Primal Security Podcast

Categories

general

Archives

2017
August
June
April
March

2016
December
October
September
July
May
April
March
February
January

2015
December
November
October

2014
November
October
August
May
April
February

2013
November
July

December 2018
S M T W T F S
     
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31

Syndication

Winter is coming and HBO is already feeling the chill…well maybe. This month we are joined by Zack, Luke, Lane, and Andrew talking about news items, and their normal random banter. This is the first podcast in a while we don’t mention Marissa Mayer from some breach…ah crap, well we will get it next time.

 

Direct download: Primal_Security_Podcast_Episode_30.mp3
Category:general -- posted at: 10:32am PST

With our first update of the summer we address multiple compromises, electoral hacks, and much much more!

1) WANNACRY/Ransomware Update
https://isc.sans.edu/forums/diary/What+did+we+Learn+from+WannaCry+Oh+Wait+We+Already+Knew+That/22444/

https://labsblog.f-secure.com/2017/05/13/wcry-knowns-and-unknowns/

https://community.rapid7.com/community/infosec/blog/2017/05/12/wanna-decryptor-wncry-ransomware-explained

2) Kmart Pwned Again...
https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/


3) Chipotle hacked (hide your burritos)!

http://money.cnn.com/2017/05/28/technology/chipotle-credit-card-hack/

4) Gamestop hacked (I'm running out of valid credit cards)

https://threatpost.com/gamestop-online-shoppers-officially-warned-of-breach/126172/

5) Macron campaign hack and reaction
https://www.nytimes.com/2017/05/08/world/europe/macron-hacking-attack-france.html

6) Russia accessed voter data/systems in 39 states
https://www.engadget.com/2017/06/13/report-russia-hacked-election-systems-in-39-us-states/

7) Shadowbrokers subscription and crowdfunding
https://www.cryptocoinsnews.com/shadow-brokers-dumps-bitcoin-zcash-monthly-dump-subscription/
http://mashable.com/2017/05/30/shadow-brokers-nsa-exploits-hacking-wannacry/#2eoUgMY9kmqT

8) XP isn't quite EoL yet

http://www.zdnet.com/article/microsoft-warns-of-destructive-cyberattacks-issues-new-windows-xp-patches/

Direct download: PrimalSec-Ep29_-__The_Hot_One.mp3
Category:general -- posted at: 3:18pm PST

Tanium breaches trust with customer data to get new customers:

https://arstechnica.com/security/2017/04/security-vendor-uses-hospitals-network-for-unauthorized-sales-demos/

 

Unicode phishing:

https://thehackernews.com/2017/04/unicode-Punycode-phishing-attack.html

 

Shadow Brokers New Release of Stuff:

http://www.pwn3d.org/posts/1721872-from-git-clone-to-pwned-owning-windows-with-doublepulsar-and-eternalblue-part-1

 

Mastercard reveals fingerprint biometric to replace pin:

http://www.bbc.com/news/technology-39643453 

 

Massive Oracle Quarterly Patch Not the Only Worry with Solaris and Apache Struts 2:

https://threatpost.com/record-oracle-patch-update-addresses-shadowbrokers-struts-2-vulnerabilities/125046/

 

Breaches:

https://krebsonsecurity.com/2017/04/intercontinental-hotel-chain-breach-expands/

https://krebsonsecurity.com/2017/04/shoneys-hit-by-apparent-credit-card-breach/

Direct download: PrimalSec-Ep28_-__Shoneys_Guns_and_Unicorns.mp3
Category:general -- posted at: 5:59am PST

Direct download: PrimalSec-Ep27-StPattysMalware.mp3
Category:general -- posted at: 10:57am PST

News Items:
 
APT-28 and APT-29, Fancy Bear and Cozy Bear:
 
Massive Data breaches
 
Hospitals make up 88% of all data breaches:
 
Cyber attacks on hospitals grew 63% in 2016:
 
Healthcare industry suffers 6.2 billion dollars in data breaches:
 
Yahoo Got Hit Hard in 2016 - they got breached by all the things multiple times:
Direct download: Episode_26_-_Happy_Holidays.mp3
Category:general -- posted at: 5:31am PST

