Alright, the U.S. election season is over. Now we can all focus again, right?
Maybe, maybe not.
Before we get too far, I want to call your attention to an article I wrote last week titled “Good People Didn’t Vote For Your Guy“. Healing and unity are long overdue in our country. I’m hoping we will find our way back to being countrymen/women working together for our common good. I’m also hoping that our elected officials don’t steal this opportunity for thier own selfish gain.
OK, now back to work…
Last week on the UNSECURITY Podcast, episode 104, we talked with a good friend Richie Breathe about the security industry’s perceived stigma against healthy stuff. It was a great episode and a real pleasure spending time with such a cool guy. If you missed the episode, go give it a listen.
Also last week, Ryan Cloutier, Chris Roberts, and myself had a GREAT time chatting on the Security Shit Show. Our topic was “Seven Ways Security Can Improve Your Sex Life“. Chris found a “Fitbit for your man bits” online, and the conversation went on from there. Lots of fun!
Plenty of businessy stuff went on last week as well, including a half dozen (or so) partnership discussions with some great organizations. Things continue to hum along, so watch for announcements from FRSecure and SecurityStudio in the coming weeks.
On to the show!
Episode 105 Topic and Special Guest
FRSecure’s Director of Technical Solutions and Services, Oscar Minks is joining us on the show again this week. For those who don’t know Oscar, he’s the awesome leader of FRSecure’s Team Ambush and an all around incredible guy. We’ll ask him to tell us who Team Ambush is on the show, but these are essentially the people who do all (or at least most) things technical at FRSecure, including penetration testing, red/blue/purple teaming, incident response, CTF competitions, exploit development and training, etc. Seriously an INCREDIBLE team!
We’ve got Oscar on this week to talk primarily about what TO DO, and what NOT TO DO during an incident response. In the last few months, we’ve seen a significant increase in the number of reported incidents, and we’ve seen too many people make mistakes. Don’t get us wrong, there are people who do things right, but sadly this is too rare.
Should a great talk!
Let’s get on to the notes…
Brad’s leading the discussion today, and these are his notes.
SHOW NOTES – Episode 105
Date: Tuesday November 10th, 2020
Episode 105 Topics
- Opening
- Catching Up
- What’s new?
- How 4th quarter got you going? 😉
- Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response
- First, tell us about “Team Ambush”
- Recent Incidents/Stories
- Top things to do
- Top things NOT to do (examples)
- What’s next for Team Ambush?
- News
- Wrapping Up – Shout outs
Opening
[Brad] Welcome back! This is episode 105 of the UNSECURITY Podcast, and I’m your host this week, Brad Nigh. Today is November 10th, and joining me this morning as usual is Evan Francen.
[Evan] Talks about mindfulness after the last three shows…
[Brad] We have Oscar Minks with us today. Good morning Oscar.
[Oscar] Says a few things in his sweet southern drawl…
[Brad] As is tradition, let’s catch up with what happened over the last week.
[Evan] The weather was really nice this weekend, so I think Evan got in a good ride (or two).
Quick Catchup
Brad, Evan, and Oscar do a little friendly catching up…
NOTE: We know this isn’t specifically security-related, but security folks gotta have a life too, right?
Transition
Special Guest Oscar Minks – What TO DO, and what NOT TO DO during an incident response
[Brad] Okay so it’s no surprise that IR work is keeping us busy, the report from DHS and Secret Service around healthcare is proof of that. I thought it would be a good discussion today to talk about what are some do’s and don’ts when working with an IR firm, which is why Oscar is joining us this morning.
Open discussion points:
- Tell us about “Team Ambush”
- Recent Incidents/Stories
- Top things to do
- Top things NOT to do (examples)
- What’s next for Team Ambush?
Begin Discussion
[Brad] Great discussion. Here are some news stories.
News
[Brad] Always plenty of interesting things going on in our industry. Here’s a few stories that caught my attention recently:
- Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched – https://threatpost.com/cisco-zero-day-anyconnect-secure-patch/160988/
- Campari Group on the Rocks After Ransomware Attack – https://www.infosecurity-magazine.com/news/campari-group-rocks-after/
- Hackers Attacking WebLogic Servers via CVE-2020–14882 Flaw to install Cobalt Strike Malware – https://gbhackers.com/weblogic-servers-flaw/
Wrapping Up – Shout outs
[Brad] That’s it for episode 105. Thank you Evan and Oscar, do you have any shout outs this week?
[Evan] We’ll see…
[Oscar] We’ll see…
[Brad] Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen and Brad’s @BradNigh.
Lastly, be sure to follow SecurityStudio (@studiosecurity) and FRSecure (@FRSecure) for more things we do when we do what we do.
That’s it! Talk to you all again next week!