Ephemeral Security

CoverArt: Created by Broast (https://broast.org), original idea by LampGold.

--

AOL Underground Podcast

Follow us on twitter - @AOLUnderground @brakertech

Merch - https://www.redbubble.com/people/AOL-Underground/shop

Donate - https://www.buymeacoffee.com/AOLUnderground

Contact the Host - https://aolunderground.com/contact-host/

Reconnect with old AOLers -

CoverArt: Created by Broast (https://broast.org), original idea by LampGold.

--

Ryan Chapman

Follow Ryan on Twitter - @rj_chap

Ryan's Blog - https://incidentresponse.training/

Author of SANS FOR528 "Ransomware for Incident Responders" - for528.com/course

Instructor of SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques  - https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/

Part of the @CactusCon crew - https://www.cactuscon.com/

--

AOL Underground Podcast

Follow us on twitter - @AOLUnderground @brakertech

Merch - https://www.redbubble.com/people/AOL-Underground/shop

Donate - https://www.buymeacoffee.com/AOLUnderground

Contact the Host - https://aolunderground.com/contact-host/

Reconnect with old AOLers -

Sandeep Lahane - https://www.linkedin.com/in/sandeep-lahane-b9520a4/

Deepfence - https://deepfence.io/

Review of Deepfence's sandbox environment - https://brakertech.com/deepfence-cloud-native-workload-protection-for-infosec-pros/

Links:

Podcast Website: https://ephemeralsecuritypodcast.com

Blog: https://brakertech.com

Github: https://github.com/ssstonebraker

Social:

LinkedIn: https://www.linkedin.com/in/stevestonebraker

Twitter: https://twitter.com/brakertech

Credits:

Intro music by Margo Stonebraker

Chat with Ryan Fried about being and adjunct professor in the Cyber Security space, being a virtual CISO and talking to executives, purple teaming, true positive security incidents, validating your controls and what you think you know, and Atomic Red Team. 

Episode Show Notes:

Ryan Fried - https://www.linkedin.com/in/ryan-fried-65747938/

Atomic Red Team - https://github.com/redcanaryco/atomic-red-team

Bloodhound - https://github.com/BloodHoundAD/BloodHound

Checkov - https://www.checkov.io/

Links:

Podcast Website: https://ephemeralsecuritypodcast.com

Blog: https://brakertech.com

Github: https://github.com/ssstonebraker

Social:

LinkedIn: https://www.linkedin.com/in/stevestonebraker

Twitter: https://twitter.com/brakertech

Credits:

Podcast edited and mastered by Charlie Clark, https://www.fiverr.com/chuckaudio

Intro music by Margo Stonebraker

Athena Security focuses on Entryway Security - https://www.athena-security.com/

Guests

Michael Green, CEO and Co-Founder

Lisa Falzone, President and Co-Founder

Show Notes

https://ephemeralsecuritypodcast.com/athena-security/

Podcast edited and mastered by Charlie Clark, https://www.fiverr.com/chuckaudio

Intro music by Margo Stonebraker 

LinkedIn: https://www.linkedin.com/in/ethan-heilman-39896934/

Twitter: https://twitter.com/Ethan_Heilman 

//Show Notes//

BastionZero's website - https://www.bastionzero.com/ 

Video on how multiple MFA works with Bastion Zero - https://brakertech.com/aws-systems-manager-session-manager-on-steroids/

Podcast edited and mastered by Charlie Clark, https://www.fiverr.com/chuckaudio

Intro music by Margo Stonebraker 

//Chapter Timestamps// 

00:00:41 Meet Ethan Heilman 

00:01:10 When did you first use a computer? 

00:01:29 How did you get into Information Security 

00:02:42 Crypto Company to Bastion Zero 

00:05:08 Multiparty Computation 

00:06:07 Certificate Authorities 

00:08:13 AWS PrivateLink/VPC Endpoints 

00:10:38 How does Bastion Zero Work? 

00:14:55 Shared Responsibility 

00:16:50 Dynamic Targets 

00:19:46 What does the term "Zero Trust" mean to you? 

00:21:01 Proxying HTTP 

00:23:17 SELinux 

00:23:45 Privileged Access Management 

00:27:35 AWS Root Account 

00:33:26 Separate Admin Accounts 

00:36:12 API Keys 

00:40:58 Response for product in the wild? 

00:45:11 Stopping Ransomware 

00:52:26 Phishing 01:01:21 Modifying Linux Pluggable Authentication Module 01:06:18 Goodbye

Chat with @DevinCasadey, Managing Principal / Global Red Team Lead. Devin's

Certifications: OSCE3 (OSWE, OSEP, OSED), OSCP, OSCE, OSEE, OSWP, eCTHP, GCPN 

Devin can be found at:

Hack the Box: https://www.hackthebox.eu/profile/28293

HTB & CTF Team: https://www.hackthebox.eu/teams/profile/1685

Github: https://keramas.github.io/about.html

LinkedIn: https://www.linkedin.com/in/devin-casadey-198117b/

Twitter: https://twitter.com/DevinCasadey 

Show Notes 

Don't Roll Your Own: Devin's Writeup for how he decoded the database (referenced in the episode) - https://keramas.github.io/2022/05/03/dont-roll-your-own.html

EvilGinx: Man in the Middle Two Factor Auth - https://github.com/kgretzky/evilginx2 

Chapter Timestamps

01:09 -- Why are you passionate about Infosec?

02:17 -- First use a computer?

05:31 -- What are you doing now?

06:16 -- Best way to hone skills?

07:54 -- Difference between Redteaming and Pentesting 09:12 -- Are Pentesters ever asked to emulate APTs?

11:51 -- Do you test different EDR Vendors?

16:18 -- Test Scenario 17:42 -- Do you have to write custom exploits for engagements?

23:31 -- Do you tell vendors you can bypass their EDR product?

26:02 -- Trying to get caught by Security Team 27:21 -- What can customers do to get the most out of a pentesitng engagement?

32:09 -- Pentest Client Behavior 35:56 -- Linux Boxes 37:11 -- Windows Security 40:30 -- Found Machine Already Compromised?

41:44 -- Pentest Planning

43:46 -- Memorable Engagements

47:07 -- Zero Trust

53:44 -- Initial Point of Entry

58:55 -- Okta Breach

01:01:27 -- Triple MFA

01:02:53 -- Avoid Burnout?

01:05:00 -- Joining a Redteam

01:09:44 -- Any Passion Projects?

01:10:21 -- Goodbye

Links:

Podcast Website: https://ephemeralsecuritypodcast.com

Blog: https://brakertech.com

Github: https://github.com/ssstonebraker

Social:

LinkedIn: https://www.linkedin.com/in/stevestonebraker

Twitter: https://twitter.com/brakertech