Surviving Denial of Service Attacks [MP4] [0:04:01] [2017/06/07]How I spent my Valentines Day: Alcatraz Island. How one criminal gang spent their Valentines Day: 275 Gbps DDoS attack over 21 hours. Ouch! Here's what to do if it happens to you.
Reduce Data, Reduce Criminal Return [MP4] [0:03:38] [2017/06/07]What's in it for the financially motivated criminal hackers? Money. Can we reduce the money, their reward, their return? Some thoughts on making our organizations less of a target.
How to tie Strategy to Tactics [MP4] [0:04:52] [2017/06/07]So we did an analysis. Now it is time to report. Here's how to roll up findings into themes. And here's how to drill down from themes to specifics.
Role-based Authentication in Windows [MP4] [0:04:07] [2017/06/07]Starting with AGUDLP (account, global, universal, domain local, permission) and then moving up to change management and change detection, let's look at Windows file share permissions.
Samba CVE-2017-7494 [MP4] [0:03:14] [2017/06/07]The recent vulnerability in Samba (CIFS/SMB for Linux) and what it means for HD Moore's law and the Open Source "Many Eyeballs" rule.
Tips for Incrementing Programs [MP4] [0:03:49] [2017/06/07]Never underestimate the power of incremental improvements over iterative practices. Do the thing. Do it repeatedly. Make small improvements. And use these tips to mold the security program around the…
Incident Response on a Budget,[MP4] [0:04:47] [2017/06/07]Spinning up a full IR program is time consuming and expensive. Here's how to build a minimum viable program, dedicating 10-15 days a year.
HIPAA and CIS Critical Security [MP4] [0:03:48] [2017/06/07]The first and second CIS Critical Security Controls are knowing what hardware and software we're running. Here's a story about a firm that didn't and now isn't.
Detect, Prevent, Respond, Deceive [MP4] [0:04:26] [2017/06/07]Hacker controls? Prevention and deception get all the buzz. Here's how and why to start with detection and work our way up.
Handbrake Malware [MP4] [0:03:03] [2017/06/07]One of the mirrored download sites for Handbrake was compromised, and the update ended up distributing Proton malware. Here's a couple tips on how to avoid falling for this kind of attack.
Creating Threat Flows [MP4] [0:04:02] [2017/05/21]Communication must be clear. For example, don't say a couple minutes when it's four. Or don't say stuck in traffic when in a hotel room. Things like that. And use techniques to simplify…
Training for Culture Change [MP4] [0:04:01] [2017/05/19]Let's re-envision the standard 40-hour classroom training. If we were to take the same material, leveraging what we know about human attention and memory, how could we deliver it to maximize the…
The Hacker Hero and The Killswitch [MP4] [0:04:58] [2017/05/19]The flash ransom WannaCry crippled a quarter million computers. It could have been much worse. Some 20 million Windows XP computers are still in use. So why wasn't WannaCry worse? Here's the story, a…
Why we can't patch WannaCry[MP4] [0:04:34] [2017/05/16]When the flash ransom hit on May 12, 2017, many said "just patch." But we have old equipment. "Just upgrade," they said. Sure. Maybe. But have you seen the IT that powers our…
WannaCry Ransomware Attacks [MP4] [0:05:22] [2017/05/16]A quarter of a million computers were flash ransomed last Friday, May 12, 2017. It's the WannaCry malware (or WannaCrypt, or WanaCrypt0r, or Wanna Decryptor) and it's now so infamous it already has…
EvilGrade [MP4] [0:03:27] [2017/05/16]Hijack the software update process to install malware? Well. That's plain evil.
Penetration Testing Attack Scenarios [MP4] [0:03:34] [2017/05/16]Thoughts on FedRAMP and the requirements around testing specific attack scenarios.
Google Docs Phishing [MP4] [0:03:41] [2017/05/16]Phishing for app tokens? Sure, why not. The recent Google Docs phishing campaign may be the harbinger of things to come
Drone Hacking with DBPOWER U818A [MP4] [0:03:46] [2017/05/08]Few things feel quite as cyberpunk as hacking drones and flying robots. So I was excited when a security warning was posted about the DBPOWER U818A WIFI drone. Turns out, this offers us a good lesson…
CyberSecurity Insurance Coverage[MP4] [0:03:24] [2017/05/07]A few things to consider when selecting a CyberSecurity insurance policy.
Kali Linux 2017.1 Released [MP4] [0:04:32] [2017/05/04]The new version of Kali is out, with a few new enhancements including AWS and Azure instances. This begs the question: are we securing our red team tools? Couple stories today about the red team being…
Hacking and Protecting DMZ's [MP4] [0:05:07] [2017/05/04]DMZs, demilitarized zones, screened subnets, bastions networks, whatever you call it. We have two firewalls, one Internet facing and the other internal facing. How do hackers bypass this secure setup?
Compromised Outsourced IT Providers [MP4] [0:03:58] [2017/05/04]US-CERT released an alert on an ongoing attack with roots as far back as May 2016. With a command-and-control shared with Stone Panda and a backdoor malware called RedLeaves, the attack was on a…
SOC L1, L2 Engagement [MP4] [0:03:11] [2017/05/04]Designing level 1 and level 2 position for employee engagement in the security operations center.
Cloud Asset Inventory [MP4] [0:04:17] [2017/05/04]Security begins with an inventory. Our organization uses a thousand cloud apps. Our CIO thinks we use fifty. So that's a thing.
Adding a Tool Always Finds Risk [MP4] [0:03:25] [2017/05/04]Suppose we engage a vendor in a proof of concept. It's for anti-spam, perhaps, or for intrusion detection. We put it in-line with our existing solution. And, shock! It finds something risky. Always.…
Expense in Depth [MP4] [0:03:15] [2017/05/04]Take two of everything. But still. The criminals break in. Why? Because defense in depth isn't geared towards the criminal's objectives and tactics.
Phishing with Delta Receipts [MP4] [0:03:43] [2017/05/04]A case study in phishing, using fake emails from Delta, fake receipts in Word documents with Macros, PowerShell exploits, and keylogging money-stealing malware.
Using What's Available [MP4] [0:02:58] [2017/05/04]Paintball without bullets is a lot like securing IT without products. There's things we can do to succeed.
Securing the Sphere of Influence [MP4] [0:04:49] [2017/04/20]Securing the Sphere of Influence
Defining Logging Requirements [MP4] [0:03:44] [2017/04/20]When and how to define security requirements for logging.
