What is malware analysis - part 1

In this analyzed episode of the Exploring Information Security podcast, Daniel Ebbutt joins me to discuss malware analysis.

Daniel (@notdanielebbutt) is a malware analyst at a fortune 500 company. I recently caught up with Daniel at Converge and BSides Detroit. We had a great conversation about malware analysis. Talking about the topic with him you can tell he is very passionate and excited about the subject. Which is why I decided to have him on the podcast for a little chat.

In this episode we discuss:

  • What is malware analysis
  • How to get malware
  • How to handle malware
  • What the different classes of malware are

More resources:

Why social skills are important - part 3

In this final part of a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • Why it's important to never eat alone
  • How to improve your social skills
  • How to start a conversation
  • Why it's important to practice

More resources:

Why social skills are important - part 2

In this second part to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • Why it's important to never eat alone
  • How to improve your social skills
  • How to start a conversation
  • Why it's important to practice

More resources:

Why social skills are important - part 1

In this start to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • What are social skills
  • Why they're important
  • How it relates to social engineering
  • How to interact with someone in a conversation

More resources:

How to pick a lock

In this picky edition of the Exploring Information Security podcast, Adrian Crenshaw joins me to discuss lockpicking and how to pick a lock.

Adrian (@Irongeek_adc) contributes a lot to the infosec community. He's at a lot of different conferences around the country. When he attends dinners at those conferences you can usually see him carrying around a big chain of locks and a monster wallet of lock picks. I've learned to pick locks with Adrian at a few of these dinners and thought it would make a good topic for the podcast.

In this episode we discuss:

  • How to lock pick
  • What are Bogota picks
  • How video games are bad for lockpicking
  • What is lock bumping
  • What happens when you bring lock picks on a plane

Resources:

How to get a DerbyCon ticket

In this scavenger edition of the Exploring Information Security podcast, I provide tips on getting a ticket to DerbyCon.

DerbyCon tickets went on sale May 6, 2017. Two minutes before the official release time, tickets were already sold out. This led to some controversy surrounding the release of tickets five minutes before. This was something that the conference has done for years. Last year the conference sold out in hours. This year it became a problem. There is still plenty of time to secure a ticket. Here are some ways to do that (h/t @PyroTek3).

DerbyCon Twitter account: DerbyCon plans to release more tickets in smaller batches. Watch their Twitter account for more information.

Watch Twitter: Plans change. People will be selling tickets leading up to the conference. Expect an increase in people looking to sell their tickets the month before the conference. I would also recommend paying attention for when speaker notifications go out. Usually around early August.

Submit a talk: The year I began speaking, I got accepted to speak at DerbyCon. The conference prefers new talks and loves new speakers. If you have an idea go for it. You never know. 

Volunteer: It takes a lot of people to run a conference. Volunteers get a free ticket to the con. You will have to work the conference. Which also may result in making some new friends and connections.

Sponsor the conference: DerbyCon is still looking for sponsors. Included in the sponsor package are tickets to the con.

Contests: Keep a look out for contests involving tickets. For example the Brakeing Down Security podcast is putting on a CTF for DerbyCon tickets. 

What is hardware hacking?

In this bulb edition of the Exploring Information Security podcast, Price McDonald Director of Colafire Labs joins me to discuss hardware hacking.

Price (@pricemcdonald) recently gave a hardware hacking talk at BSides Indy. Which I had the pleasure to attend. I was fascinated by the content he provided for the talk and decided to have him on. Hardware hacking is not something we see too much, but it is out there. It's used in physical penetration tests and for other learning opportunities. Listening to Price you can tell he has a strong interest in the topic.

In this episode we discuss:

  • What is hardware hacking?
  • What hardware can be hacked?
  • Where hardware hacking applies?
  • How to get started in hardware hacking

Resources:

What is threat intelligence? - Part 2

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

What is threat intelligence? - Part 1

In this smart episode of the Exploring Information Security podcast, Rob Gresham formerly of McAfee joins me to explain threat intelligence.

Rob (@rwgresham) previously served as a practice lead in McAfee's security operations. I had the opportunity to meet Rob in person. He is deeply involved in the many things information security related in South Carolina. Including the National Guard and Palmetto Cyber Defense Competition. Threat intelligence is a topic he thoroughly enjoys discussing. Which is why this topic will be a two parter.

In this episode we discuss:

  • What is threat intelligence
  • How threat intelligence is useful
  • What are the benefits of threat intelligence
  • What needs to be done before threat intelligence

Resources:

How Macs get Malware

In this installed episode of the Exploring Information Security podcast, Wes Widner joins me to discuss how Macs get malware.

