Slides from the presentation: Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking, delivered by CQURE's CEO Paula Januszkiewicz at RSA Conference 2018 Asia Pacific & Japan.
RSA Conference 2017 session: What System Stores on the Disk Without Telling YouPaula Januszkiewicz
Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be deliberately hidden by malicious software, and it would be great to know what those are!
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating systems and after-attack traces, it is not that bad as all traces are gathered in one place—your infrastructure.
Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed. Extremely technical session!
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
What about places where credentials are stored? The technology weaknesses in credential security and specific misused actions will be demonstrated within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
Designing secure architecture can always be more expensive, time consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Come to the session and learn what mistakes we eliminated when working with our customers.
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
If there is a weakness in your IT security system, wouldn’t it be better to find it before someone else does? As long as we are aware about the value of the resources to be protected, why don’t we put ourselves into the hacker’s role and perform like they do? You will become familiar with the mandatory tasks that are performed by hackers to check for misconfigurations and vulnerabilities.
RSA Conference 2017 session: What System Stores on the Disk Without Telling YouPaula Januszkiewicz
Even though you are the only person using a computer, you are not the only one writing to your disk drive! Surprisingly your disk drive contains a lot of juicy information that can reveal a lot of secrets and history about what you did in the past. There are also places where data can be deliberately hidden by malicious software, and it would be great to know what those are!
RSA 2018: Adventures in the Underland: Techniques against Hackers Evading the...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it’s quite easy to get away with it. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating systems and after-attack traces, it is not that bad as all traces are gathered in one place—your infrastructure.
Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, Paula demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed. Extremely technical session!
[CQURE] Top 10 ways to make hackers excited: All about the shortcuts not worth taking
Designing a secure architecture can always be more expensive, time-consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Learn what mistakes we eliminated when working with our customers.
What about places where credentials are stored? The technology weaknesses in credential security and specific misused actions will be demonstrated within the operating system. You will learn the unexpected places your passwords reside, how the password attacks are performed, the typical paths where credentials can be leaked and how to prevent these by implementing various solutions.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
Designing secure architecture can always be more expensive, time consuming, and complicated. But does it make sense to cut corners when hackers invent new attacks every day? Taking shortcuts will sooner or later translate to more harm and backfire. Come to the session and learn what mistakes we eliminated when working with our customers.
RSA Conference 2017 session: Hacker’s Perspective on Your Windows Infrastruct...Paula Januszkiewicz
If there is a weakness in your IT security system, wouldn’t it be better to find it before someone else does? As long as we are aware about the value of the resources to be protected, why don’t we put ourselves into the hacker’s role and perform like they do? You will become familiar with the mandatory tasks that are performed by hackers to check for misconfigurations and vulnerabilities.
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
Fatal signs: 10 symptoms when you think you’ve been hackedPaula Januszkiewicz
Paula Januszkiewicz shares an indispensable list of checks you can do to find out if you’ve been hacked and shows you where in your system a hacker might leave their fingerprints.
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
In reference to my talk at Ms Ignite: "The hacker playbook: How to think and act like a cybercriminal to reduce risk" I am sharing slides, tools and a brief talk summary. More details you can find here: https://cqureacademy.com/ignite/the-hacker-playbook
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Paula Januszkiewicz
Antivirus is dead-long live the antivirus! In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor the defender can maintain their advantage for very long. But the bad guys don’t exactly take this challenge – they respond with their own bypass ideas. During this session we strive to understand if antivirus is really dead and if it has reached the status where it should not be the only protection used. I demonstrated techniques of bypassing the antivirus mechanisms and show tactics used today by malware that allow it to run and what are the prevention methods to avoid being attacked by the newest innovations.
Dana Baril, Microsoft
Credential theft is an important part of the attacker playbook when attempting lateral movement. This process mostly involves dumping credentials saved locally on the machine. In many cases these passwords can be retrieved from the Windows Credential Manager, allowing attackers an easy path into the organization. This was evident in major attacks such as the NotPetya ransomware, and high-profile tools like Mimikatz.