Use Case for Monitoring Email Access [MP4] [0:05:11] [2017/04/20]The Columbia Sportswear security incident surprises hackers and hikers alike. Today, we'll talk thru the attack path. Monitoring and alerting on non-owner mailbox access, the way to detect this…
Auditing Ephemeral Cloud Services [MP4] [0:03:42] [2017/04/12]If a cloud service is spun up and pulled down before an annual audit, does it make a sound? Today, time of check and time of use in the age of ephemeral services.
Defining Web App Security [MP4] [0:03:23] [2017/04/12]There are three ways to slice and dice and define security for web apps. Wait. I mean four. There are four ways. Maybe more. But let's start here.
602 Steps [MP4] [0:03:41] [2017/04/12]The Appalachian Trail begins with an approach that includes six flights of stairs up the largest US waterfall east of the Mississippi. 602 steps. If you can't climb it, you're not ready for the Trail.…
Growth Hacking Hackers [MP4] [0:04:02] [2017/04/07]The things we can learn from martial arts and dance lessons, for growing the next generation of hackers
Digital Rights Management [MP4] [0:03:12] [2017/04/07]The overlap of Digital Rights Management (DRM) and file-level encryption, explored.
Removing Security Controls [MP4] [0:03:53] [2017/04/07]Are our security controls still valid? Do they still work for the current threats? And if not, why are we still maintaining them!?
Runbooks[MP4] [0:03:41] [2017/04/07]Three reasons runbooks help senior people, junior people, and our overall security program
Actionable Threat Intelligence [MP4] [0:02:51] [2017/04/07]Intelligent threat intelligence for actionable actions. Or something.
Docs.com and Encryption [MP4] [0:03:53] [2017/04/07]Microsoft Docs.com ends up leaking sensitive information: social security numbers, court documents, passwords in spreadsheets. One suggestion? File-level encryption.
Phishing and Outlook Rules [MP4] [0:04:17] [2017/04/07]Criminals are using Outlook rules to create email box proxies, effectively gaining persistence and stealth. Here's how.
Unpatchables [MP4] [0:03:28] [2017/04/07]Hard to patch software, hard to use patch management, and the use of Freecell as a detective control.
Security Tools Exploited [MP4] [0:04:29] [2017/04/07]At the same time frame, password managers and anti-malware tools get exploited. New vulnerabilities leads to the old question: is it worth running security tools?
Fuzzing REST Web Services [MP4] [0:04:15] [2017/04/07]Performing Web application security scans on REST APIs? It takes Swagger.
Proxied Access [MP4] [0:04:48] [2017/03/24]Suppose I have a multi-tenant cloud application. Suppose you are one of my users. Suppose I need to login as you for support. What are some ways I can setup security so you know I'm me?
Securing SOAP and REST[MP4] [0:05:58] [2017/03/24]A quick run down of security options for SOAP and REST Web services and APIs.
Commodity versus Core[MP4] [0:04:06] [2017/03/22]When it comes to IT security, what tasks are core versus what are commodity? It depends.
Phishing with Beef[MP4] [0:04:29] [2017/03/22]How we steal credentials to Windows, Facebook, and LinkedIn using Beef, rules, and Pretty Theft.
Disaster Recovery, Disaster Security [MP4] [0:03:23] [2017/03/22]What happens when BCP/DRP budgets mean limited security controls? Well. Nothing good.
White Rhino[MP4] [0:03:54] [2017/03/22]A white rhino was poached from a Paris wildlife reserve. The reason shines a light on an oft overlooked aspect of risk management: criminal motivation.
Baking and Bolting[MP4] [0:03:53] [2017/03/22]Pros and cons of baking in security and bolting on security.
Deep and Shallow[MP4] [0:04:12] [2017/03/22]You're relying on "deep knowledge of all of your systems and their exposure"? You've already lost. Don't be Sisyphus.
Confide and Encrypt[MP4] [0:04:04] [2017/03/10]IO Active found vulnerabilities in Confide's secure messaging. Here's what we can learn about how encryption gets broken, by looking at Confide.
Logging Considerations[MP4] [0:04:04] [2017/03/10]Flow like the water. Log like the breeze.
Limiting SQL Injection [MP4] [0:04:15] [2017/03/09]Limiting SQL Injection attacks using stored procedures and application database IDs.
Phishing Effectiveness [MP4] [0:04:30] [2017/03/09]Measuring the effectiveness of phishing exercises. If people are our human intrusion detection system, where do we measure the effectiveness?
Secure Coding Guidelines [MP4] [0:04:18] [2017/03/04]The how and the why of creating documented guidelines for secure code.
Forging Cookies [MP4] [0:04:06] [2017/03/04]When leaked source code plus authentication flaws combines with cookie and user-agent forging, back things happen. Like, billions of user accounts stolen.
Clouds Break [MP4] [0:03:58] [2017/03/04]The outage at Amazon S3 illustrates the need for utility computing recovery and continuity strategies.
Software Ecosystem [MP4] [0:04:53] [2017/03/04]The effects of vendor risk management and security by spreadsheet on the software development ecosystem.
SHA-1 Shattering Code Repos [MP4] [0:04:19] [2017/03/04]Git and Svn both use SHA-1 for identifying submissions to source code repositories. But SHA-1 was shattered. So now what?
Put in a Ticket [MP4] [0:04:02] [2017/03/04]Did I do the thing? "Sure." Did I put in a ticket demonstrating we did the thing? "Well..." Today, ways to automate and streamline ticket tracking for compliance.
Sha1 Breaks [MP4] [0:04:18] [2017/02/24]MD5 was broken with a stack of Playstations. SHA1 was broken with a cluster of Amazon EC2 instances. Doesn't seem as much fun, right? But either way, it's time to update our encryption settings.
Spreadsheet Airtraffic Control [MP4] [0:03:46] [2017/02/24]A breach at Boeing was caused by one spreadsheet emailed, exposing some 36 thousand employees to identity theft. Here are a few controls that could have prevented this scenario.
Bugging Word Documents [MP4] [0:03:19] [2017/02/22]Assuming some employee does copy thousands of documents, how would you know? One way is to plant a document with a Web bug that alerts you when it's opened. Hello, roll-your-own honey token.
Lady Gaga, Ticketmaster, and CrowdSurge [MP4] [0:03:13] [2017/02/22]A Ticketmaster executive reportedly left CrowdSurge with his network credentials and 85,000 documents. Reportedly. The executive then accessed CrowdSurge's computers for trade secrets. Reportedly. A…
Protecting Mobile Apps (Cars) [MP4] [0:05:10] [2017/02/22]Whenever new news comes out, it's imperative to analyze the actual attack vector and, if it's applicable to our environment, threat model. This analysis is the first step in avoiding hype and FUD. For…
Threat is the new Risk [MP4] [0:03:57] [2017/02/22]"Threat is the new Risk." Or, not. Back to basics in this morning's video.
