKeR”) oferece dicas de extrema relevância para quem deseja alavancar seus negócios, com gastos enxugados e com melhor eficiência frente a má utilização das ferramentas disponíveis no mercado atual. Parada obrigatória para estudantes Ele ainda, com sua vasta experiência, comenta sobre as ferramentas “open source“, que muitas vezes não são aproveitadas por falta de conhecimento dos profissionais. Utilizando a pilha ELK Nesse podcast conversamos também sobre análise de logs utilizando a pilha ELK (Elasticsearch, Logstash, Kibana), com dicas de como escolher fontes de dados e o funcionamento do ELK. Rodrigo “Sp0oKeR” Montoro é certificado LPI, RHCE e SnortCP com 15 anos de experiência em Open Source. Atualmente trabalha como pesquisador na Clavis. Anteriormente trabalhou na Sucuri Security e Spiderlabs. Já palestrou em inúmeros eventos no Brasil (FISL, CONISLI, Latinoware, H2HC, BSides), EUA (Source Boston / Seattle, Toorcon, Bsides Las Vegas) e Canadá (SecTor). Possui 2 patentes na detecção de Malwares (PDF e cabeçalhos HTTP), resultados de suas pesquisas. Fundador e evangelista da comunidade Snort no Brasil desde 2003. Nas horas vagas faz triathlon e corrida em trilhas.

In this week’s episode: Carder Scams Zerodium and iOS 9 jailbreak So Long, and Thanks for All the Fish! This episode marks the last SpiderLabs Radio podcast so I can focus on other Trustwave projects like our popular SpiderLabs blog. Thanks to all of our loyal listeners and I hope to see you over on the blog!

Two separate SpiderLabs vulnerabilities released: Assi Barak Discovers Magmi Zero Day Asaf Orpani Discovers Critical Joomla SQL injection Also A New IoT Vulnerability In Your Connected Tea Kettle Links mentioned in the show: Assi Barak - Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild Asaf Orpani - Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Corman-Percoco/DEFCON-22-Josh-Corman-Nicholas-Percoco-Cavalry-Year-0-UPDATED.pdf The Cavalry Year[0] & a Path Forward for Public Safety Joshua Corman CTO, SONATYPE Nicholas J Percoco VP STRATEGIC SERVICES, RAPID7 At DEF CON 21, The Cavalry was born. In the face of clear & present threats to "Body, Mind & Soul" it was clear: The Cavalry Isn't Coming... it falls to us... the willing & able... and we have to try to have impact. Over the past year, the initiative reduced its focus and increased its momentum. With a focus on public safety & human life we did our best "Collecting, Connecting, Collaborating" to ensure the safer technology dependence in: Medical, Automotive, Home Electronics & Public Infrastructure. We will update the DEF CON hearts & minds with lessons learned from our workshops & experiments, successes & failures, and momentum in industry and with public policy makers. Year[0] was encouraging. Year[1] will require more structure and transparency if we are to rise to these challenges... As a year of experimentation comes to an end, we will share where we've been, take our licks, and more importantly outline a path forward... Joshua Corman is the Chief Technology Officer for Sonatype. Previously, Corman served as a security researcher and strategist at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. A respected innovator, he co-founded Rugged Software and IamTheCavalry to encourage new security approaches in response to the world’s increasing dependence on digital infrastructure. Josh's unique approach to security in the context of human factors, adversary motivations and social impact has helped position him as one of the most trusted names in security. He is also an adjunct faculty for Carnegie Mellon’s Heinze College, IANS Research, and a Fellow at the Ponemon Institute. Josh received his bachelor's degree in philosophy, graduating summa cum laude, from the University of New Hampshire. Twitter: @joshcorman Nicholas J. Percoco is vice president of strategic services at Rapid7. In his role he leads a team that advises customers on how to mitigate and respond to threats using data driven analysis to empower more relevant, timely, and impactful decisions. Over the past decade, Nicholas has presented security research with a focus on custom malware, mobile devices, and data breach trends to audience all over the world including a Keynote at RSA Conference 2013, TEDx Naperville, and eights previous talks at DEF CON. When he is not on an airplane or working with customers, he enjoys running the THOTCON hacking conference in Chicago, trying new and interesting craft beers, and being a founding member of the Cavarly movement. Prior to Rapid7, he ran SpiderLabs at Trustwave before taking a few months off to explore the Great Pit of Carkoon on Tatooine. Now that he is back on planet Earth, you can find him on Twitter as "c7five". Follow @iamthecavalry on Twitter.

In this episode: Google offering Security Key for 2FA New Microsoft OLE vulnerability Ebola Phishing Campaign   Here are some of the links discussed in this weeks show: SpiderLabs writeup of CVE-2014-4114Microsoft advisory for CVE-2014-6352  

Hello loyal listeners. I just wanted to let you know that this is not the podcast you were looking for. With all of the preparations being done to get ready for BlackHat and DefCon I'm forced to delay the podcast this week. But stay tuned, because with convention season upon us, all the news that researchers have been holding on to all year is starting to see the light of day. I'll be discussing a new PoS malware family dubbed Backoff that my colleagues here at SpiderLabs recently discovered and we'll probably have a couple of surprises up our sleeve then. I'll catch you next week in Vegas, so until then, stay safe! 

In this episode: Tails 1.0 is released Hacker creeps out the world by yelling at a baby through a baby monitor AOL admits that the spoof was really a hack IE & Flash 0 days Plus upgrade XP already Links mentioned in this podcast:https://tails.boum.orghttps://www3.trustwave.com/spiderLabs-advisories.php We'd love to hear what you think or what you'd like to hear in future episodes. Please feel free to leave comments below!

In honor of craziness that is the security week in vegas of Blackhat, BSides and Defcon there will be no news broadcast this week, instead we bring you the soothing sounds of the Defcon 21 Spiderlabs mix as featured during the Spiders R Fun party. See you there.

Barnaby Jack RIP, Apple Dev site rotten to the core, 2M Ubuntus owned, broken SIMs, Paypal youngun's, Touring Not Guilty, Syrian Electronic Army goes mobile, OVH Down, Japan and Poker and malware, Cisco/Sourcefire and the SpiderLabs talk round up.

Tumblr tumbles, Konami follows Nintendo, Guccifer and the Syrian Electronic Army returns, femtocalls still vulnerable, SCADA bug bounty that isn't, Morningstar, Roys of Hawaii, Cedars-Sinai,  India/Pakistan  trading defacements, SpiderLabs in Vegas.

SecuraBit Episode 53:  Thotcon If you think it you will go to Chicago thotcon - http://www.thotcon.org/ Trustwave's Spider Labs - https://www.trustwave.com/spiderLabs.php Chat with us on IRC at   irc.freenode.net #securabit Hosts: Anthony Gartner – @anthonygartner Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Guests: Nick Percoc - Thotcon & Trustwave's Spider Labs Zach Fasel - Thotcon & Trustwave's Spider Labs Links: http://www.thotcon.org/ https://www.trustwave.com/spiderLabs.php SpiderLabs Radio - http://itunes.apple.com/podcast/spiderlabs-radio/id300567984 https://www.trustwave.com/spiderLabs-tools.php lacking Chris Gerling  – @chrisgerling Jason Mueller – @securabit_jay