Wes (@kai5263499) spoke about this topic at BSides Hunstville this year. I was fascinated by it and decided to invite Wes on. Mac malware is a bit of an interest for Wes. He's done a lot of research on it. His talk walks through the history of malware on Macs. For Apple fan boys, Macs are still one of the more safer options in the personal computer market. That is changing though. Macs because of their increased market share are getting targeted more and more. We discuss some pretty nifty tools that will help with fending off that nasty malware. Little Snitch is one of those tools. Some malware actively avoids the application. Tune in for some more useful information.

In this episode we discuss:

  • How Macs get malware
  • What got Wes into Mac malware
  • The history of Mac malware
  • What people can do to protect against Mac Malware

More resources:

Infosec Job Postings April 13, 2017

In this looking for more edition of the Exploring Information Security podcast, I've got two job postings and two people looking for an opportunity in infosec.

Job postings

The two postings I have are from my place of employment, Premise Health. We have a Jr. Pen Tester and Security Engineer role. Both positions will require you to relocate to Nashville, TN.

People looking

Brian Hearn was on a previous episode of the Exploring Information Security podcast to discuss his home lab setup. He has eight years of networking and system administration. He's looking for an opportunity in the US. Preferably the western side of the US. He's looking for an opportunity in network monitoring, forensics, or auditing.

You can reach out to Brian at bhearn99.sec[@]gmail[.]com

Zaid Qumei is looking for an entry level role as a security analyst or junior pen tester. He has IT support experience. He is involved in his local OWASP chapter. Last year he graduated with an Electrical and Computer Engineering degree (second major in Computer Science) from Rutgers University. He recently got his Network+ and Security+ certifications. He is willing to relocate.

You can reach out to Zaid at zaid.qumei@gmail.com

Feel free to reach out to me with any feedback, either on Twitter (@TimothyDeBlock) or email (timothy.deblock[@]gmail[.]com).

What is ShowMeCon?

In this show me episode of the Exploring Information Security podcast, Dave Chronister managing partner at Parameter Security (@ParameterHacker) and organizer discuss ShowMeCon.

I can't say enough good things about Dave (@bagomojo). Last year was my first opportunity to attendee and speak at ShowMeCon (@ShowMeConSTL). He and the organizers did a tremendous job taking care of the speakers and attendees. There was great content, activities, food, parties, and the venue was top notch. This is one of the most well run and classiest conferences I've had the opportunity to attendee. I am excited to have the opportunity to speak again at the conference.

The conference has a different feel than other security conferences. It has more of a business feel. Which is a nice change of pace. This gives businesses in St. Louis an opportunity to tap into the vast knowledge of infosec community. It gives speakers of the infosec community an opportunity to show businesses how deep the infosec rabbit hole goes. I highly recommend (and often do) this conference to everyone in IT security.

ShowMeCon is June 8 and 9, 2017, at the Ameristar Casino and Resort. Tickets are available until May 15, 2017.

Other Details:

If you need to contact the organizers of ShowMeCon their phone number is 314-442-0472. If you would like to volunteer send an email to info[@]showmecon[.]com

In this episode we discussed:

  • What is ShowMeCon
  • How the conference got started
  • Who should attend ShowMeCon
  • What can attendees expect
  • A Saturday morning cartoon party

What is the OSINT Framework?

In this knowledge filled episode of the Exploring Information Security podcast, Justin Nordine joins me to discuss the OSINT Framework.

Justin (@jnordine) is the creator of the OSINT Framework. The page is a spider web of tools and other OSINT resources that you can get lost in for days. It's a fabulous tool for those just getting in or those who use OSINT on a daily basis. He created it as a way to keep up with all the OSINT resources out there.

In this episode we discuss

  • How he got started in OSINT
  • What is the OSINT Framework?
  • How should the framework be used?
  • What he has in store for future iterations

What is the internet of things?

In this excessive episode of the Exploring Information Security podcast, Ed Rojas joins me to discuss the Internet of Things (IoT).

Ed (@EdgarR0jas) has recently switched roles. In that role he's researching the internet of things. The internet of things is everywhere and it's starting to become an issue for the security community. From baby monitors to IP cameras to fridges, everything in the home is becoming connected. The issue comes in with the security being embedded in these device. There isn't any and it's allowing malicious people to create massive bot armies for distributed denial of services (DDoS). It's a tough problem to solve. Luckily, Ed is on the case.

In this episode we discuss:

  • What is the internet of things?
  • Why is an IoT an issue?
  • What should organizations be worried about?
  • What are the dangers of IoT?

More resources:

What is BSides Nashville?

In this musical edition of the Exploring Information Podcast, organizers Jennifer Samardak and Finn Breland join me to discuss BSides Nashville.

BSides Nashville (@bsidesnash) is the second BSides I attended and the only one I've attend each year since it's inception. It's a really well put together conference. They have three tracks. They have the usual side areas with lock picking, hardware hacking, and a kids area. The best part though is the lunch. They cater lunch from Martin's BBQ. One of Nashville's best BBQ places. I would put the food up against any conference. I join Jen (@jsmardak) and Finn (@FinnBreland) to talk about all that and much more.

