7MS #464: Interview with Christopher Fielder of Arctic Wolf
7 Minute Security22 Huhti 2021

7MS #464: Interview with Christopher Fielder of Arctic Wolf

Today our friend Christopher Fielder of Arctic Wolf joins us on the show again (check out his first appearance in episode #444 - this time to talk about the security journey, and how to start out in your "security diapers" and mature towards a stronger infosec program. Specifically, we talk about:

  • When the company has one person in charge of IT/security, how can you start taking security seriously without burning this person out? First, it's probably a good idea to take note of what you have as far as people, tools and technology to help you meet your security goals.

  • Early in this process, you should inventory what you have (see CIS controls) so you know what you need to protect. A few tools to help you get started:

  • As you go about any phase of your security journey, don't ever think "I'm good, I'm secure!"

  • Quarterly/yearly vulnerability scans just won't cut it in today's threat landscape - especially your external network. Consider scanning it nightly to catch show-stoppers like Hafnium early)

  • Limiting administrative privileges is SUPER important - but don't take our word for it, check out this report from Beyond Trust for some important stats like "...enforcing least privilege and removing admin rights eliminates 56% of critical Microsoft vulnerabilities."

  • Install LAPS, because if an attacker gets local admin access everywhere, that's in many ways just as good as Domain Admin!

  • Train your users on relevant security topics. Then train them again. Then....again. And after that? Again.

  • There are many ways to conduct tabletop exercises. They don't have to be crazy technical. Start with the internal tech teams, practice some scenarios and get everybody loosened up. Then add the executives to those meetings so that everybody is more at ease.

  • How do you know when it's time to ask for help from an outside security resource?

  • Not sure what kind of shape your company's security posture is in? Check out Arctic Wolf's free security maturity assessment.

Jaksot(709)

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

7MS #677: That One Time I Was a Victim of a Supply Chain Attack

Hi everybody. Today I take it easy (because my brain is friend from the short week) to tell you about the time I think my HP laptop was compromised at the factory!

30 Touko 202513min

7MS #676: Tales of Pentest Pwnage – Part 72

7MS #676: Tales of Pentest Pwnage – Part 72

Today's fun tale of pentest pwnage discuss an attack path that would, in my opinion, probably be impossible to detect…until it's too late.

27 Touko 202559min

7MS #675: Pentesting GOAD – Part 2

7MS #675: Pentesting GOAD – Part 2

Hey friends! Today Joe "The Machine" Skeen and I tackled GOAD (Game of Active Directory) again – this time covering: SQL link abuse between two domains Forging inter-realm TGTs to conquer the coveted sevenkingdoms.local! Join us next month when we aim to overtake essos.local, which will make us rulers over all realms!

16 Touko 202531min

7MS #674: Tales of Pentest Pwnage – Part 71

7MS #674: Tales of Pentest Pwnage – Part 71

Today's tale of pentest pwnage is another great one! We talk about: The SPNless RBCD attack (covered in more detail in this episode) Importance of looking at all "branches" of outbound permissions that your user has in BloodHound This devilishly effective MSOL-account-stealing PowerShell script (obfuscate it first!) A personal update on my frustration with ringing in my ears

9 Touko 202549min

7MS #673: ProxmoxRox

7MS #673: ProxmoxRox

Today we're excited to release ProxmoxRox – a repo of info and scripts to help you quickly spin up Ubuntu and Windows VMs. Also, some important news items: 7MinSec.club in-person meeting is happening Wednesday, May 14! More details here. We did our second Tuesday TOOLSday this week and showed you some local privesc techniques when you have local admin on an endpoint

3 Touko 202530min

7MS #672: Tales of Pentest Pwnage – Part 70

7MS #672: Tales of Pentest Pwnage – Part 70

Today's a fun tale of pentest pwnage where we leveraged a WinRM service ticket in combination with the shadow credentials attack, then connected to an important system using evil-winrm and make our getaway with some privileged Kerberos TGTs! I also share an (intentionally) vague story about a personal struggle I could use your thoughts/prayers/vibes with.

25 Huhti 202555min

7MS #671: Pentesting GOAD

7MS #671: Pentesting GOAD

Hello! This week Joe "The Machine" Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory). In part one we covered: Checking for null session enumeration on domain controllers Enumerating systems with and without SMB signing Scraping AD user account descriptions Capturing hashes using Responder Cracking hashes with Hashcat

18 Huhti 202525min

7MS #670: Adventures in Self-Hosting Security Services

7MS #670: Adventures in Self-Hosting Security Services

Hi friends, today I'm kicking off a series talking about the good/bad/ugly of hosting security services. Today I talk specifically about transfer.zip. By self-hosting your own instance of transfer.zip, you can send and receive HUGE files that are end-to-end encrypted using WebRTC. Sweet! I also supplemented today's episode with a short live video over at 7MinSec.club.

11 Huhti 202536min

Suosittua kategoriassa Politiikka ja uutiset

aikalisa
tervo-halme
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
politiikan-puskaradio
rss-kuka-mina-olen
rss-podme-livebox
et-sa-noin-voi-sanoo-esittaa
otetaan-yhdet
rss-vaalirankkurit-podcast
rikosmyytit
viisupodi
rss-hyvaa-huomenta-bryssel
rss-merja-mahkan-rahat
lotta-paakkunainen
rss-aijat-hopottaa-podcast
rss-se-avun-kysymyspodcast
rss-50100-podcast
rss-raha-talous-ja-politiikka
rss-tasta-on-kyse-ivan-puopolo-verkkouutiset