File Server Resource Manager [MP4] [0:03:28] [2017/02/22]The use of FSRM on Windows for File Screening Management, and what that means for attacks like ransomware.
Attacker Slowdowns [MP4] [0:03:04] [2017/02/14]What the Jolly Roger Telephone Company and the LaBrea honeypot can teach us about designing security controls.
Protecting Public Access Computers [MP4] [0:03:24] [2017/02/10]"If a bad guy has unrestricted physical access to your computer, it's not your computer anymore." It's an immutable law of security. The defensive trick is in the word is…
Cheating, aka, Testing Beyond Controls [MP4] [0:03:51] [2017/02/08]Weakening one control in a penetration test so that we can evaluate the redundancy of controls along the attack path.
Baselining Configurations [MP4] [0:04:06] [2017/02/08]Firewalls, routers, and switches. Oh my! Adding some automation to baselining.
Physical Security is a Thing [MP4] [0:02:06] [2017/02/05]So, my computer was locked and my office was locked. Was.
Frequently asked Questions [MP4] [0:04:02] [2017/02/05]Couple questions and answers on how to build a security program and on what products to use. Spoiler alert: I don't recommend what products you should buy.
Out-of-Band Web Attacks [MP4] [0:04:21] [2017/02/05]A brief overview of out-of-band attacks that target and comprise Web systems administrators.
Automating PCI DSS Checks [MP4] [0:03:54] [2017/02/05]A good security program blends people and machines. And machines are faster than people, at least at auditing settings.
Certificate Management at Scale [MP4] [0:04:51] [2017/01/26]"Why don't these companies update their certificates?" The young tech wizard asked. "It's just click, click, next." Well, there is just a bit more to it.
Hack Back Fail [MP4] [0:04:48] [2017/01/25]Hacking back rarely goes well. Here's a historical anecdote from back in the day, when Recourse Mantrap and Manhunt were a thing.
The Human Animal [MP4] [0:03:44] [2017/01/25]A good cyber security leader builds intuition within his team and organization by taming, rather than fighting, the human animal.
Procurement and SaaS on SaaS [MP4] [0:03:54] [2017/01/23]Vendor risk management goes up in importance as more business units use Software-as-a-Service. But there's a problem. We're really slow at vendor risk management.
Social engineering family trees [MP4] [0:03:50] [2017/01/23]Family ancestry websites, like www.FamilyTreenow.com, provide a wealth of social engineering information. Pair that with password reset questions and, as today's story will tell, things get a little…
YARA Rules [MP4] [0:02:57] [2017/01/23]A quick introduction to malware hunting with YARA rules.
Security Flaws Reported to Customer Service [MP4] [0:04:14] [2017/01/23]Two stories of researchers reporting security vulnerabilities and getting stuck in help desk hell. It begs the question: are we monitoring our customer service queue for vulns?
Hashing Fast and Fuzzy [MP4] [0:02:53] [2017/01/23]MD5 hashing, due to the avalanche effect, is a really easy detective control to bypass. (Other algorithms exist, like ssdeep, that are a bit harder but not widely used.) So, then, why don't many…
Grizzly Steppe [MP4] [0:05:08] [2017/01/23]An overview of the malicious activity seen taken against critical infrastructure in the US.
Business Continuity and Disaster Recovery [MP4] [0:03:48] [2017/01/23]Business continuity is strategy. Disaster recovery is tactics. And it is snowing in Detroit.
Mentoring up the Team [MP4] [0:03:25] [2017/01/09]Structuring work for junior and mid level folks so that they can grow and develop as professionals.
Not-so-Cloudy Controls [MP4] [0:03:31] [2017/01/05]A summary of AWS controls around security groups and the thinking behind redundant controls for state and activity.
Hyped Attacks [MP4] [0:04:45] [2017/01/05]Sussing out the recent attack widely trumpeted by the media as Russians hacking the US power grid. Spoiler alert: it wasn't.
Security Questions [MP4] [0:02:57] [2016/12/25]Building a password reset function? Skip the security questions. Implement 2FA with phones. Here's why
Challenging Assumptions [MP4] [0:04:28] [2016/12/25]The assumption that we're vulnerable is just as dangerous as the assumption that no one wants to hack us.
Rogue One and InfoSec, Part 2 [MP4] [0:05:18] [2016/12/25]Episode 2: Defending the Empire. If Star Wars: A New Hope is a parable of incident management, as Kellman Meghu demonstrated, then Star Wars: Rogue One is a lesson in a security breach. But, hey, it…
Rogue One and InfoSec, Part 1[MP4] [0:05:29] [2016/12/25]If Star Wars: A New Hope is a parable of incident management, as Kellman Meghu demonstrated, then Star Wars: Rogue One is a lesson in a security breach. Here's what the Empire missed.
What could possibly go wrong?[MP4] [0:03:30] [2016/12/25]A finding is just a finding. But a finding that enables a realistic threat? Now there's something to care about.
SQL Injection and WaitFor [MP4] [0:03:26] [2016/12/15]An example in threat modeling and creating controls for a specific tactic attackers use to break into Websites.
Pyramid Schemes[MP4] [0:03:58] [2016/12/14]New ransomware learns old tricks, exploiting trust.
Snow Day[MP4] [0:03:44] [2016/12/13]Whether you're pushing a car out of a snow bank or stopping a security breach, there are two things to always keep in mind.
Steganography and Malware[MP4] [0:03:04] [2016/12/13]Dissecting the Stegano malware that used ad networks and steganographic images to infect unpatched Internet Explorer browsers.
Distributed Brute Forcing [MP4] [0:03:04] [2016/12/13]Guessing passwords and credit card numbers without being detected by spreading out the attempts.
User Agent Strings[MP4] [0:03:15] [2016/12/13]Web attack tools well known user agent strings. And attackers don't always change them. Might be a good idea to monitor the logs for these strings.
Like Pulling Teeth [MP4] [0:03:05] [2016/12/13]Preparing for an security audit by preparing for what comes after.
The Little Train that Couldn't[MP4] [0:04:03] [2016/12/13]How did the San Francisco Metropolitan Transit Agency get held up for ransom? Same old story, just in time for 2017 predictions.
Composable Infrastructure[MP4] [0:05:05] [2016/12/13]When we build something new, we should utilize new ways of protecting the new thing. Sadly, this isn't the case with "Composable Infrastructure."
