2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates!


Manage episode 174493128 series 58350
By Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio streamed directly from their servers.

Wikileaks published a cache of documents and information from what appears to be a wiki from the Central Intelligence Agency (CIA).

This week, we discuss the details of the leak (as of 11Mar 2017), and how damaging it is to blue teamers.

To help us, we asked Mr. Dave Kennedy (@hackingDave) to sit down with us and discuss what he found, and his opinions of the data that was leaked. Mr. Kennedy is always a great interview, and his insights are now regularly seen on Fox Business News, CNN, and MSNBC.

Dave isn't one to rest on his laurels. For many of you, you know him as the co-organizer of #derbycon, as well as a board member of #ISC2. We ask him about initiatives going on with ISC2, and how you (whether or not you're a ISC2 cert holder). You can help with various committees and helping to improve the certification landscape. We talk about how to get involved.

We finish up asking about the latest updates to DerbyCon, as well as the dates of tickets, and we talk about our CTF for a free ticket to DerbyCon.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-009-dave_kennedy_vault7_isc2_derbycon_update.mp3

Youtube: https://www.youtube.com/watch?v=lqXGGg7-BlM

iTunes: https://itunes.apple.com/us/podcast/2017-009-dave-kennedy-talks-abotu-cias-vault7-isc2/id799131292?i=1000382638971&mt=2

#Bsides #London is accepting Call for Papers (#CFP) starting 14 Febuary 2017, as well as a Call for Workshops. Tickets are sold out currently, but will be other chances for tickets. Follow @bsidesLondon for more information. You can find out more information at https://www.securitybsides.org.uk/

CFP closes 27 march 2017


HITB announcement:

“Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/


Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast

iHeartRadio App: https://www.iheart.com/show/263-Brakeing-Down-Securi/

SoundCloud: https://www.soundcloud.com/bryan-brake

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast

#Twitter: @brakesec @boettcherpwned @bryanbrake

#Player.FM : https://player.fm/series/brakeing-down-security-podcast

#Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr

#TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/

--show notes--


WL: “CIA ‘hoarded’ vulnerabilities or ‘cyber-weapons’

Should they not have tools that allow them to infiltrate systems of ‘bad’ people?

Promises to share information with manufacturers

BrBr- Manufacturers and devs are the reason the CIA has ‘cyber-weapons’

Shit code, poor software design/architecture

Security wonks aren’t without blame here either

http://www.bbc.com/news/technology-39218393 -RAND report

Report suggested stockpiling is ‘good’

“On the other hand, publicly disclosing a vulnerability that isn't known by one's adversaries gives them the upper hand, because the adversary could then protect against any attack using that vulnerability, while still keeping an inventory of vulnerabilities of which only it is aware of in reserve.”

Encryption does still work, in many cases… as it appears they are having to intercept the data before it makes it into secure messaging systems…


(somewhat relevant? Not sure if you want to touch on https://twitter.com/bradheath/status/837846963471122432/photo/1)

Wikileaks - more harm than good?

Guess that depends on what side you’re on

What side is Assange on? (his own side?)

Media creates FUD because they don’t understand

Secure messaging apps busted (fud inferred by WL)

In fact, data is circumvented before encryption is applied.

Some of the docs make you wonder about the need for ‘over-classification’

Vulnerabilities uncovered

Samsung Smart TVs “Fake-Off”

Tools to exfil data off of iDevices

BrBr- Cellbrite has sold that for years to the FBI

CIA appears to only have up to iOS 9 (according to docs released)

Car hacking tech

Sandbox detection (notices mouse clicks or the lack of them)

Reported by eEye: https://wikileaks.org/ciav7p1/cms/page_2621847.html

Technique: Process Hollowing: https://wikileaks.org/ciav7p1/cms/page_3375167.html

Not new: https://attack.mitre.org/wiki/Technique/T1093

**anything Mr. Kennedy feels is important to mention**

What can blue teamers do to protect themselves?

Take an accounting of ‘smart devices’ in your workplace

Educate users on not bringing smart devices to work

And at home (if they are remote)


Restrict smart devices in sensitive areas

SCIFs, conference rooms, even in ‘open workplace’ areas

Segment possibly affected systems from the internet

Keep proper inventories of software used in your environment

Modify IR exercises to allow for this type of scenario?

Reduce ‘smart’ devices

Grab that drill and modify the TV in the conference room

Cover the cameras on TV

Is that too paranoid?

Don’t setup networking on smart devices or use cloud services on ‘smart’ devices

Remind devs that unpatched or crap code can become the next ‘cyber-weapon’ ;)

241 episodes available. A new episode about every 7 days averaging 56 mins duration .