A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Finn Foulds-Cook: Senior Penetration Tester at Volkis
00:00 - Intro
1:40 - The Engagement
4:45 - Windows Exploitation and Tooling
6:55 - ADCS, Coerced Auth, and Certs!
11:10 - Domain Controller Takeover
13:20 - Abusing DC Sync and EDR
15:55 - From DA to Azure
18:00 - Disabling your fancy EDR
19:30 - Escalating to Azure Global Admin
21:10 - Everything hacked, now what?
22:03 - Enumerating SCADA
24:31 - From SCADA to DEATH
27:44 - How do we fix all of this?
30:01 - Important security insights
31:47 - Message to Security / IT teams
33:36 - Outro
What happens when an American computer science student studies abroad in China and decides to find out what the Chinese government is censoring? Learn about how he did it, and what he discovered on this episode of The Security Engineering Show.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Mitch Edwards: CEO at GrabbrApp
00:00 - Intro
1:16 - About Mitchell
4:12 - Chinese Yahoo Answers
6:00 - The Zhihu web scraper
9:10 - Analyzing the data
13:00 - Cat and mouse game
19:45 - Defense and iterations
21:35 - Threat Intel on the Dark Web
26:11 - Outro
Delve into the nitty-gritty of a company's two run-ins with the Lazarus Group. The first time, to clean up the mess they left behind, and the second, to stop them in their tracks after getting a telltale alert from the SEIM. This is the show for security engineers, by security engineers. Featuring Noah Stanford: CEO at 0pass Matt Toussain: Founder at Open Security 00:00 Intro 00:47 Lazarus Group Compromise #1: Negotiating ransomware payment 02:55 Lazarus Group Compromise #1: Their tactics and techniques 07:55 Lazarus Group Compromise #1: Bad practices that led to the first breach 10:43 Lazarus Group Compromise #1: Cleaning up the mess 15:38 SEIMs and how not to die the death of a thousand alerts 19:35 Lazarus Compromise #2: Intro 24:18 Lazarus Compromise #2: We're going to "hurt your billable rate" 27:38 Lazarus Compromise #2: How they gained access and what they did 33:27 Lazarus Compromise #2: Reverse engineering the malware 36:24 Lazarus Compromise #2: Hacking back and the FBI 45:10 Working in Private Sector vs US Gov 48:34 Outro advice
This story is about a security engineer who hijacked the most important web page on the internet as part of a capture the flag challenge. While I can't tell you which exact page or company this happened at, you definitely know it and most likely use it every day in your business and personal life. Ian talks about how he found This is the show for security engineers, by security engineers. Featuring: Noah Stanford: CEO at 0pass, formerly AWS and SpaceX Ian Pudney: Head of Engineering at 0pass, formerly at Google and Facebook
"Oh the places you'll find malware" brings surprising stories of infections and security incidents. Michael Grube, formerly a security engineer at SpaceX and now a vulnerability researcher at an employer we won't disclose, tells the stories about how he found malware in a Hadoop cluster, on a water jet machine (bought straight from the manufacturer), and in an Active Directory environment. We talk about the tricks that threat actors used to cover their tracks and how they were exposed.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford, CEO at 0pass: https://www.linkedin.com/in/pwned/
Michael Grube: Vulnerability Researcher and Security Engineer