Dependencies[MP4] [0:02:39] [2016/12/13]If your control for ransomware is backups, what dependencies does your backups have?
Controls for Rogue SVGs [MP4] [0:04:25] [2016/12/13]Creating an attack path for criminals distributing malware over FaceBook with SVGs, and assigning controls along the path.
Roadmaps and Backlogs[MP4] [0:04:01] [2016/12/13]After the security gap assessment, there's a backlog of items to fix and improve. These all go on the roadmap. However, we need to think of the roadmap as a flexible document that's updated as our…
Delivering Malware via SVG [MP4] [0:04:44] [2016/12/13]Website whitelisting is a great control. But it means the attacker will move to Websites on the list, like Facebook. Add to that, using SVG images to deliver malware. Suddenly, we have a failure in…
Email Attachments [MP4] [0:04:22] [2016/11/23]We've come a long way since the days of dial-up email, like Juno. Email is now equally a vector for communications and accidental disclosures. Here are some ways to add protections.
Resetting Passwords and Bypassing Encryption in Linux [MP4] [0:04:51] [2016/11/23]Linux is broken. Everyone panic! Or, not. Two stories, two security principles, and a gentle reminder for risk management, in today's video.
Breaches that Aren't [MP4] [0:03:11] [2016/11/22]Today, we look at the impact of things that didn't actually happen. Just because it was not a breach, doesn't mean there was not an impact.
Threshold Model of Collective Behavior[MP4] [0:04:05] [2016/11/22]Applying the threshold model of collective behavior to security culture. It can be hard to get a large group of people to change. An easier starting point is to change the first couple people.
Product Graveyard [MP4] [0:04:02] [2016/11/22]There are four phases in a project destined for the product graveyard. If we recognize this, the life we save just might be our own security product.
Enumerating Bad Guys [MP4] [0:04:20] [2016/11/22]Know the bad guys: Dracula, the Mummy, the Invisible Man. Wait. Back up and start over. Script kiddies, insider threats, hackivists, organized crime, and nation states.
Mirai Honeybot or MTPot [MP4] [0:04:28] [2016/11/22]Sometimes honeypots are corporate ready. Other times, honeypots are just for fun. We'll talk through what's what and introduce MTPot, the honeypot for the Mirai botnet.
Ransomware, Past and Future [MP4] [0:04:44] [2016/11/22]Predicting the future of ransomware by looking at its past. History and sociology is a way to evaluate our security controls.
Informed Decisions [MP4] [0:03:47] [2016/11/22]Stephen Covey has the circles of concern and circles of influence. Daniel Kahneman has fast and slow thinking. And I have a headache from staying up too late watching the election results. Today,…
Assessing Cloud Apps [MP4] [0:04:51] [2016/11/22]When most of our apps are in the cloud, we can't do penetration testing. I mean, we could. But it would violate the Software-as-a-Service terms of service at a minimum. We need to turn to vendor risk…
Detecting the Undetectable [MP4] [0:04:15] [2016/11/22]At Black Hat Europe, researchers announced an undetectable rootkit for PLCs (Programmable Logic Controllers). You should read up on it. But this morning's thoughts isn't on that. It's on how to detect…
Open Redirects and DDoS [MP4] [0:04:17] [2016/11/22]Today's denial of service attacks are multi-vector. And so while Miria is getting all the attention, it's important to consider the plan Bs and plan Cs for DDoS. Take, for example, open redirects in…
Bypassing Outlook's Two-Factor Authentication[MP4] [0:04:13] [2016/11/04]Microsoft Exchange and Outlook Web Access feature two-factor authentication. A password. A token. But turns out, the Web Services doesn't. And this means we can bypass 2FA. Here's the attack and…
Percentage of Revenue[MP4] [0:04:21] [2016/11/04]Rand releases a study: Examining the costs and causes of cyber incidents. It estimates the impact of security incidents as a percentage of an organization's revenue. Some thoughts.
Tactics, Strategy, Culture[MP4] [0:04:24] [2016/11/04]"Culture eats strategy for breakfast," Peter Drucker once opined. In this video, I said "lunch". We all know yogurt is what you eat for breakfast. Anyways, let's cover the line…
Insider Threat[MP4] [0:04:11] [2016/11/04]The insider threat: employees who maliciously or accidentally open the organization up to security breaches. Here's how to communicate, detect, and prevent insider threat. It's all about being aware…
Bleeding Data[MP4] [0:01:56] [2016/11/04]What happens when data bleeds out from databases? Sensitive data gets stores in clear text. Now toss in insecure backups. The result? Well, as the Red Cross can tell you, significant data breaches.
Step Up [MP4] [0:03:08] [2016/10/28]No, not dancing. Today, we look at step up authentication design patterns.
Amnesty International Ranks Messaging Encryption[MP4] [0:02:23] [2016/10/28]Amnesty International evaluated messaging from eleven companies. It's a good time to consider what products we use in our personal and professional lives. Also, the criteria used reminds us that…
Evidence-based Decisions[MP4] [0:02:52] [2016/10/28]Recapping lessons from Tactical Edge on prioritizing security efforts and spends.
DDoS, DNS, SaaS, BCP[MP4] [0:03:42] [2016/10/28]Where were you during The Great Twitter Outage of 2016? A botnet of Internet-of-Things, likely based on Mirai, took down DNS services provided by Dyn. No Twitter. No Spotify. No GitHub. And where was…
Word Document Evasion Technique[MP4] [0:02:08] [2016/10/28]Word Macros are a common way to embed malicious code into documents. The Nitol botnet uses these. Nitol also has new evasion techniques to avoid detection. The one thing Nitol doesn't have? Cool…
Open Source [MP4] [0:04:29] [2016/10/22]The risks and benefits of using open source software in our enterprise environments.
Persistence in Group Policy [MP4] [0:04:23] [2016/10/19]Persistence is a stage in an attack lifecycle. Once in, stay in. One way we're seeing persistence done is with Active Directory Group Policy. Here's how to do it, and how to detect it.
How Many Threat Models [MP4] [0:04:04] [2016/10/19]How many threat models can our hunt team reasonably support? How many use cases can our operations team reasonably check for?
Preventing Breaches with Search Engines [MP4] [0:03:43] [2016/10/19]A case study on Modern Business Solutions, todays multi-million records breach. Personally identifiable information for subscribers was stolen from their MongoDB.
SAST and the Malicious Insider [MP4] [0:03:10] [2016/10/19]Static application security testing (SAST) can ensure clean code. But that is not the same as ensuring secure applications. Here's a cautionary tale.
