It's a madhouse this week! We invited Ben Donnelly (@zaeyx) back to discuss a new software framework he's crafted, called #MAD Active Defense. Ben wants to make Active Defense simple enough for even the busiest blue teamer.
The interface takes it design from other well known #software frameworks, namely #Metasploit, #REcon-ng, and even a bit of #SET, he said.
We even did a quick demo of MAD, discussed the tenets of #Active #Defense, and talked about a little skunkworks project of Ben's that you will find enjoyable.
Promethean Security MAD GitHub: https://github.com/PrometheanInfoSec/MAD
Demo Video (~110MB): http://traffic.libsyn.com/brakeingsecurity/MAD_Ben_edited.mkv
Backup Demo Download (gDrive) site (~110MB): https://goo.gl/FtWlCM
Check us out using the TuneIn App!: http://tunein.com/radio/
#activeDefense #blueTeam #intrusionDefense #benDonnelly
WMI (Windows Management Instrumentation) has been a part of the Windows Operating system since Windows 95. With it, you can make queries about information on hosts, locally and even remotely.
Why are we talking about it? It's use in the enterprise and by admins is rarely used, but it's use in moving laterally by bad actors is growing in it's use. It's highly versatile, able to be scripted, and can even be used to cause triggers for when other programs run on a system.
Mr. Boettcher and I sit down and discuss the functions of #WMI, it's history, what classes and objects are, and ways you can leverage WMI to make your admins job much easier.
#assetmanagement #remotemanagement #wbem #wmi #windows
DerbyCon WMI talk: http://www.irongeek.com/i.php?page=videos/derbycon5/break-me12-whymi-so-sexy-wmi-attacks-real-time-defense-and-advanced-forensic-analysis-matt-graeber-willi-ballenthin-claudiu-teodorescu
WMI documentation: https://msdn.microsoft.com/en-us/library/aa384642(v=vs.85).aspx
TuneIn podcast Link: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/
Just before #Derbycon, we invited Michael Gough (@hackerhurricane) to join us on the #podcast.
For the last 3-4 months, my co-host Brian and he were engaged in the creation of a software tool that would make #log #analysis of #windows systems quicker, and together they have achieved that with "Log-MD", short for Log Malicious Discovery.
For hosts infected with #Malware and #bots, they always leave a fingerprint of what they are doing behind. This software takes your system, configures it to get the maximum #logging output possible, then puts everything in a nice readable format, enabling you to filter out known good items, leaving you with bad items, or suspicious activity. This allows you to analyze #logfiles and find malware in less time than before. This will make #forensics of infected systems faster and more economical.
We do some discussion of #Log-MD, and then we have MIchael demo LOG-MD for us.
Video demo: https://youtu.be/0_J90sOVY8c
log-MD site: http://log-md.com/
In our last bit of Derbycon audio, I discussed DerbyCon experiences with Mr. Boettcher, Magen Wu (@tottenkoph), Haydn Johnson (@haydnjohnson), and Ganesh Ramakrishnan (@hyperrphysics). We find out what they liked, what they didn't like, and you get a lot of great information about packing for a con, things you can do to improve your convention going experience.
Hopefully, you'll hear the amount of fun we had, and find the time to go to a convention. There are literally hundreds, many only few hours by plane away. Some can be found in your own town or within driving distance.