Feb 14, 2018
Discussion of Ms. Berlin's course
RTF malware MS Office
A Phishing story...
Mobile Supply Chain Security
CMS Supply Chain Security
Ms. Berlin’s course - recap of 2nd session
Brakeing Down IR -date?
Any malware of note?
Upgrade your Office! Just double-clicked, used rtf and document never opened, just the script ran.
Supply chain isn’t just Hardware… software stacks abound and not followed
Wordpress plugins, CMS plugins/themes… not monitored, weakly secure
Keeping track is as important as asset management
Do you know what your CMS is running, plugin wise?
And if plugins aren’t bad enough, you have PHP to deal with
Buy plugins - you get what you pay for
Check what support you get (always a good idea)
Require reviews for new plugins, and old ones, esp if they haven’t updated in a while
Are they still maintained? (abandonware bad)
New owners? (many plugins and apps get bought and then start changing permissions, or worse, serving malware)
Vulnerable Extensions list - https://vel.joomla.org/live-vel
Wordpress - WPScan https://wpvulndb.com/plugins
Adversary generation systems
Quickly building Redteam Infrastructure
#Youtube Channel: http://www.youtube.com/c/BDSPodcast
#iTunes Store Link: https://brakesec.com/BDSiTunes
#Google Play Store: https://brakesec.com/BDS-GooglePlay
Our main site: https://brakesec.com/bdswebsite
Join our #Slack Channel! Email us at firstname.lastname@example.org
or DM us on Twitter @brakesec
#iHeartRadio App: https://brakesec.com/iHeartBrakesec
Comments, Questions, Feedback: email@example.com
Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon
#Player.FM : https://brakesec.com/BDS-PlayerFM
#Stitcher Network: https://brakesec.com/BrakeSecStitcher
#TuneIn Radio App: https://brakesec.com/TuneInBrakesec