In this talk, we explain how to detect credential theft out of the Windows Credential Manager using Windows Defender Advanced Threat Protection (WDATP). This involves modifying the Windows operating system to send telemetry to the WDATP cloud which was extended with new detection rules.
Alban Diquet, Data Theorem
Thomas Sileo, Data Theorem
Over the last two years, we've received and analyzed more than three million SSL validation failure reports from more than a thousand of iOS and Android apps available on the Stores, and used all around the world. From mobile banking to music apps, each report was triggered because an unknown or unexpected certificate was being served to the app, preventing it from establishing a secure connection to its server via SSL/TLS.
We've analyzed each of these reports to understand what caused the SSL connection to fail, and then grouped similar failures into various classes of SSL incidents. Throughout this presentation, we will describe the analysis we've made and present our findings.
First, we will provide a high-level overview of where, how, and why SSL incidents are occurring across the world for iOS and Android users, and describe the various classes of incidents we've detected. Some of these types of incidents, such as corporate devices performing traffic inspection, are well-known and understood, although we will provide new insights into how widespread they are.
Then, we will take a closer look at a few notable incidents we detected, which have been caused by unexpected, or even suspicious actors. We will describe our investigations and what we found.
Lastly, we will provide real-world solutions on how to protect apps against traffic interception and attacks, as a mobile developer.
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
Your MongoDB Community Edition database can probably be a lot more secure than it is today, since Community Edition provides a wide range of capabilities for securing your system, and you are probably not using them all. If you are worried about cyber-threats, take action reduce your anxiety!
Roy Levin, Microsoft
Mathias Scherman, Microsoft
Yotam Livny, Microsoft
As a Cloud Security provider, Azure Security Center collect logs from various services, that contain potentially vast security information. However, parsing them to extracting the most information is a hard task.
Artificial Intelligence techniques prove to perform well for such pattern recognition tasks. In this talk, we will present a novel approach leveraging recent advances in Deep Learning to detect malicious IaaS VMs being compromised, using Windows Security Events.
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
Catch the full webinar here: https://www.beyondtrust.com/resources/webinar/eyes-wide-shut-passwords-no-one-watching/?access_code=a4cd9bc071c923daab48132b0bb2e4f3
Check out this presentation from the intensivewebinar of
Paula Januszkiewicz, CEO CQURE, penetration tester and mentor of CQURE Academy. Paula demonstrates common encryption and decryption password in use today, with an eye toward revealing technology holes and weaknesses that put passwords at risk. Paula will also demonstrate how to locate passwords in some unexpected places, and then walk you through mitigation of these risks.
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
Adventures in Underland: Is encryption solid as a rock or a handful of dust?Paula Januszkiewicz
Encryption is based on three principals: algorithm, key length, and storage. It has also become more popular and it is more often built into databases, networks, config files, OS, and users’ secrets. Is DPAPI and DPAPI-NG enough for us? Unfortunately there are many slip-ups that can be made. Come and learn if ‘encrypted’ = or != ‘safe’ and when! Tools included.
Fatal signs: 10 symptoms when you think you’ve been hackedPaula Januszkiewicz
Paula Januszkiewicz shares an indispensable list of checks you can do to find out if you’ve been hacked and shows you where in your system a hacker might leave their fingerprints.
The hacker playbook: How to think and act like a cybercriminal to reduce risk...Paula Januszkiewicz
In reference to my talk at Ms Ignite: "The hacker playbook: How to think and act like a cybercriminal to reduce risk" I am sharing slides, tools and a brief talk summary. More details you can find here: https://cqureacademy.com/ignite/the-hacker-playbook
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Microsoft Ignite session: Look under the hood: bypassing antimalware tactics ...Paula Januszkiewicz
Antivirus is dead-long live the antivirus! In the proverbial cat-and-mouse game of cybersecurity neither the attacker nor the defender can maintain their advantage for very long. But the bad guys don’t exactly take this challenge – they respond with their own bypass ideas. During this session we strive to understand if antivirus is really dead and if it has reached the status where it should not be the only protection used. I demonstrated techniques of bypassing the antivirus mechanisms and show tactics used today by malware that allow it to run and what are the prevention methods to avoid being attacked by the newest innovations.
