Remote access, Container security, DevOps, Security Research, Blue Team

PSW #644

March 23, 2020

Struggling with how to get your logs from the cloud? Have no fear, Corey and the Security Weekly crew talk about how to configure your logs in the cloud, use cloud-native services to handle the shuffling of logs in and out of the cloud, and control your costs! We conclude by talking a bit about Windows Event logs and overcoming some gotchas.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Zen And The Art Of Logs In The Cloud

Visit https://securityweekly.com/gravwell to grab their open-source version and collect and analyze ALL of your logs. Drink all the booze, log all the things.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Corey Thuen

Corey Thuen – Co-Founder

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

SANS Penetration Testing | Microsoft SMBv3.11 Vulnerability and Patch CVE-20200796 Explained, Drobo 5N2 4.1.1 – Remote Command Injection, $100K Paid Out for Google Cloud Shell Root Compromise, WordPress, Apache Struts Attract the Most Bug Exploits, Run Docker nginx as Non-Root-User.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Drobo Exploit, Docker Escape, SMBv3.11

Scan for SMB 3.11: nmap -p445 –open –script smb-protocols -Pn -n 172.16.1.0/24 | grep -P ‘d+.d+.d+.d+|^|.s+3.11’ | tr ‘n’ ‘ ‘ | sed -e ‘s/Nmap scan report for/n/g; s/|//g; s/_//g’

WordPress, Apache Struts Attract the Most Bug Exploits – We have the tools and processes to fix this already, but many organizations don’t do it, therefore I somewhat disagree with these statements: Even if best application development practices are used, framework vulnerabilities can expose organizations to security breaches.

Run Docker Nginx as Non-Root-User – In Docker, this is a problem as it means the container will drop you into root-level privileges by default for a shell (exploit or with docker exec -ti). So, for Docker, make sure you change this as the Docker Hub image for Nginx runs as root! They should really change this.

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Joff Thyer

Joff Thyer – Security Analyst

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Guests

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!

The challenges and differentiated values of desktop and laptop protection and administrative tool control (e.g., Powershell, SSH) for remote users and administrators to work securely.

Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Work from home securely

Hosts

Jeff Man

Jeff Man – Sr. InfoSec Consultant

Larry Pesce

Larry Pesce – Senior Managing Consultant and Director of Research

Lee Neely

Lee Neely – Senior Cyber Analyst

Paul Asadoorian

Paul Asadoorian – Founder & CTO

Tyler Robinson

Tyler Robinson – Managing Director of Network Operations

Guests

Peter Smith

Peter Smith – Founder, CEO

Announcements

  • Register for our upcoming webcasts and virtual trainings by visiting securityweekly.com selecting the webcast/training drop down from the top menu bar and clicking registration. In our first virtual training with Online Business Systems you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. In our next webcast with Gravwell, we will cut through the marketing buzzwords and teach you about collecting & analyzing logs in hybrid cloud environments.
  • CyberSecurity Exchange Day hosted by OSHEAN and the Pell Center was originally scheduled for Wednesday, March 18th and has currently been postponed. The new date is still TBD and we will keep you posted as soon as we hear more!
  • SecureWorld Boston was scheduled for March 25th & 26th at the Hynes Convention Center. The event has been postponed until further notice. We will keep you in the loop as soon as we know more!
  • InfoSecWorld 2020 was originally scheduled for March 30 – April 1, 2020 at the Disney Contemporary Resort! This conference has been rescheduled for June 22nd-24th due to COVID-19. Security Weekly listeners still save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
prestitial ad