Training:
SANS Hosted Series Orlando: Offensive Countermeasures
Sponsored By:
Follow Us On:
In this episode we talk about shoes.. And the people who have weird alligator shoe hangups. We also talk about insider attacks and more Offensive Countermeasures goodness.
Links for this Episode:
HD Moore on Metasploit new features and changes and other cool stuff:
Dave Kennedy and SET - The Social Engineering Toolkit (And Derbycon stuff):
Drunken Security News Weekly - #274:
Episode 274 - Part 1 - Direct Audio Download
Episode 274 - Part 2 - Direct Audio Download
Episode Hosts:
Tune in to PaulDotCom Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:
Tonight, we present The Wunderkind Edition of PaulDotCom Security Weekly. Episode 274 features a special interview with prodigy HD Moore and a segment on the next iteration of the Social Engineering Toolkit from the Baby Faced CIO, Dave "Rel1k" Kennedy.
Participate in our IRC channel or sit back and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
Framing in Social Engineering - Chris Hadnagy:
Building Your Own pfSense Wireless Access Point:
Drunken Security News Weekly - #273:
Episode 273 - Part 1 - Direct Audio Download
Episode 273 - Part 2 - Direct Audio Download
Episode Hosts:
Tune in to PaulDotCom Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:
In this episode we talk about Symantec, Source Code and good places to eat in Park City.
Links for this Episode:
2011 was a busy year for the Security Onion project and its owner Doug Burks. I just did a quick count of the releases on SourceForge and came up with a total of 32 for 2011! A number of these were bug fixes or application upgrades, but there were quite a few new apps added as well. One of these was Snorby which arrived just in time for Christmas.
I've been using Sguil for quite some time to monitor my Snort boxes, but Snorby is fairly new to me. So I did an update of Security Onion and started checking it out. First impression was how easy it was to see what was happening over time, at least in volume of events. You are taken to the dashboard after logging in and are immediately presented with counts of your high, medium, and low severity events. Underneath each of those counts are bar charts displaying the frequency of those events over the last 24 hours. In the screen shot below, you can see that there were 3 peaks for high severity issues and get a feel for when they occurred. Beneath that is a line chart of the events for the same period of time.
Why does that stand out to me? Well, one of the things we learn in incident response is to watch for things outside the norm in the environment. What looks normal and what stands out as an outlier? While this information is limited to just event counts and their severity, I can still see how things are trending over time. And with just a few clicks, I can see that for the last 24 hours, today, yesterday, the week, month, quarter or year. So how do my IDS events look right now when compared to the volume of last week or a month ago? Am I trending up or down? Anyhow, I thought this was very cool.
From there I started working with looking at individual events. Snorby allows us to look at the event, the payload of the offending traffic, examine the rule that fired the alert, add notes to the alert and perform classification on what was attempted. All in all, Snorby provides good information and is easy to work with. And this is just one of the applications in Security Onion. I've used Snort and Sguil for a long time and they're a major part of Security Onion as well. And there is still a long list of other network security monitoring applications to work with. The really cool thing about Security Onion is how easy it is to setup and deploy. Install the OS on a system, launch the setup application and in a few minutes you are looking at traffic and doing analysis. Updates are easy to apply to both the OS and our NSM applications. The ease of installation and maintenance is a major plus, particularly as Doug keeps rolling out new enhancements at the rate he has been.
All this for the price of a little time and either a virtual machine or some hardware. So take a quick look and give the Security Onion a test drive. Security Onion is also up for the 2011 Toolsmith Tool of the year, so if you like it, consider giving it a vote.
http://securityonion.blogspot.com/
http://holisticinfosec.blogspot.com/2011/12/choose-2011-toolsmith-tool-of-year.html
Kudos to Doug Burks for his work on Security Onion and to Dustin Webber for his work on Snorby.
Thursday night, Episode 273 of PaulDotCom Security Weekly features a special Guest Technical Segment from author, podcaster and trainer Chris "LoganWHD" Hadnagy from the Social-Engineer.org website. Chris will give us a glimpse into his upcoming class on Social Engineering via an introduction and discussion on framing.
Participate in our IRC channel or sit back and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!
Bruce Schneier comes on the show to discuss security, privacy, and his new book "Liars and Outliers":
Robin "Digininja" Wood talks about "zonetransfer.me":
Drunken Security News Segment (Cut short due to Ustream problems):
Episode 272 - Part 1 - Direct Audio Download
Episode 272 - Part 2 - Direct Audio Download
Episode Hosts:
Tune in to PaulDotCom Security Weekly TV, Hack Naked TV, and Hack Naked At Night episodes on our Bliptv channel.
Video Feeds:
In this episode we talk about charity and how stealing is still a crime! We also discuss Strafor and Credit Card theft.
Links for this episode:
http://tinyurl.com/HNTVNAZI
http://tinyurl.com/HNTV-SAUDCREDIT
http://tinyurl.com/HNTV-STRAFOR-SORRY
http://tinyurl.com/HackNakedRobinDaHood
http://tinyurl.com/HNTV-OCM-ORA2012
We're starting off 2012 with a special interview. Join us Thursday night at 6PM ET for a discussion with author and cryptographer Bruce Schneier on Episode 272 of PaulDotCom Security Weekly!
Bruce will give us an overview of his soon to be released book entitled Liars and Outliers: Enabling the Trust that Society Needs to Thrive. His latest book tackles questions such as "How does society function when you can't trust everyone?" and promises to give a better understanding of the mechanisms of trust in societal relationships.
Participate in our IRC channel or sit back and enjoy it live via the link below:
NOTE: The video will play the most recent show up until we are live!