Dana Baril, Microsoft
Credential theft is an important part of the attacker playbook when attempting lateral movement. This process mostly involves dumping credentials saved locally on the machine. In many cases these passwords can be retrieved from the Windows Credential Manager, allowing attackers an easy path into the organization. This was evident in major attacks such as the NotPetya ransomware, and high-profile tools like Mimikatz.
In this talk, we explain how to detect credential theft out of the Windows Credential Manager using Windows Defender Advanced Threat Protection (WDATP). This involves modifying the Windows operating system to send telemetry to the WDATP cloud which was extended with new detection rules.
Alban Diquet, Data Theorem
Thomas Sileo, Data Theorem
Over the last two years, we've received and analyzed more than three million SSL validation failure reports from more than a thousand of iOS and Android apps available on the Stores, and used all around the world. From mobile banking to music apps, each report was triggered because an unknown or unexpected certificate was being served to the app, preventing it from establishing a secure connection to its server via SSL/TLS.
We've analyzed each of these reports to understand what caused the SSL connection to fail, and then grouped similar failures into various classes of SSL incidents. Throughout this presentation, we will describe the analysis we've made and present our findings.
First, we will provide a high-level overview of where, how, and why SSL incidents are occurring across the world for iOS and Android users, and describe the various classes of incidents we've detected. Some of these types of incidents, such as corporate devices performing traffic inspection, are well-known and understood, although we will provide new insights into how widespread they are.
Then, we will take a closer look at a few notable incidents we detected, which have been caused by unexpected, or even suspicious actors. We will describe our investigations and what we found.
Lastly, we will provide real-world solutions on how to protect apps against traffic interception and attacks, as a mobile developer.
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureMongoDB
Your MongoDB Community Edition database can probably be a lot more secure than it is today, since Community Edition provides a wide range of capabilities for securing your system, and you are probably not using them all. If you are worried about cyber-threats, take action reduce your anxiety!
Roy Levin, Microsoft
Mathias Scherman, Microsoft
Yotam Livny, Microsoft
As a Cloud Security provider, Azure Security Center collect logs from various services, that contain potentially vast security information. However, parsing them to extracting the most information is a hard task.
Artificial Intelligence techniques prove to perform well for such pattern recognition tasks. In this talk, we will present a novel approach leveraging recent advances in Deep Learning to detect malicious IaaS VMs being compromised, using Windows Security Events.
Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?BeyondTrust
Catch the full webinar here: https://www.beyondtrust.com/resources/webinar/eyes-wide-shut-passwords-no-one-watching/?access_code=a4cd9bc071c923daab48132b0bb2e4f3
Check out this presentation from the intensivewebinar of
Paula Januszkiewicz, CEO CQURE, penetration tester and mentor of CQURE Academy. Paula demonstrates common encryption and decryption password in use today, with an eye toward revealing technology holes and weaknesses that put passwords at risk. Paula will also demonstrate how to locate passwords in some unexpected places, and then walk you through mitigation of these risks.
XP Days 2019: First secret delivery for modern cloud-native applicationsVlad Fedosov
In this talk we’ll see how Authentication and Secrets delivery work in distributed containerized applications from the inside. We’ll start from the theory of security and will go through the topics like Container Auth Role, Static & Dynamic secrets, Env vars/volumes for secret delivery, Vault & K8S secrets. After this talk you’ll get an understanding how to securely deploy your containerized workloads.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
Drupal 8 stands out as the most secure Content Management System (CMS) which comes bundled with a plenitude of advantages over other leading content management frameworks
Adversary Emulation is a type of Red Team Exercise where the Red Team emulates how an adversary operates, following the same tactics, techniques, and procedures (TTPs), with a specific objective (similar to those of realistic threats or adversaries). Adversary emulations are performed using a structured approach, which can be based on a kill chain or attack flow. Methodologies and Frameworks for Adversary Emulations are covered. Adversary Emulations are end-to-end attacks against a target organization to obtain a holistic view of the organization’s preparedness for a real, sophisticated attack.
