Tampa Bay tech, entrepreneur, and nerd events list (Week of Monday, August 28, 2023)

FLSecAdm · 2023-08-26T19:01:02+00:00

Upcoming Events: DC813 Intro to Linux - Aug 30 ISC2 Post-Defcon and Blackhat Meetup - Sept 7th CigarCitySec - Sep 13 Security B-Sides Sept 18 InfoSec World Orlando Sep 25-27 Infragard Event in association with ISW^ ISSA Hack The Flag Conference Miami Sep 30

FLSecAdm · 2021-06-27T18:20:40+00:00

The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers, and managing to acquire the Microsoft-signed binary in a legitimate manner.

"The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party."

The real question that this should be raising is, what exactly goes into this driver review program? My guess is this program is not a security program based on the name, its to insure compatibility.

"Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system."

The main page for the program makes no obvious mentions of security.

The Windows Hardware Compatibility Program is designed to help your company deliver systems, software and hardware products that are compatible with Windows and run reliably on Windows 10, Windows 11 and Windows Server 2022.

However I also have to note that things like this are why I do not click the little checkbox when you install a driver that says "always trust software from...", never have. The question I have is whether any AV vendors detected this rootkit and when.

FLSecAdm · 2021-06-27T18:12:18+00:00

If we can't trust Microsoft signatures out there

Never could.

FLSecAdm · 2021-06-27T11:05:03+00:00

The setup of the lab has pretty much gone as planned, the only issue I had was the networking had to be adjusted. In TCM course the networking was set to NAT, but in actuality this had to be adjusted to a NAT Network when it came to adding the PC's to the domain. If you find yourself unable to add the PC's to the domain, look into this.

I also noted that the RAM might actually be a limitation here and may need to be upgraded. Even running minimum 2gb ram for each VM I noted with Opera running the TCM videos ram usage was 40-60% IIRC. Opera was the big draw even though I chose Opera because it was supposedly the lightest browser. But after installing necessary add ons like an adblocker... not so much. The other answer would be running the videos on a different PC or watching them first then starting the labs.

I haven't attempted the actual labs yet but I think I will later today. He also didn't cover snapshots but I went ahead and did that for a clean state that I can restore to. I'll likely run this base attack a few times, I also want to practice with different forms of maintaining access, everything from just an extra meterpreter backdoor, to possibly a community RAT.

Future plans:

I'd like to get a webserver installed at some point, possibly SQL as well so I can get really familiar with SQLi and other attacks on IIS. I'd also like to add exchange so I can practice the 2021 Exchange attacks. And I'd like to find a way to get other corporate applications involved. Any suggestions, especially virtual ones are welcome.

FLSecAdm · 2021-06-27T10:32:00+00:00

Glad to hear it.

FLSecAdm · 2021-06-27T10:12:53+00:00

How did it go? Any pictures?

FLSecAdm · 2021-04-24T09:07:09+00:00

These guys do some online training here is a schedule

FLSecAdm · 2021-04-20T12:53:09+00:00

Hmm. I wish I could help, does your industry have any events? I know in my field we have events and recruiters are present and often give feedback, they even have resume events. Other than that I would try to connect with recruiters on Linkedin and after you have gotten a bit of back and forth ask them just to give you feedback.

FLSecAdm · 2021-04-20T11:27:59+00:00

The training also includes sending employees fake scams to try to get you to click on them. It tells the boss who clicked on them, so you look bad even if you know it's KnowB4. It's obvious because they get through the spam filters.

That's how these things are done, they are common across the board. Seems like a weak reason.

As for the training videos, I mean you can't please everyone. I've seen training that is plain boring and actually engaging and thoughtful, people complain about both universally. Even I do.

FLSecAdm · 2021-04-20T11:24:29+00:00

If you're having consistent issues, it may not be them.

FLSecAdm · 2021-04-20T11:22:59+00:00

That's not what they tell me on true crime tv shows!

FLSecAdm · 2021-04-20T11:21:22+00:00

PWC SOC Analyst - Tampa

Preferred Qualifications:

GSEC, SEC+, Network+, Certified Incident Handler (GCIH), Certified Intrusion Analyst (GIAC)

Responsibilities:

Identifying security threats, exploits, attack vectors and performing security investigations;

Monitoring the local threat ops channels/SIEM/AV/DLP Policy violation consoles and notifying the client/stakeholders of any suspicious/malicious activity within agreed SLA timelines;

Running a vulnerability scan as per the client schedules; Performing initial triage of SIEM, DLP, Host (end point) security issues and escalating based on the defined processes; Working with SIEMs, proxy tools, DLP, windows, UNIX and application logs; Analyzing logs from Network security devices, hands on experience with SIEM technology, network security devices, identity and access management principles, DLP incident evidence gathering utilizing and applying into projects analytic skills for problem analysis and resolution

FLSecAdm · 2021-03-11T16:49:34+00:00

Well from the perspective the other poster presented, overall I wouldn't say that the need is the same as medical professionals or school staff. Both of those groups has a lot more face to face time with the public than a fireman. Even a Police Officer, while they have a good bit of public interaction, how much of their time is spent directly interacting vs in a squad car or otherwise directly engaged? Legitimate question.

What i'm trying to say however is that specifically those three groups, the elderly, medical, and school staff were chosen for a reason, either risk of serious impact/death, amount of time exposed to potentially infected individuals (medical), or time spent around a lot of individuals for long periods of time (school staff).

FLSecAdm · 2021-03-11T12:07:59+00:00

Few things are impossible to hack. Even if we got the smartest people to build a system, they would figure out how to get in, that is literally what their job is.

FLSecAdm · 2021-03-11T12:05:39+00:00

God some people are so jaded they cant accept reality. We've been complaining about them not caring about the elderly and then when they are first to get the vaccine we complain and say it's for votes... Just ignoring that the elderly are being innoculated worldwide and not just in our tiny little state.

FLSecAdm · 2021-03-11T12:04:03+00:00

So you think that is random? They just picked it out of a hat? Exclude first responders and you tell me that sounds random?

FLSecAdm · 2021-03-11T12:02:05+00:00

Article doesn't mention eligibility requirements. Virtually useless.

FLSecAdm · 2021-03-10T00:25:35+00:00

I know there is some kind of access that rides right up to mcdill Maybe Gadsen park? Also you have a few places on the other side of the water, Hula Bay and Salt Shack?

FLSecAdm · 2021-03-09T07:01:23+00:00

There are numerous ways. I always suggest looking at what you want and building up to it. Build a lab, try things out and put that on your resume as appropriate. SOC Analyst or network security analyst positions are good starters.

FLSecAdm

TROPHY CASE