Virtual Currencies [MP4] [0:03:41] [2016/10/19]Announcing Converge Detroit next April 13-14, 2017. BSides Detroit will be Saturday, April 15. So log off the video games, sign off of the virtual worlds, and come hang out. Oh, also, between now and…
IR Recovery Mistakes [MP4] [0:04:05] [2016/10/19]An incident response lifecycle contains stages like preparation, identification, containment, eradication, and recovery. Don't make these common mistakes when recovering after a security incident.
Defending Manufacturing [MP4] [0:05:31] [2016/10/19]Today, we cover an example attack on a manufacturing company and describe how to design security countermeasures.
Why They Roll Their Own Crypto [MP4] [0:03:14] [2016/10/19]A quick summary of the talk, "How to Implement Crypto Poorly," by Sean Cassidy. What does it mean when developers roll their own solution, instead of following secure practices? And what…
What Makes a Mentor [MP4] [0:04:17] [2016/10/19]What traits do we look for in mentors?
Behavior Change[MP4] [0:04:11] [2016/10/06]Security awareness and culture shifts start by changing behaviors. Here's a simple model for doing just that.
Mirai Botnet Source Code[MP4] [0:03:35] [2016/10/06]Source code for the Mirai botnet has been released. Mirai was behind the denial of service attack against KrebsOnSecurity, which blasted Krebs with 665 Gigabits per second from the Internet of Things.…
New Acquisitions[MP4] [0:03:42] [2016/10/04]This weekend I noticed, we get more information from a pet shelter when adopting kittens than we get from an IT team when acquiring companies.
Standards and Policies [MP4] [0:03:53] [2016/10/01]No one ever reads the documents. And reality never matches the standards. So how do you handle the delta? Here are four ways.
Whitebox Fuzzing and Project Springfield [MP4] [0:02:23] [2016/10/01]Whitebox fuzzing combines the code review of whitebox static analysis with the brute forcing inputs of fuzzing. Microsoft just announced Project Springfield, which is a service providing whitebox…
Application Whitelisting [MP4] [0:04:02] [2016/10/01]Two approaches to whitelisting, on two sides of the spectrum.
What i-Dressup Tells us about Response [MP4] [0:03:35] [2016/10/01]When i-Dressup is breached and passwords, clear text passwords, get siphoned off through SQL injection, people notice. Ars Technica notices. Troy Hunt notices. And Ars and Troy try to contact…
Escorting Vendors during Remote Support[MP4] [0:03:42] [2016/10/01]We have some equipment that needs vendor support. We're definitely not going to fly someone out for support every time. So, that means remote. But how do we handle concerns over giving a third party…
Making Mistakes[MP4] [0:04:03] [2016/09/23]A correction video, with a shout out to Stephen Harris for catching two of my mistakes, and a broader thought on the importance of quickly identifying and correcting mistakes. DomainKeys Identified…
When Documentation Attacks[MP4] [0:04:00] [2016/09/23]Leaking sensitive information in documentation happens to just about everyone. For today's video, let's use Microsoft's MSDN and the GPO AES private key leak (MS14-025). One slip in documentation and…
Educating the Educators[MP4] [0:03:15] [2016/09/22]When my daughter's teachers ask her to tweet that she goes to their high school, it occurs to me, we need to educate the educators on privacy and security matters.
Sender Policy Framework (SPF) [MP4] [0:03:09] [2016/09/21]Where to deploy SPF with email, how to bypass SPF when phishing, and why we still need security culture.
Patch! But don't rely on patches. [MP4] [0:03:01] [2016/09/18]Microsoft releases a patch that stops AdGholas's primary vulnerability. It only took two years. It only affected 5 million people. A day, 5 million a day. And this tells us a lot about the need for…
DevOps Velocity, take-aways from #HPEProtect [MP4] [0:03:56] [2016/09/16]Velocity isn't about how hard you hold down the throttle, but how fast you run the laps. It's about results, quality results. In DevOps, this takes three things. In racing, it takes someone other than…
Organized Crime, Take-aways from #HPEProtect[MP4] [0:03:59] [2016/09/16]Some say typical attacks are 20% low level hacktivists and such, 70% mid-level crimes, and 10% advanced nation state. Is that number right for our organization? And what do trends in crime mean for…
AWS is a go for PCI DSS [MP4] [0:02:28] [2016/09/16]Amazon Web Services announced its adoption of and compliance with the PCI Data Security Standard, PCI DSS 3.2. A cardholder environment in the cloud? Sure. Now you can have one.
Call Trees [MP4] [0:03:30] [2016/09/16]Troubleshooting and improving call trees for IT operations, incident response, and disaster recovery.
Prioritizing Security Vulnerabilities[MP4] [0:04:08] [2016/09/16]Do decision makers have an apathy problem? Or do we have a context and communication problem? Here's my thought, using a vulnerable Web server as an example.
Shared Private Keys Aren't Private [MP4] [0:03:21] [2016/09/09]The idea behind public/private key encryption is the private key is kept private and belongs to only one device. It's meant to be a unique identifier. But what happens when people image multiple…
Competitive Slacking [MP4] [0:03:59] [2016/09/09]Many troubles teams face, from firefighting to technical debt, are symptoms of the lack of slack time. It's all about making time to think long term. In this video, fresh from vacation, I cover why…
Honeypots[MP4] [0:04:17] [2016/09/02]What separates a good honey pot from a bad honey pot?
Encrypted Content, Unencrypted Logs[MP4] [0:04:06] [2016/09/02]OneLogin's security breach revealed their Secure Notes were unencrypted in OneLogin's logs. Here's some things to think about when using similar products, and when building encryption and logging…
Mr Robot FSociety Ransomware [MP4] [0:03:34] [2016/09/02]Media like television and movies inspires a certain set of criminals. Take, for example, the ransomware variant based on EDA2 and sporting the FSociety logo.
Buying Time with RASP [MP4] [0:03:57] [2016/09/02]Using Realtime Application Security Protection, or RASP, in conjunction with Web Application Firewalls for virtual patching until developers can fix the problem.
Stop Young Domains [MP4] [0:04:01] [2016/09/02]They say never trust anyone over thirty. I said never trust any domain name younger than thirty. Well, thirty days, anyways. Here's why.
Opsec, Bro[MP4] [0:03:17] [2016/09/02]Being careful with what we post online, and our employees post online. Also, guidance on security awareness training.
BCP Exercises[MP4] [0:04:12] [2016/08/24]What are the attributes of great business continuity exercises?