I got 99 trends and a # is all of them or How we found over 100 200+ RCE vulnerabilities in Trend Micro software.
Presentation released at Hack In The Box 2017 Amsterdam, by Roberto Suggi Liverani @malerisch and Steven Seeley @steventseeley.
For more information, please visit: http://blog.malerisch.net or http://srcincite.io
The Supporting Role of Antivirus Evasion while PersistingCTruncer
This talk goes over different techniques to evade detection by antivirus programs, talks about how Veil-Evasion evades the programs, and shows an AV signature bypass. It also then documents a large number of techniques on how actors can persist in networks.
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
Malicious PowerShell scripts are on the rise, as attackers are using the framework’s flexibility to download their payloads, traverse through a compromised network, and carry out reconnaissance. Symantec analyzed PowerShell malware samples to find out how much of a danger they posed.
Further reading:
PowerShell threats surge: 95.4 percent of analyzed scripts were malicious (https://www.symantec.com/connect/blogs/powershell-threats-surge-954-percent-analyzed-scripts-were-malicious)
The increased use of PowerShell in attacks (https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/increased-use-of-powershell-in-attacks-16-en.pdf)
You may be compliant, but are you really secure?Thomas Burg
Presented by Greg Swedosh from Knightcraft Technology (www.knightcraft.com) at NonStop Bootcamp 2014.
This presentation explains why being PCI compliant does *not* equal being secure. While this is a general statement, the presentation does focus on the HP NonStop platform.
Excerpt from a summary slide:
Without a strong commitment to security by the executive team, being compliant only provides a false sense of security.
It often just becomes about ticking boxes and “filling gaps”.
Where there is no serious commitment to security, an organization will always be significantly more vulnerable.
Synopsis:
The Internal Penetration Test: The Hitchhackers Guide to Discovering Sensitive Information is my research as a Penetration Tester looking at tactics, techniques, and procedures (TTPs) to get at how threat actors (criminals) discover sensitive data post exploitation.
The presentation is designed to encourage security professionals to discover where sensitive data resides within their organization to prevent potential information security incidents and continue to develop a culture of security awareness.
Join Darin Fredde as he presents his talk "Internal Penetration Test: Hitchhacker's Guide to Discovering Sensitive Information". Darin gets to the heart of what is most important in penetration tests, sensitive information. Too often the deliverables on a pentest are running scanners, performing exploits, and providing findings in a report.
Penetration testers sometime focus on getting a reverse shell, privilege escalation, or, single-purpose objectives to gain domain admin. The best tactic for protecting sensitive data is by testing threat actors’ ability to locate and exfiltration data. Therefore, an organization must consider a capability driven security assessment or penetration tests which the focus is on what cybercriminals want most your non-public information.
Reference:
So, How Secure Is Your Sensitive Data in SharePoint? | The .... https://thecybersecurityplace.com/secure-sensitive-data-sharepoint/
Purple Teaming With Adversary Emulation.pdfprithaaash
Adversary emulation involves leveraging your Red Teams to use real-world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritising your security investments towards mitigating any shortcoming that may be observed using this approach.
Security engineering 101 when good design & security work togetherWendy Knox Everette
Security concerns are often dealt with as an afterthought—the focus is on building a product, and then security features or compensating controls are thrown in after the product is nearly ready to launch. Why do so many development teams take this approach? For one, they may not have an application security team to advise them. Or the security team may be seen as a roadblock, insisting on things that make the product less user friendly, or in tension with performance goals or other business demands. But security doesn’t need to be a bolt-on in your software process; good design principles should go hand in hand with a strong security stance. What does your engineering team need to know to begin designing safer, more robust software from the get-go?