Octoberfest -> Micah just released python parser for untapped https://github.com/WebBreacher/untappdScraper

 

Mirai Botnet DNS Attacks (IoT) https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/

Joomla Vuln (CVE-2016-8869, 8870) - Unauth Account creation and priv esc Joomla core 3.4.4-3.6.3 (patched 3.6.4) PoC is out on this several examples. https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.7kwnegsvj

Dirtyc0w exploit (CVE-2016-5195) https://dirtycow.ninja/

BSidesDC 2016: https://www.youtube.com/channel/UCVImyGhRATNFGPmJfxaq1dw

  • We Spoke
  • Sean Metcaf Spoke on Powershell
  • Micah Spoke on how to get connected in the security industry

 

BSidesJXN - 5 Ways We Break into a Network https://breakpoint-labs.com/5-ways-we-get-on-your-network/

  1. Phishing
  2. Web App Vulns
  3. Multicast Name Resolution Poisoning
  4. SMB Relay Attacks
  5. Account Compromise 
Direct download: PrimalSec-Ep25-Hacktoberfest.mp3
Category:general -- posted at: 10:18am PST

This episode of Primal Security podcast is hosted by Andrew, Lane, Luke, and Zack with guest speaker Dan Amodio.

Dan is an expert with all things penetration testing and red teaming and discusses his experiences with getting started in the industry. A lot of people want to become the super cool "hacker", but where do you start? Dan explains that the actual day to day of a penetration tester is far more than just performing penetration testing, you are a trusted consultant for your customer who often has to work long hours to ensure you complete the project.

If you are new to security, or want to learn how to grow into a penetration testing role check out this podcast.

Direct download: PrimalSec_Podcast_Episode_24-_Getting_started_with_PenTesting.mp3
Category:general -- posted at: 6:04am PST

Direct download: PrimalSec_Podcast_Ep._23-_Getting_Started_with_Python.mp3
Category:general -- posted at: 5:15am PST

News Items:

 

Technical Segment: Email Spoofing and Phishing

Highlight: If a company is using Google Apps for Work and has not set up SPF/DKIM/DMARC their domain can be leveraged to spoof emails..very reliably.

  • Surprise surprise, people click links! Do you even need to be crafty? No probably not, but lets discuss some ways anyhow.
  • You can spoof Emails - It can happen: Great write-up from Cobalt Strike
    • If you are new to the email spoofing you should really read this article
  • Telnet to the mail server, and attempt to manually craft the email. This works in default configurations on many Email servers and security appliances - SPF/DKIM/DMARC may not be setup allowing you to send email from the domain unauthenticated - The Cobalt Strike blog demonstrates that.
  • This can also be done in Gmail! - Shows up as spoofed in normal gmail, but what about Google Apps for Work - You do not have SPF/DKIM/DMARC setup and can very easily spoof emails from that domain - both two the target domain and externally, and it will very frequently bypass security controls - we will release code on how to do that.
  • We are normally targeting organizations that leverage Outlook - It will only grab the name portion of the email header (not the email) and present that to users, so you can have a Gmail email (can bypass controls since its Gmail/legit) and you can send email using Python (or another scripting language), and modify the name to be a quazi-spoof.
Direct download: PrimalSec-Ep22-Phishers-Paradise.mp3
Category:general -- posted at: 3:51pm PST

This month's podcast is hosted by Andrew, Lane, Luke, Matt, Zack, and guest speaker Eric Peterson from BreakPoint Labs. Eric has an extensive background in hunting for malware on enterprise networks and shares his knowledge on Ransomware.

Direct download: PrimalSec-Ep21-Ransomware.mp3
Category:general -- posted at: 4:13pm PST

This month’s podcast is hosted by Andrew, Luke, Zack, Lane, and special guest Tyrone Wilson CEO of Cover6 Solutions.  We quickly discuss some news items over this past month and then talk about the D.C. Cyber Security Professionals Meetup group led by Tyrone Wilson.

