My take - RVASec is really turning into a great conference. Each year the team adds a little something to improve it. @mikko Mikko Hypponen gave the keynote, and as expected it was very informative, and had plenty of humor as well. I saw some great talks, @danielhbohannon did one on Invoke-CradleCrafer, which stood out to me. I also enjoyed the Managing Crowdsourced Security Testing talk that @CodexWebSecurum (Mike Shema) gave.
My take - Irfan Shakeel over on the Alienvault blog shows step by step how to fire up a kali image in aws under the free tier. This is faster than fiddling with your router settings, and safer too. “Configuring Kali Linux on Amazon AWS Cloud for free …The best possible way to accomplish your objective is to host Kali Linux in the cloud, where the vendor manages the network and server, so you can focus on your pentesting.
I’ve updated the site. So, look, the old site was a ton of work to manage, and I don’t even think my mom was reading it. At any rate, I recently saw a few mentions of Hugo. I finally took the time to dig into it, and I really like the way it works. Basically, it is a static site generator. No more php. No more fiddly cms to deal with.
My take - Google is spinning up their CTF again this year. I found it interesting that of the 2,400 teams that competed last year, 1,500 were unable to solve a single challenge. From the article: “Announcing Google Capture the Flag 2017 On 00:00:01 UTC of June 17th and 18th, 2017 we’ll be hosting the online qualification round of our second annual Capture The Flag (CTF) competition. In a ‘Capture the Flag’ competition we create security challenges and puzzles in which contestants can earn points for solving them…”
My take - FINALLY a security policy that actually addresses an actionable and truly important effort. From the article: “POLICY ON FOOD PROVISIONING AT MEETINGS RATIONALE Experts and decades of research have confirmed the importance of proper nutrition and hydration in promoting cognitive function. Therefore, it is the policy of the Information Security Office that all meetings must include adequate nourishment for each participant…” Credit: Like 25 people posted it in my twitter feed.
My take - Rob at Errata Sec did a concise job of showing how to use sysmon to track down a weird pop-up. This one came from MS Office update. He uses the @SwiftonSecurity sysmon-config that I posted about recently. From the article: “How to track that annoying pop-up In a recent update to their Office suite on Windows, Microsoft made a mistake where every hour, for a fraction of a second, a black window pops up on the screen.
My take - @hackwithgithub is posting an updated list of GitHub repositories as they are uploaded based on the tools that are being featured in the Blackhat Arsenal. “Black Hat Arsenal USA 2017 On June 1, 2017 @toolswatch announced the tools selected for Black Hat Arsenal USA 2017. Most of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories.
My take - @SwiftonSecurity released a config file for sysmon to help cut through the clutter. There is a steep learning curve with sysmon, so I wouldn’t recommend blindly applying this, but it definitely is a good starting point. I’ve also included a link below to Lennart Koopmann’s take on the config, which explains it a little more. From the article: “sysmon-config | A Sysmon configuration file for everybody to fork This is a Microsoft Sysinternals Sysmon configuration file template with default high-quality event tracing.
My take - @MarkRussinovich did a very good presentation at RSAC covering the use of Sysmon to hunt hackers on your network. From the article: “Windows Forensic Monitoring Limitations - When attackers or malware get on your network, you need to construct a timeline What was the entry point? Did it spread between systems? What happened on a particular system? Built-in Windows tooling make it hard to answer these questions: Limited information captured for process creates and DLL loading Network connection information simultaneously too limited and verbose No way to capture common attacker behavior (e.