Training

• BHIS had a Webinar on New and Imroved Ransomware on 3/1. I haven’t seen the link for the slides/recording, but here are a few key points:

  • Be careful of ransomware/hack FUD. Some of the latest vehicle hacks let attackers turn on heat or AC. News reports this as "Hackers pwn all cars and will drive you into a bridge abutment – OMG OMG! P.S. – here’s a great resource on bridge abutments.

• Naughty macros are not a new attack! But they work!

• Again, Internet and application whitelisting are a great idea!

• Bad guys are offering fixes for ransomware by providing links to…more ransomware! You could get double-encrypted – fun, fun, fun!

• Ransomware loves to: set persistence, nuke Volume Shadow Copies, encrypt files, find+mount+encrypt network shares.

• Run tools like Veil-Pillage and PowerView to see what your attackers can see.

• The FBI (specifically an agent at a recent conference) basically said, "Got ransomware? Pay the ransom." There are some tools that might help – try these first: Kaspersky Ransomware Detector, TeslaCrack, Recuva. Or, create an image of the encrypted data, then wait (maybe a few months). By that time, keys/cracks may have been developed for the ransomware that bit your HD.

• How to stop this crap? Internet whitelisting, services like OpenDNS, stop sharing C drive, Adblock plugins, backups that aren’t directly available (mapped network drives, \paths, etc.), URL filtering through Web proxy…oh, and SHUT OFF MACROS!

• Hyperion Gray, maker of Punkspider, has a nice CTF online as part of their Concise Courses course ($50). I’ve taken it in the past and it was great!

• Freecodecamp.com is an absolutely amazing coding resource for the swell price of free. I’m going to tackle it slowly, from start to finish – currently neck-deep in CSS and forms right now!

• Tim Tomes is teaching PWAPT again in April in Charleston. If you can make it I highly recommend going.

General News

• Apple had a victory in its fight with the FBI, and issued a response to the ruling. Here’s a nice quote from the judge:

"Ultimately, the question to be answered in this matter, and in others like it across the country, is not whether the government should be able to force Apple to help it unlock a specific device…[]…It is instead whether the All Writs Act resolves that issue and many others like it yet to come…I conclude that it does not."

• The DROWN attack is bad news. Disable SSLv2 if at all possible.

• Avecto has released their 2015 report on Microsoft vulnerabilities. You have to give them your email address to get the report, but read the next section on a nice "don’t give away your email address" trick.

• 85% of critical Microsoft vulns would be mitigated if user did not have admin rights

• 99.5% of IE vulns would be mitigated if user did not have admin rights

• 63% of ALL Microsoft vulns could be mitigated if user did not have admin rights

• ASUS will get 20 years of auditing due to sucky security practices in their routers. Long and short of it is almost all their security measures in their routers are easily dodged.

• PwnieExpress offers an Internet of Evil Things Report. The top 2016 IoT dangers include:

• Unauthorized, accidental and otherwise misconfigured access points

• BYOD and the personalization of corporate hardware

• Insecure, misconfigured and vulnerable IoT devices

Tools/Scripts

• Sharklasers.com gives you disposable email addresses that legitimately catch email…and then dispose of it after an hour.

• Holepuncher is a slick tool for punching holes in iptables in order to setup a listener for a revshell. Only thing to watch out for is it doesn’t seem to clean up after itself when the listening task is done.

• Lengthen.me takes any short URL and lengthens it. Try it now on http://bit.ly/7minsec!

Misc/Humor

• If you get a lighter jail sentence, be thankful! Don’t act like a jackass or your jackass self is likely to get thrown right back in the slammer.

• Kanye West wants to destroy the Pirate Bay…that is, unless he needs to use it.

• Windows 10 now shows ads on your lockscreen (uh, of course that was going to happen eventually) so feel free to turn them off.