Podcasts

Here it is – this week’s feature interview with Marisa Emerson! Marisa is a security researcher who did a great talk at BSides Canberra in March all about game cheating.

She was specifically talking about the cheating techniques PUBG gamers are using and just how advanced they are. The crazy thing is the cheaters here are rolling some pretty decent techniques. It’s reminiscent of the iPhone jailbreaking scene – a lot of good hackers who don’t know they’re good hackers.

Marisa is running a binary exploitation bootcamp in Brisbane that will have another session next semester. Details are here.

In this week’s weekly show we’re just going to drill in to the week’s extra long security news section with Adam Boileau then go straight to the sponsor interview. I’ve got a fantastic feature interview for you this week, but I’m going to publish it outside of the news show. It was either that or run stupidly long or cut too much from everything to make it all fit.

This week’s sponsor interview is a good one though. We’re chatting with the team behind DarkTrace. They make a machine learning-backed network monitor. A key different with this kit is it actually gets involved on the network. If it sees something it’s confident is attacker behaviour it will start spraying TCP resets to boot them off the network.

This is something the IPS systems of old used to do but it’s an approach that fell out of favour. We’ll find out why that approach was discarded and why it’s coming back, as well as generally discuss the role of machine learning in security with a company that has invested in it heavily. This isn’t a “for or against” interview segment. This is a discussion with one company that is getting value out of the approach, so stick around for that.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

On this week’s show we’re taking a look at some recent data out of Microsoft trumpeting its Defender antivirus install figures on Windows. They’ve got 18% market share on windows 7/9 and 50% on Win10.

For the AV and endpoint security industry Microsoft has always been the existential threat, but has the plane flown into the mountain already? We’ll speak with Securosis analyst and DisruptOps founder Rich Mogull about that in this week’s feature interview.

In this week’s sponsor interview we’re joined by the always entertaining Haroon Meer of Thinkst Canary. When we spoke Haroon had just wrapped up his first ever booth at the RSA conference. He’ll join us this week to tell us, surprisingly, that it was a really worthwhile exercise for Thinkst, but as you’ll hear he also thinks the broader industry can be a pack of dumbasses when it comes to actually marketing tech at events like RSA. If he becomes global ruler RSA booths will be gimmick-free and just show people product demos.

The show notes/news items are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

In this edition of Soap Box we’re chatting with Root9b. They’ve just launched an updated version of their ORION platform. And I guess the way you’d describe Root9b is as a threat hunt product maker and managed threat hunt provider. And their approach is a bit different – their software is agentless. They basically authenticate to a machine, inject various payloads into memory, and use that to pull back all sorts of telemetry from machines.

They say this means it’s much less likely that attackers will see them and they offer this as a product, ORION, or they offer it as a service. They say their managed services customers come to them because pretty unhappy with their MDR and MSSP providers and want better signalling.

So I was joined by John Harbaugh, COO of Root9b, and Mike Morris, CTO. Both of these guys were US Air Force cyberdudes before jumping out to the private sector. The company actually started off doing training before developing their platform ORION.

John and Mike joined me by Skype for this podcast. Enjoy!

This week’s Risky Business is kind of going back to its roots a bit. As much as we love talking about policy and the intersection of cyber security with global affairs, sometimes it pays to remember that computer security is actually about computers.

With that in mind this week we’ve got two fantastic interviews for you. We’ll be chatting with Dr. Silvio Cesare in this week’s feature interview. Silvio’s dusted off his bug hunting hat and he’s taken to Twitch-streaming his auditing sessions. Dave Aitel described watching Silvio’s Twitch stream as like seeing a Titan ransack a small Greek village. Five months, 100 bugs, 50 of them in kernel stuff.

He’s doing this for a couple of reasons – he wants to show people how it’s done, and he wants people to realise there are still lots of bugs out there to be found. We’ll chat to him about that in this week’s feature.

This week’s sponsor interview is with another old school hacker, Stephen Ridley. Stephen is the founder of Senrio, which is technically an IoT security play, but the thing is the tech he’s developed has turned out to be useful for all sorts of other stuff too.

Senrio is another one of those hacker-led startups in the spirit of Duo Security or Thinkst Canary. Stephen is a really well respected guy and this week he’s joining us to talk about a bunch of stuff. A lot of it is related to the unexpected uses for Senrio’s monitoring platform. He built a classifier for network-connected devices as a part of Senrio’s IoT security platform, and it turns out it’s actually running rings around a bunch of Enterprise Asset Management tools. People are actually using his IoT security monitoring solution to do asset management and figure out install gaps for their EDR solutions.

Totally not what he intended people to use it for, but hey, a win’s a win. So Stephen joins us this week to talk about that, also to talk about recent developments in the IoT space and really a bunch more stuff.

The show notes/links are below, and you can follow Adam or Patrick on Twitter if that’s your thing.