Direct download: 0324PrimalSecPodcast.mp3
Category:general -- posted at: 7:48am PST

Quick news Items:

FBI vs. Apple Iphone

Kohls Cash Fraud

Spotify Account Compromise

 

Then we discuss OSCP, and talk about our experience with OSCP.

Direct download: PrimalSec-Ep20-OSCP.mp3
Category:general -- posted at: 5:38am PST

This months podcast is hosted by Lane, Luke, Zack, Andrew, and Matt with guest speaker Shawn Wells.  We cover news items over the last month and Shawn digs into OpenSCAP, and Docker security.

Direct download: PrimalSec-Ep18-SCAP-Docker.mp3
Category:general -- posted at: 5:37am PST

Guest Speak Micah Hoffman discusses his conference talk on the security issues surrounding fitness devices and web applications.  Great talk from someone who really cares about security, and loves to share knowledge.

Talk: https://www.youtube.com/watch?v=4XED-r29_Iw

Direct download: PrimalSec_Ep17.mp3
Category:general -- posted at: 7:34pm PST

We go over some news items from the last month, cover a new computer search engine Censys.io, and to a tech segment on Mobile Security.

Direct download: PrimalSec_Ep16.mp3
Category:general -- posted at: 8:16am PST

How to Start Your InfoSec Career

Direct download: PrimalSec_Podcast_Ep15.mp3
Category: -- posted at: 5:32pm PST

Show Notes:

Google Firing Range to scan and test XSS

Black Hat Python by @jms_dot_py

Overview of Data Breaches:

Nvisium Seccasts is now free

EMET 5.1 Bypass

OSWE needs to come online now!

OMFG Windows Vulns:

Drupageddon: Drupal 7.31 PreAuth SQLi

CryptoPHP Web Malware

Irongeek posted Hack3rCon Videos 

Direct download: PrimalSec_11-21-2014_-_11_21_14_8.19_PM.m4a
Category:general -- posted at: 5:32pm PST

Show Notes:

1. DerbyCon Recap
2. DerbyCon CTF
3. Corelan Advanced Training
4. Shell_Shock 6 CVEs
5. Overview of data breaches for September: (iCloud, Home Depot, Jimmy Johns, ObamaCare, JPMorgan, Gmail, etc.)
6. Endless Celebrity nudes
7. Kali Nethunter
8. VulnHub Persistence Challenge Complete
9. OWASP Testing Guide 4.0
10. Upcoming Books: Black Hat Python - No Starch Press

Direct download: PrimalSec_Oct2014_-_10_7_14_7.13_PM.m4a
Category:general -- posted at: 4:24pm PST

In this podcast we talk about some recent conferences we attended (Black Hat, Def Con), and some upcoming conferences (DerbyCon/Corelan Training).  We briefly discuss some of the different training options in InfoSec, and go over some of PrimalSec's new tutorial series.

1. Black Hat Talk Summary
2. Def Con Talk Summary
3. DerbyCon 4.0 Family Rootz
4. Microsoft Pass-The-Hash Patch - harmjOy
5. Search Engine "Indexeus" indexes user account information acquired from more than 100 recent data breaches
6. Python Tutorial Series - From "Hello World" to Python Malware - Take my hand and walk into the darkness.
7. Exploit Tutorial Series (In-Progress) - Low level exploit tutorial series, writing your own exploits

Direct download: primalsecpodcast_August_2014.mp3
Category:general -- posted at: 2:18pm PST

Primal Security Podcast May 2014
Direct download: PrimalSec2014_May_Small-_5_4_14_4.00_PM.m4a
Category:general -- posted at: 1:04pm PST

Direct download: PrimalSec_Podcast_April_14-med.m4a
Category:general -- posted at: 12:17pm PST

We've been gone for a while, but we're back with some new news. 

Direct download: PrimalSec_ReturnoftheJobin.m4a
Category:general -- posted at: 7:00am PST

This is Primal Security Podcast #3 for November 2013.

Direct download: PrimalSec-November.m4a
Category:general -- posted at: 5:57pm PST

This is the first episode of the Primal Security Podcast. July 2013

Blog with show notes can be found at www.primalsecurity.net

Direct download: Primal_Sec_2.m4a
Category:general -- posted at: 9:32am PST

1