Security Automation with IFTTT[MP4] [0:03:56] [2016/08/24]Automating security tasks using If This Then That (IFTTT) along with Python or Bash scripts.
Load Balancing for Denial of Service [MP4] [0:03:40] [2016/08/24]Stopping distributed denial of service attacks with load balancers, its more than simply stacking on more Web servers.
Communities[MP4] [0:02:24] [2016/08/24]IT security communities: join one, or build one. Don't go it alone.
Cyphertext Attacks, Key Rotation, and Apple iMessage [MP4] [0:02:36] [2016/08/24]Research out of John Hopkins University on Apple iMessage gives us some lessons on implementing encryption systems.
Using a Capabilities Matrix [MP4] [0:04:33] [2016/08/24]We all get those emails. "Have you looked at product x?" And we all have had to explain why the Gizmo 9000 isn't what our team needs right now. We already have the capabilities. Or perhaps,…
Security Reasonableness Test[MP4] [0:03:31] [2016/08/24]Researchers are exfiltrating data by hard drive music (like, https://m.youtube.com/channel/UCHsrkH...). We must stop this James Bond level threat! Or, well, must we?
Vendor Risk Management[MP4] [0:03:59] [2016/08/24]So cloud IT is a bit like a rental car, at least, that's to say we're reliant upon others for safety and security.
Edge's PDF Vulnerability[MP4] [0:03:11] [2016/08/24]Microsoft Edge is falling for the old malformed PDF trick. And that has me wondering, why do we keep making the same security mistakes in product after product?
Centrally Managing Obligations[MP4] [0:04:03] [2016/08/24]Legal requirements. Industry standards. Contractual obligations. Best practices. Tracked separately, its a mess. Tracked centrally, its manageable. Here's how.
Business continuity planning[MP4] [0:02:45] [2016/08/24]Fresh off a Delta flight, while the airline scrambles to recover from a power outage, a reminder to test your controls.
Three Common PCI Misunderstandings [MP4] [0:04:19] [2016/08/06]Here's three common misunderstandings teams make when self assessing their payment systems for PCI DSS.
Criminals Picking on the Little Guy [MP4] [0:04:02] [2016/08/06]The National Restaurant Association put out guidance on PCI and the Council's Small Merchant Task Force. Turns out, small businesses are prime targets for thieves targeting payment data.
Router and Firewall Controls[MP4] [0:03:24] [2016/08/06]If a disgruntled network administrator can take down Citibank, imagine what one could do in our networks.
Handling Security Concerns Right [MP4] [0:03:55] [2016/08/06]Glow, a women's health app, has personal and sensitive information at a different level of personal and sensitive. When Glow discovered a security vulnerability that could expose women's information,…
Ghostbusters and Toolmaking [MP4] [0:03:21] [2016/07/29]I caught the new Ghostbusters movie. It made me realize. I need a Jillian Holtzmann on my team. And perhaps we all do. When its us and our tools against the world, toolmakers are invaluable.
Considerations for Securing Application [MP4] [0:03:14] [2016/07/29]Three considerations for introducing and integrating security with application development: audience (internal or customers); platforms and tooling; development lifecycle and workflows.
Check your Privilege [MP4] [0:03:21] [2016/07/29]Least privilege is still a privilege. Here's two ways criminals can escalate permissions in Windows 10. The bottom line: monitor domain admins closely, but don't ignore domain users.
TSA Master Keys and Key Escrow[MP4] [0:01:53] [2016/07/29]The eight and final TSA master key has been copied and released as a 3D printable. It's what is on my mind as I sit on this airplane. And it is a good time to remind folks to check their key escrow…
Intellectual Property and Bread[MP4] [0:03:03] [2016/07/24]Panera is suing Papa John's and Panera's former vice president of IT architecture. The charge is the VP made off with IP on a USB. Good time to ask, would we catch an employee stealing our…
Identifying Malicious Activities during Mergers [MP4] [0:03:11] [2016/07/24]So you're firm is going through a merger. Are you prepared to connect their potentially compromised network to yours? And what if your network is the one that's infected?
Mobile Threats, Controls, and Management [MP4] [0:06:39] [2016/07/24]Dave Schwartzberg gives an update on mobile security. How real are threats from phones and tablets? What works for BYOD management?
Enforced Encryption in AWS S3 [MP4] [0:03:12] [2016/07/24]AWS (Amazon Web Services) S3 (Simple Storage Services) supports AES (Advanced Encryption Standard) and other TLAs. This gives us a great example of a setting up controls to ensure controls are set.…
Honey Credentials [MP4] [0:04:01] [2016/07/24]An overview of Responder and HoneyCreds, as demonstrated by Ben0xA in his Converge Detroit keynote.
Hak4Kidz parked at BSidesDetroit[MP4] [0:05:28] [2016/07/17]Dave Schwartzberg hops in the car with me to describe getting kids involved with hacking, robotics, and coding. He's running Hak4Kidz at conferences across the globe, including BSidesDetroit.
DevOps Change Rates and Risk [MP4] [0:03:36] [2016/07/17]Yesterday at Converge, Joel Cardella presented "Welcome to The World of Yesterday, Tomorrow!" The topic was what we can learn from the Challenger disaster. Here's my take on flight rate and…
Decrypting for Data Loss Prevention [MP4] [0:04:00] [2016/07/17]Edgy. Our security environments are edgy. And at that edge, we need to see what's coming and going. Ans that's where encryption is both good and bad for security.
Medium's Vulnerability and Collaboration[MP4] [0:03:58] [2016/07/13]If you're developing collaboration software, watch your approval workflow. And if you're running Medium, patch your software.
The Shard Utility[MP4] [0:03:36] [2016/07/13]Using shard to detect shared passwords, and how it might be used in an employee security awareness program. More here: https://github.com/philwantsfish/shard
Beating Ransomware in 8 steps [MP4] [0:05:18] [2016/07/08]Today, balloon tower defense-in-depth style, we cover the attack path for ransomware. Eight controls are detailed, each one with a varying degree of effectiveness, that can keep your organization from…
Stolen Phone, Broken Crypto . J Wolfgang Goerlich J Wolfgang Goerlich [MP4] [0:03:49] [2016/07/07]Tennessee says we no longer get a pass on stolen encrypted devices. And Android phones with Qualcomm ARM processors have a new attack vector for stealing encryption keys and brute forcing…
Leveraging in-flight Projects [MP4] [0:04:21] [2016/07/05]98 tasks for security on the wall. 98 security tasks. Instead of taking one down and passing it around, how about finding a better way? Say, by bundling it with active and planned projects?
Why Model and Detect Late Stage Attacks [MP4] [0:04:21] [2016/06/30]Think of an attack path (or kill chain) as one of those kids toys where you rotate animals. Heads, bodies, tails. Intrusions, compromises, exfiltrations. Which part is easiest to detect and why?
Drive Encryption, Secure Wipes, and Awareness [MP4] [0:03:39] [2016/06/30]A new study finds 78% of used computers have personal and corporate data from their previous owners. Time to check your endpoint data controls. Time, too, to share the story with your employees so…
Cowboys and Quick Draw Changes[MP4] [0:03:15] [2016/06/30]Nobody likes an IT cowboy. Nobody. Then again, everybody needs a hero sometime. Somebody quick on the trigger. Somebody who knows what's what. So I ask, who's your cowboy?
Remote Access [MP4] [0:03:49] [2016/06/30]Recent attacks on GoToMyPC and Team Viewer shine a spotlight on remote access risks. If someone were compromised by these, would we know? And what subsequent controls would protect our sensitive data?
Social Engineering with HTML Apps[MP4] [0:03:58] [2016/06/28]The new version of the Social Engineering Toolkit (SET) can deliver malicious payloads with the Windows HTML Application (HTA) files. Let's talk defense.
Vulnerable Configurations [MP4] [0:03:27] [2016/06/26]154 million voter records were recently exposed. The records included names, addresses, Facebook profiles, gun ownership, and so on. And this highlights the need to check configurations as part of…
The IKEA Effect [MP4] [0:03:09] [2016/06/26]Involve people in the creation of security procedures and controls to trigger the IKEA Effect and get buy-in.
FICO Security Score [MP4] [0:03:33] [2016/06/26]You know your FICO credit score? Yeah. Now apply that to cyber security. That's what QuadMetrics has developed for FICO. It's coming to a cyber insurance policy near you. Is your organization ready?
Dedicated Security Teams [MP4] [0:03:06] [2016/06/18]Rebecca Marquis tweeted out that she was doing housework while listening to these videos. And that made me think. IT security is a lot like cleaning. For example, it works better with a dedicated team…
Getting Ahead of Password Reuse [MP4] [0:03:42] [2016/06/16]Everybody's passwords have been stolen. Now criminals are reusing passwords on other sites. Github responds. LinkedIn responds. Could we?
BadBlock Ransomware[MP4] [0:04:02] [2016/06/16]I miss the good old days, when ransomware was left to the professionals and only encrypted data files. Not like BadBlock and these newer round of malware. Those were simpler times.
Blame the Victim[MP4] [0:04:17] [2016/06/15]Someone called the help desk with a phish? Laugh at them for falling for it. Some firm got breached? Post it to Facebook and enjoy the schadenfreude. That's often how the IT security community and…
Stopping Work that looks like Work[MP4] [0:04:30] [2016/06/14]When work looks like work, work gets done. Good news for the IT security team. But what if the work is criminal? Today, a story from 0ddJ0bb on how fraudsters used the principle to steal bitcoin.
The Unencrypted Millions[MP4] [0:02:26] [2016/06/11]Rapid7 scans the Internet and find millions of unencrypted services. Telnet, databases, printers, and file shares. Welcome to the 1990's internet, today.
Redundancy Encryption[MP4] [0:03:05] [2016/06/11]We encrypted the Web traffic. And then decrypted it across the firewalls. We encrypted the files. And then decrypted them to load databases. We encrypted the disks. Wait. But we decrypted on boot. And…
Ransomware Bypassing EMET[MP4] [0:03:58] [2016/06/08]A new version of Angler, used for ransomware, is taking advantage of Flash and Silverlight to bypass EMET's memory protection. So should we abandon EMET altogether or what?
DRM, IRM, DLP, ETC[MP4] [0:04:02] [2016/06/08]Setting up rights management and loss prevention for secure file exchange. Hardening the circadian rhythms of our organizations.
Prioritizing Controls [MP4] [0:03:56] [2016/06/03]Thoughts on the "Penetration Tests and Red Team Exercises", the "Application Software Security", and the "Email and Web Browser Protections" controls in the CIS Critical…
Policies[MP4] [0:03:57] [2016/06/03]The human readable / machine enforceable theory for IT security policies.
Seasonal Security Reviews [MP4] [0:03:48] [2016/06/03]To everything, a season. To every security control, an amount of time. To every security architecture, a set lifespan. Assessing and planning for these cycles, today while stuck in traffic.
Brute Forcing Gestures [MP4] [0:04:09] [2016/05/30]Gesture authentication, the "Robotic Robbery in the Touch Screen" paper, and the cool hand gesture lady. Nothing is safe.
Security as a Product[MP4] [0:04:02] [2016/05/30]Lessons from the TSA we can avoid. Lessons from the cloud aaS we can adopt. And an idea for how to make security a product consumers want.
Local File Inclusion[MP4] [0:04:21] [2016/05/25]Quick primer on Local File Inclusion (LFI) vulnerabilities in Web apps.
Career Jumps and the Red Baron [MP4] [0:04:39] [2016/05/25]A hundred years ago, the Red Baron ruled the skies. A few years before that, however, he was a simple cavalryman. So what lessons can we learn about going from the help desk to the SOC from a guy who…
Image Tragic [MP4] [0:04:39] [2016/05/20]Image Magic is vulnerable. Don't just patch. This is an opportunity to evaluate all the controls on the attack path. Done right, we will have 0-day protection.
Safe Cracking and Time Based Security [MP4] [0:04:14] [2016/05/20]At a keynote, I pulled out a safe cracker and demonstrated brute forcing. Safes are excellent metaphors for security controls. Take, for example, the TL rating for a given intensity of an attack and a…
OK Cupid and the Broken Heart[MP4] [0:02:56] [2016/05/17]What can we learn from OK Cupid being scrapped and its users' information being released? Well, for one, we can make sure our Web sites do not get scrapped.
Assessing Processes with Third Parties [MP4] [0:03:37] [2016/05/14]There are our business processes. There are our work flows. And then there are third party apps, facilities, and cloud hosting. So how do you do a risk and controls assessment?
Save a Life or Stop a Virus[MP4] [0:03:20] [2016/05/12]One time, during heart surgery, the Merge Hemo app locked up. Why? Because of an anti-virus scan. It's an example of what happens when we focus solely on securing technology.
Swiss Cheese Model[MP4] [0:03:54] [2016/05/11]Applying the "Swiss Cheese Model" to after action reports to beat the odds with incident response.
Defensible Architectures[MP4] [0:04:29] [2016/05/11]A four step process for creating a defensible security architecture.