On this week’s show we hear from Jennifer Bisceglie, the CEO of Interos Solutions, a company that recently prepared a report on supply chain security for the US government’s US-China Economic and Security Review Commission. Risky Business contributor Brian Donohue caught up with Jennifer to talk about the report and really get an idea of what supply chain risks look like from a macro level. The long and the short of it is the supply chain is already very, very opaque, so governments and the private sector will have to work pretty hard to mitigate the risks involved here.

This week’s show is brought to you by Netsparker, the web application security scanning toolmaker. Netsparker was founded nine years ago by this week’s sponsor guest, Ferruh Mavituna. He was a pentester who created Netsparker to help him with his own work. But just recently they raised a bundle of cash: US$40m. We’ll catch up with him and find out if a webapp scanning company with $40m is like the mule with the spinning wheel. It certainly seems like Ferruh has some ambitious plans. We haven’t seen this sort of money being raised by comparable companies so it’s definitely interesting stuff.

In this week’s news we cover off:

• Mysterious BGP route hijacking for lame Ether theft (??)
• Google disabling domain fronting
• Canadian teen charged with downloading documents from a website
• City of Atlanta spending $2.6m to recover from its ransomware event
• RSA’s conference app fail
• White House chaos over Rob Joyce replacement (MAGA!!! MAGAAAAAA!!!!!)
• Much more

The show notes/links are below, and you can follow Adam, Brian or Patrick on Twitter if that’s your thing.

We’re still running in a trimmed down format this week, sorry about that. Regular listeners would know we’ve been dealing with some unexpected stuff over here in the house of Business, but the good news is things have settled down and we’re actually back home after more than three weeks away. Things are looking good for a return to a full format show either next week or the week after.

But don’t worry, there’s plenty of good stuff in this week’s news segment with Mark Piper, including:

• Russia blocking 15m cloud service IPs to shut down Telegram
• RU router hax: Are they a big deal?
• FBI’s “going dark” narrative questioned
• Rob Joyce departs White House
• ZTE in all sorts of trouble
• AND MOAR

This week’s show is brought to you by Cylance. Jim Walter of Cylance will be along in this week’s sponsor interview to talk about a couple of things – we’ll be looking at “fileless” malware – for what it’s worth it’s a term that we both hate – and we’ll also be talking about how complete amateurs are now able to run reasonably sophisticated malware campaigns these days thanks to the badware for hire business getting even more slick.

The show notes/links are below, and you can follow Pipes or Patrick on Twitter if that’s your thing.

Regular listeners would know Risky Business is just running the news and sponsor segments at the moment so there’s no feature interview in this week’s show. But that’s fine because we’ve got plenty to get through in the news segment with Adam Boileau.

Then we’ve got a killer sponsor interview for you this week with Nick Steele and James Barclay of Duo Security.

They’re here to talk about WebAuthn. It’s the new authentication spec currently going through the W3C process. Both Nick and James will be along later to talk about what the spec is designed to do, how it works and what its chances of becoming mainstream are, and spoiler alert, those chances are pretty good.

They’ve also provided me with some links for people out there who want to play around with Webauthn, they are below.

Links to all the news items are also below, and you can follow Patrick or Adam on Twitter if that floats your boat.

This week’s show is just the news segment and sponsor interview. But, as always, there’s plenty to discuss with our news guest Adam Boileau!

In this week’s sponsor interview we’ll be hearing from Timothy Keeler from Remediant.

Remediant is a small but growing company that does privileged account management stuff, but they’re not a password vault. Tim’s joining us this week to walk through some of the challenges of managing privileged access in devops environments and also to talk a bit about some of the challenges around single sign on and privilege management. It’s all good stuff, and it’s coming up after the news.

Links to all the news items are below, and you can follow Patrick or Adam on Twitter if that floats your boat.

This Soap Box edition is brought to you by ICEBRG.

ICEBRG is in the business of network-based response and detection. In simple terms they drop a box on your network that strips network metadata and shunts it up to their cloud for analysis. This allows incident responders in particular to really, really speed up their investigations. We know that a lot of internet traffic is encrypted these days, and that’s made some people take their eye off the network ball. The focus and buzz these days is very much on endpoint detection and response. Our guest on this edition of Soap Box, ICEBRG’s VP of Strategic Partnerships Jason Rebholz, thinks we’ve wound up with a blind spot as a result.

It’s true that a lot of network security tech fell behind the times, but there are some fresh approaches emerging these days that are pretty bloody useful. ICEBRG started off as a product to accelerate incident response, an example use case is deploying it in 15 minutes when you’re starting an IR job; it gives you amazing visibility for the time invested. But, they’re broadening the product a bit these days. They’re not turning it in to an IDS, but they’re able to give clients some very, very high quality signalling. I think this is what you get when you get a bunch of ex-govvies and incident responders together and they develop a product. Their alerts are more along the lines of “you’re owned by this APT group” not so much “hmm, that’s some strange ICMP traffic hitting your mail server. Maybe some router in Azerbaijan needs a reboot, ."

So the thinking is definitely fresh, and I’m increasingly seeing companies play in the network security space again. Network detection is dead! Long live network detection!