Drawing on experience working in application security with companies of various sizes and maturity levels, Wendy Knox Everette focuses on several core principles and provides some resources for you to do more of a deep dive into various topics. Wendy begins by walking you through the design phase, covering the concerns you should pay attention to when you’re beginning work on a new feature or system: encapsulation, access control, building for observability, and preventing LangSec-style parsing issues. This is also the best place to perform an initial threat model, which sounds like a big scary undertaking but is really just looking at the moving pieces of this application and thinking about who might use them in unexpected ways, and why.
She then turns to security during the development phase. At this point, the focus is on enforcing secure defaults, using standard encryption libraries, protecting from malicious injection, insecure deserialization, and other common security issues. You’ll learn what secure configurations to enable, what monitoring and alerting to put in place, how to test your code, and how to update your application, especially any third-party dependencies.
Now that the software is being used by customers, are you done? Not really. It’s important to incorporate information about how customers interact as well as any security incidents back into your design considerations for the next version. This is the time to dust off the initial threat model and update it, incorporating everything you learned along the way.
Building your macOS Baseline Requirements MacadUK 2018Henry Stamerjohann
Slides from 2018 MacAD.UK confernce
Synopsis: https://www.macad.uk/speaker/henry-stamerjohann/
When tasked with (re)building a security baseline for macOS clients, where do you start?
There’s obviously decisions to be made about what’s feasible in your organization (beyond if admin privileges should be the default). You need to weigh system stability and security with end-user productivity. Luckily for the macOS platform a rich ecosystem of tools exist to fill in the gaps and general guidance is available. The crucial part of making mindful and informed decisions is to first aggregate data from your IT environment. You can then decide what configurations to deploy and run recurring compliance checks based on an appropriate strategy. This session will cover fundamentals, highlight advanced considerations, and outline practical examples to apply when you’re conducting a (new) baseline for macOS clients.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Top 10 Ways To Make Hackers Excited: All About The Shortcuts Not Worth Taking
1. SESSION ID:
#RSAC
Paula Januszkiewicz
TOP 10 WAYS TO MAKE HACKERS EXCITED:
ALL ABOUT THE SHORTCUTS NOT WORTH
TAKING
CQURE: CEO, Penetration Tester / Security Expert
CQURE Academy: Trainer
MVP: Enterprise Security, MCT
Microsoft Regional Director
Contact: paula@cqure.us | http://cqure.us
4. #RSAC
http://cqure.pl/
1st Way: Disabling firewall
4
Key learning points:
✓ Windows Firewall is often misconfigured
✓ Firewall is a great segmentation tool
✓ You can allow only certain processes to communicate
with the Internet or locally
✓ No need to know processes to block them, you can
operate on the services list
In Windows Firewall there are couple of things missing:
x Filtering by the group of computers
x Detailed logging for network traffic
x Expandability – there are not many options
x No correlation in between process and network traffic
– whose role is this?
6. #RSAC
http://cqure.pl/
2nd Way: Overly simple passwords and
security questions
6
Key learning points:
✓ Almost always there are passwords reused
✓ Almost always (ekhm… always) there is some variant of
company name and some number (year, month etc.)
✓ It makes sense to check for obvious passwords and
continuously deliver security awareness campaigns
Typical password locations
NTDS.dit, SAM
Configuration files
Registry
Memory dumps, Hiberfil.sys
Databases (DPAPI ?)