Responding to PowerShell[MP4] [0:04:23] [2016/05/11]Red Team tools exist for PowerShell. Older ones, like PoshSec and PowerSploit, and newer ones like PowerShell Empire. Meantime, criminals weaponized PowerShell scripts with malware like PowerSniff and…
Locky and Having a fighting chance [MP4] [0:04:13] [2016/05/06]Someone infiltrated the Locky network and disabled the ransomeware. We've seen this happen before. Turns out, the criminals make as many mistakes as we do. And this means we have a fighting chance.
Encrypting Data Interchanges[MP4] [0:04:02] [2016/05/06]If data is the life blood of the organization, then data exchange is the steady heartbeat. Data in, data out (beat). Data in, data out (beat). And encryption protects that flow.
Tightening the Feedback Loop[MP4] [0:04:46] [2016/05/04]PDCA, Plan-Do-Check-Act, is all fine and good. The trouble is delaying feedback. So here's some ways to get implementation and assessment teams closer to tighten the feedback loop.
Don't Play with CMS[MP4] [0:03:43] [2016/05/04]Content management systems are an oft used system for criminals. A toy manufacturer provides a recent example, as their unpatched Joomla system was hijacked to distribute ransomeware with Angler.
Clearing Phishes [MP4] [0:04:01] [2016/05/03]After last week's video on phishing response metrics, a question came in. How does IT respond and clean up phishing emails?
Metrics on Results[MP4] [0:03:52] [2016/05/01]If the end result is the response to an attack, why don't more metrics measure the response? Take phishing. We need to track the time it takes for IT to investigate and blackhole a phish. That's what…
Repurposing Equipment for Disaster Recovery [MP4] [0:03:25] [2016/05/01]Flexibility gives the defense an advantage. Reusable and repurposable systems, particularly for disaster recovery, are a good place to begin building that flexibility. Also, seriously, twelve people…
Minimum Viable Frameworks [MP4] [0:03:55] [2016/05/01]Start small. Start some where. Start iterating and improving. From frameworks like ISO 27001 to maturity models like BSIMM, we can make a minimum version which reduces risk with a reasonable amount of…
Presidential Candidate Apps[MP4] [0:03:37] [2016/05/01]A million downloads can't be wrong. Except, of course, when the mobile apps access excessive amounts of personal data. Oh, and, except when the data is transmitted in clear text. Leave it to the…
Stopping Rogue WiFi [MP4] [0:04:03] [2016/04/25]Rogue wireless access points, those WiFi networks that our organization didn't authorize, are another path for criminals and malicious insiders. We can block rogue WiFi two ways: at the signal and on…
Bypassing AppLocker[MP4] [0:04:29] [2016/04/24]Each IT security control is a balancing act between several factors. Ease of use, difficulty of abuse, performance, and others all play a part. To demonstrate this, let's look at Windows built-in…
New Firewalls[MP4] [0:05:54] [2016/04/22]Shiny new red blinking boxes. It's just what we always wanted. Excellent. Next question: how do we phase in these new firewalls?
Hijacking DNS[MP4] [0:03:44] [2016/04/20]Phishing and other social engineering tactics used to hijack DNS.
Criminal Practices[MP4] [0:03:28] [2016/04/20]The criminals adopt PTES, holiday pay, org charts, call escalations, and other corporate best practices. It's us against them, practices against practices, in an arms race to protect our…
Unintended Consequences of Defaults[MP4] [0:04:10] [2016/04/18]Years ago, an API address company made a decision on the default. This has led to years of attribution to Kansas. A small farmhouse in Kansas, to be exact. This is their story.
URL Shorteners[MP4] [0:03:17] [2016/04/16]Researchers from Cornell found Google's Map URLs contain all sorts of personal data. Microsoft's shortened URLs do, too. The short answer: take care to secure simple services.
Preserving Formats, Preserving Performance[MP4] [0:05:55] [2016/04/15]Application and database decisions that impact performance when using data and database encryption. It's easy. (It's not easy.)
Disk Encryption[MP4] [0:04:00] [2016/04/14]So, what's the best way to do enterprise disk encryption? Software like Bitlocker or PKware? Hardware with the Dell, EMC, or whomever? A combination using HP Atalla? Well. It depends.
Managing the News Cycle[MP4] [0:03:35] [2016/04/13]Responding to the news cycle by tying hype back to our IT security program. Take, for example, BadLock. Are we prepared?
Package Managers [MP4] [0:05:09] [2016/04/12]Inserting wormable malware in packages in general and, specifically, Sam Saccone's warnings about the Node.js Package Manager (npm).
Assessments to Remediation [MP4] [0:03:48] [2016/04/09]The ciso's journey for assessments: no testing; testing but no remediation; testing with remediation projects; lots of testing and lots of projects; centralized remediation program for all findings.…
Pesky People and their USB Drives[MP4] [0:03:32] [2016/04/07]University of Illinois researchers drop some 297 USB drives on campus. 48% of the drives get opened and browsed. The scare is that these could have been malicious drives with malware. So, what should…
Minimalism in Incident Response[MP4] [0:04:49] [2016/04/07]We can do months long cyber war games. We can do weeks of incident response exercises. Or, hey, we can do a couple days. Today, we talk about how to choose which is right, and how to know it's time to…
Something Borrowed [MP4] [0:05:22] [2016/04/05]BYOD? Meh. Shadow IT? Pfft. Family and friends borrowing tech that accesses our corporate systems? Wait. Now that is scary.
KeRanger Ransomware[MP4] [0:05:25] [2016/04/05]Four things that make KeRanger unique: targeted a Mac, embedded in a signed app, delayed attack execution, and code for disrupting Time Capsule backups.
Apps and Secrets [MP4] [0:04:55] [2016/04/05]Encrypting the password for decrypting the secret key that's unencrypting the API. Keeping secrets in applications is hard, especially in android apps.
The Easy, The Hard [MP4] [0:04:31] [2016/04/05]The tug-of-war between point solutions and holistic approaches, between quick wins and sustainable programs, between tactical and strategic. In other words, a brief recap of the easy and of the hard.
Blocking IP Scans[MP4] [0:05:20] [2016/04/05]There is the area we are concerned about protecting. There is the area criminals profit from compromising. The action lies at the center of the Venn. A good defense raises the criminal's costs and/or…
FIRST Principles[MP4] [0:04:40] [2016/04/05]Take-aways from a weekend watching the FIRST Robotics Competition, and what security teams can learn from the 4-H MooBotics (@FRC5926) rookies. Coordination and collaboration trumps technology.