podcast.michsec.org

BSides Detroit 13 Episode 21

Chris (@rattis [https://twitter.com/rattis]) is our last guest before BSides Detroit 13. In this episode, Chris chats with Wolfgang Goerlich about last year’s podcast, Chris’s work as the EMU IA president, and what Chris has planned for this year’s lockpick village. For those participating in the CTF, stay tuned for hints on the physical challenges. For more information about BSides Detroit 13, please see: * Rats and Rogues podcast [http://www.ratsandrogues.com/] * Conference website [http://www.securitybsides.com/w/page/61144863/BSidesDetroit13] * Conference schedule [http://www.securitybsides.com/w/page/62849966/BSidesDetroit13Sessions]

BSides Detroit 13 Episode 20

David Schwartzberg (@DSchwartzberg [https://twitter.com/DSchwartzberg]) is this week’s podcast guest. David discusses GrrCON, ZeuS bot Exploit Kit Command & Control, and David’s book: Computers for Kids: Something In, Something Out [http://www.amazon.com/Computers-Kids-Something-In-Out/dp/057809195X]. David will be giving his talk, Zeus C&C for Tech Support, on Saturday. We end the podcast with an announcement from BSides: BSides Detroit Kids [http://www.eventbrite.com/event/6683495515]. In conjunction with Brain Monkeys [http://www.brainmonkeys.com/], BSides Detroit is hosting a full day of workshops for kids ages 8-12. The sessions include Scratch Arcade, Kids CAD Lego, and Sumo Battle Bots. The event is poised to introduce the next generation to compute and hardware hacking. Tickets are available below. Zeus C&C for Tech Support Abstract: Inspired by Adam Johnson’s presentation at GrrCON 2011 titled “ZeuS – Inside Command and Control” on how to build a ZeuS bot Exploit Kit Command & Control. I thought it would be fun to use this newly gained knowledge to build a C&C in an effort to provide tech support for my family members. Have you been in that situation where everyone you know comes to you with their computer problems? Just because you have a knack for technology, people you know seem to think that you enjoy fixing all their problems, most self-inflicted. Welp, here’s your chance to help them and have some real fun. This mostly hand’s on demonstration will walk through setting up your very own C&C and configuring the basic settings to get you started. When ready to rock, you will learn how to fun while fixing their problems. Live malware will be used during this presentation so make sure you turn off your WiFi. For more information about BSides Detroit 13, please see: * BSides Detroit Kids tickets [http://www.eventbrite.com/event/6683495515] * Conference website [http://www.securitybsides.com/w/page/61144863/BSidesDetroit13] * Conference schedule [http://www.securitybsides.com/w/page/62849966/BSidesDetroit13Sessions]

BSides Detroit 13 Episode 19

James Foster joins Wolfgang Goerlich on the podcast to discuss trust relationships. How does pass-the-hash actually work? James: “Before I did security assessments and pen testing, I knew about some of these problems. I think a lot of Windows admins and defenders do. But I did not fully understand their implications and I did not fully understand their impact. And that is the reason I want to do this talk.” Listen to learn more. Abstract: What’s a trust relationship? Explicit ones are easy — these you setup explicitly and on purpose, like when you want Domain A to trust Domain B for authentication. It’s the implicit ones that will get you, the ones you didn’t setup on purpose. Like when you have the same local administrator password on a bunch of systems (own one, own them all!). Or when a domain admin leaves an access token behind on some user’s workstation (user owns the domain!). If you support or defend Windows systems, you should know about the different kinds of implicit trusts in Windows (accounts, cached credentials and access tokens) and how to reduce your risks from them. Oh, and you know the phase of an APT-style attack after the end user’s workstation is compromised but before they own your domain? The one that is sometimes glossed over with the phrases “lateral movement” and “privilege escalation”? Oftentimes, this happens by exploiting trust relationships. For more information about BSides Detroit 13, please see: * Conference website [http://www.securitybsides.com/w/page/61144863/BSidesDetroit13] * Conference tickets [http://bsidesdetroit13.eventbrite.com/]

BSides Detroit 13 Episode 18

Fresh from BSides Chicago’s New and Local track, Eve Adams joins us on the BSides Detroit podcast. Eve covers her Chicago experience, explains a bit about what she does (and why she is better than Willy Wonka), and gives a preview of her talk: Hack the Hustle. Abstract: While information security is widely considered a negative-unemployment industry (it’s actually closer to 3%), most of us will look for a job at some point. Seasoned technical recruiter Eve Adams (@HackerHuntress [https://twitter.com/HackerHuntress]) provides infosec-specific insight on writing resumes that get you the kind of attention you want, getting short-listed for cool positions before they’re even posted, strategically riding infosec employment trends, and how to most effectively work with those delightful recruiters. This talk will have something for those just entering the workforce, mid-career security professionals, and former VAX hackers alike! For more information about BSides Detroit 13, please see: * Halock Security Labs [http://www.halock.com/] * BSides Detroit speaker voting [https://docs.google.com/forms/d/1Nx_kdSsa1fgOLQKjYBy4hbvWL6mwfvtO5odkKZ3ExNo/viewform] * Conference website [http://www.securitybsides.com/w/page/61144863/BSidesDetroit13]

BSides Detroit 13 Episode 17

On this episode, J Wolfgang Goerlich interviews the BSides Detroit 13 business keynote speaker. His talk is Creating a security culture – a holistic view on security. Kai Roer, the founder and Senior Partner of The Roer Group, is a European author and speaker. He has delivered speeches and trainings in more than 20 countries on four continents. Kai speaks about leadership, communication and security. He is a guest lecturer at two universities in Europe, and have consulted organizations of all sizes since 1994. Kai maintain an infosec blog at http://roer.com [http://roer.com/] You can also follow him on twitter as @kairoer [https://twitter.com/kairoer]. Abstract: All the talk about security awareness training the past year has boosted the idea that training is futile and a waste of time. What are the mechanisms that drive security? Can we point to areas in psychology that relates to how we treat security? Are we, the infosec community, the best resource to teach security? This talk will boggle your mind, and possibly turn everything you know and believe about users, security and awareness upside down For more information about BSides Detroit 13, please see: * Kai Roer on Twitter [https://twitter.com/kairoer] * Kai Roer’s blog [http://roer.com/] * BSides Detroit speaker voting [https://docs.google.com/forms/d/1Nx_kdSsa1fgOLQKjYBy4hbvWL6mwfvtO5odkKZ3ExNo/viewform] * Conference website [http://www.securitybsides.com/w/page/61144863/BSidesDetroit13]