10. #RSAC
http://cqure.pl/
4th Way: Lack of SMB Signing (or alternative)
10
Key learning points:
✓ Set SPNs for services to avoid NTLM:
SetSPN –L <your service account for
AGPM/SQL/Exch/Custom>
SetSPN –A Servicename/FQDN of hostname/FQDN of
domain domainserviceaccount
✓ Reconsider using Kerberos authentication all over
https://technet.microsoft.com/en-us/library/jj865668.aspx
✓ Require SPN target name validation
Microsoft network server: Server SPN target name validation
level
✓ Reconsider turning on SMB Signing
✓ Reconsider port filtering
✓ Reconsider code execution prevention but do not forget
that this attack leverages administrative accounts
12. #RSAC
http://cqure.pl/
5th Way: Allowing unusual code execution
12
Key learning points:
Common file formats containing malware are:
✓ .exe (Executables, GUI, CUI, and all variants like SCR, CPL etc)
✓ .dll (Dynamic Link Libraries)
✓ .vbs (Script files like JS, JSE, VBS, VBE, PS1, PS2, CHM, BAT, COM, CMD etc)
✓ .docm, .xlsm etc. (Office Macro files)
✓ .other (LNK, PDF, PIF, etc.)
If SafeDllSearchMode is enabled, the search order is as follows:
1. The directory from which the application loaded
2. The system directory
3. The 16-bit system directory
4. The Windows directory
5. The current directory
6. The directories that are listed in the PATH environment variable
14. #RSAC
http://cqure.pl/
6th Way: No whitelisting on board
14
Key learning points:
✓ Code execution prevention implementation is a must
✓ PowerShell is an ultimate hacking tool, possible solutions:
block it for users, use Just Enough Administration etc.
✓ Verify where users have write access to: accesschk.exe –w
.users c:windows
✓ AppLocker can run in the audit mode
x AppLocker is great but not with the default configuration
Machine learning for threat protection:
✓ Modern solutions are capable of machine learning but it
takes time
✓ Modern solutions are quire easy to implement bur require a
lot of understanding of what do they actually do – your call
18. #RSAC
http://cqure.pl/
8th Way: Trusting solutions without knowing
how to break them
18
Key learning points:
✓ The best operators won't use a component until they
know how it breaks.
✓ Almost each solution has some ‘backdoor weakness’
✓ Some antivirus solutions can be stopped by SDDL
modification for their services
✓ Configuration can be monitored by Desired State
Configuration (DSC)
✓ DSC if not configured properly will not be able to spot
internal service configuration changes
Example: how to I get to the password management portal?
20. #RSAC
http://cqure.pl/
9th Way: Misusing service accounts +
privileged accounts
20
Key learning points:
✓ gMSA can also be used for the attack
✓ Service accounts’ passwords are in the registry, available
online and offline
✓ A privileged user is someone who has administrative
access to critical systems
✓ Privileged users have sometimes more access than we
think (see: SeBackupRead privilege or SeDebugPrivilege)
✓ Privileged users have possibility to read SYSTEM and
SECURITY hives from the registry
Warning! Enabling Credential Guard blocks:
x Kerberos DES encryption support
x Kerberos unconstrained delegation
x Extracting the Kerberos TGT
x NTLMv1
22. #RSAC
http://cqure.pl/
10th Way: Falling for hipster tools
22
Key learning points:
✓ Worldwide spending on information security is expected
to reach $90 billion in 2017, an increase of 7.6 percent
over 2016, and to top $113 billion by 2020, according to
advisory firm Gartner
✓ With increasing budget the risk of possessing hipster
tools increases too – do we know where these tools
come from and what are their security practices?
✓ Lots of solutions where not created according to the
good security practices (backup software running as
Domain Admin etc.)
✓ Each app running in the user’s context has access to
secrets of other apps – Data Protection API
✓ Case of CCleaner
24. #RSAC
http://cqure.pl/
Summary: 10 ways to make hackers happy
Short term
Isolate infrastructure components so that in case of attack they
prevent spreading
Engage with the network security guys
Review servers’ and workstations’ configuration periodically
Medium term
Put on the Hacker’s Shoes
External + Internal + Web Penetration tests
Configuration reviews
Long term
Prevention and Vulnerability Management
Start implementing the monitoring and execution prevention
24