BSides Nashville is April 22, 2017, at Lipscomb University. Tickets are sold out. A waiting list is available for those hoping to attend.

In this episode we discuss:

  • What is BSides Nashville
  • Who should attend the conference
  • What makes it's unique
  • Where are the places to visit in Nashville?

What is it like to work in a security operations center (SOC)?

In this operational edition of the Exploring Information Security podcast, Jeff Lang from Virginia Tech joins me to discuss his day-to-day in a SOC.

Jeff is a good friend of mine and one that I leaned on heavily when I was working in a SOC. He's been a IT Security Analyst for a while now and loves what he does. We've spent countless hours discuss SOC life. We've talked about nuances and some of the things he sees on a regular basis monitoring a college campus. I decided it would make for an interesting podcast episode.

In this episode we discuss:

  • What is a security operations center (SOC)?
  • What are some of the roles in a SOC?
  • What are some of the day-to-day things seen?
  • What are the skills needed to work in a SOC?

More resources:

How to secure Docker

In this docked edition of the Exploring Information Security podcast, Rory McCune joins me to discuss how to secure Docker.

Rory (@raesene) gave a talk over the summer at BSides London 2016 on the myths of Docker. Docker is a technology being used by more and more development teams. We're even starting to see security tools run on Docker, such as OWASP ZAP. With more teams using Docker we need to have an understanding of how to secure it.

In this episode we discuss:

  • What is Docker?
  • Why it is important to secure Docker
  • What the positive and negatives of Docker are
  • How to secure Docker

More resources:

Who is looking for more in infosec - Feb 27, 2017

In this job posting edition of the Exploring Information Security podcast, who is looking for more in infosec?

This is a bonus episode of the podcast. This is a solo podcast where I discuss open positions and people looking for opportunities. I plan to do these based on demand. If you would like to submit a position you are looking to fill or looking for an opportunity send me an email timothy.deblock[at]gmail[dot]com or hit me up on Twitter @TimothyDeBlock.

Employers looking to fill a role

Sr. Splunk Admin - Premise Health

  • Splunk experience a plus
  • SIEM experience and management is required
  • Must live in Nashville, TN, or be willing to relocate

Jr. Pen Tester - Premise Health

  • Testing experience a plus
  • Familiarity with testing tools
  • Must live in Nashville, TN, or be willing to relocate

Sr. Endpoint Security Consultant - Optiv

  • Focus on Carbon Black
  • Optiv's Architecture & Implementation Services
  • Location anywhere
  • 50% travel time
  • Fill out position or contact Brad Pace (brad.pace[at]gmail[dot]com)

Quicken Loans

Multiple positions open at Quicken Loans as we continue to mature our information security team. All positions would require relocation to the metro Detroit area, no remote opportunities unfortunately. Great team of people, great company culture and atmosphere. At the end of the day the positions are what you make them. - Robert Knapp @power_napz or robertknapp[at]quickenloans[dot]com

 

People looking for an opportunity

Joshua Ovalle - Resume

Type of work: Entry level

Interested Areas:
I have been interested in the idea of breaking down and building up security networks and things of that sort. I had always pictured hacking as something fun and challenging. Challenging things are what really get me involved more deeply in my work.

Experience:
Navy Aviation Electronics Technician. My experiences are with mostly physical maintenance (wire running, electronic testing, circuit card installation/testing and software instillation. I am also familiar with Microsoft computers and Apple products.

Community Contribution:
I have recently started dedicating time to a prison ministry at my church spending time with the children of men and women who are incarcerated by teaching and playing sports with them.

Education:
I graduated high school in 2009 and went to college for 2 semesters until I decided to join the military.

Willing to Relocate:
I am currently in San Diego, and with a new born i don't know if i could relocate any time soon.

Coding Experience:
I don't have any experience with coding, but I am willing to learn it.

How to contact:
email: jgovalle[at]gmail[dot]com

Again if you are looking to fill a role or looking for an opportunity email me timothy.deblock[at]gmail[dot]com

How to become a penetration tester - Part 2

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What tools a penetration tester uses
  • What skills are needed to be a penetration tester
  • Andrew discusses how he became a penetration tester

More resources:

How to become a penetration tester - Part 1

In this reddish edition of the Exploring Information Security podcast, Andrew Morris of Endgame joins me to discuss how to become a penetration tester.

Andrew (@Andrew___Morris) is a security researcher at Endgame. Before he got that role he was a penetration tester. I had an opportunity to get to know Andrew at some events in the Columbia, SC. He's very knowledgeable and excited about what he does in the information security space. In this two-part series we discuss some of the nuances of being a pen tester and how to find yourself in that particular role.

In this episode we discuss:

  • What is a penetration tester?
  • Why become a penetration tester?
  • What writing a report is like
  • What is the day-to-day life of a pen tester

More resources: