Author Archives: jwgoerlich

BSides Detroit 13 Episode 11

Matt Johnson (@mwjcomputing) is this week’s podcast guest. Matt discusses the #MiSec BSides Detroit dinner, the value of blue team defenses, and, of course, PowerShell. Matt is the founder of the Michigan PowerShell User Group and has submitted a talk to BSides Detroit 13 titled Incident Management with PowerShell.

Abstract. Have you seen the latest scare? The Java 0-day exploit that allows attackers to execute code on your computer? Now scares come and scares go. But let’s suppose for a moment your servers were infected using this exploit. How could your administrators detect the attack? How do you recover? Even better, what could have been done beforehand and how could you prevent this from happening again?

Incident Management , of course, is the security practice that seeks to answer these questions. In Windows server environments, PowerShell is the way Incident Management gets put into practice. This session will introduce InfoSec professionals and systems administrators to PowerShell’s security features. Using the Java 0-day exploit as a driver, we will walk through the lifecycle of an incident. The audience will leave with information on the policy and practice of Incident Management with PowerShell.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 10

Steve Aiello joins the BSides podcast to chat about his talk, Building Securable Infrastructures. A return to first principles, Steve looks into how designing security from the beginning and considering security holistically leads to lower costs and stronger security postures. It may not be sexy but it works. And as Wolfgang Goerlich says, “Working is the new sexy.”

Abstract. This session asks the question: “How do I design my environment to be securable?” Until computing systems are designed and built with security and in mind we will be trapped in a cycle of post implementation Band-Aid style fixes. Without designing infrastructures from the ground up with security in mind and real attempt to defend against directed attacks will be largely unsuccessful.

  • How do we evaluate products in a systematic manor to eliminate vulnerabilities we invite into our environments?
  • Where is money more wisely spent: on developing quality security policies and guidelines? Or on buying, configuring, and maintaining security products?
  • What are critical questions that we should be asking our vendors when we are evaluating new products for our environments?

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 09

This week’s guest, James Siegel (WolfFlight), joins Wolfgang to chat about CCDC, the value of hallway con, and building security awareness in the “Bring Your Own” age. James also previews his talk on OSSEC and host-based intrusion detection, titled: Looking Through the Peephole.

Abstract. Many professionals simply rely on AV and other similar solutions to let them know if they are being digitally assaulted. Those tools rely on heuristics and signatures. OSSEC will be used to demonstrate Host-based Intrusion Detection. The act of actively monitoring the systems behavior to determine if something outside of normal activity or the baseline is occurring and to alert the user or designated personnel.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 08

Ben0xA joins the podcast with J Wolfgang Goerlich to discuss user engagement and awareness training. Do you want to run an effective awareness campaign for less than $20 a person? Check out Ben0xA’s talk: Creating A Powerful User Defense Against Attackers.

Abstract. Does your security defense stop at the firewall, antivirus, logging, auditing, and the IDS? Regardless of the size or complexity of your perimeter security if your user clicks on a malicious link or opens an infected file it could still be ‘game over’ for your network. One of the strongest defenses is knowledge and empowerment. In this talk, I will show you how we were able to get our executives, IT team, and all of our users excited about security with a unique approach to User Security Awareness Training. I will show you examples of how we convinced everyone in our organization that they are a part of the security defense team. I will show you what worked and what didn’t work when we implemented this in our organization. I’ll talk about how these techniques that I used in an organization of 70 employees can work at organizations of all sizes. I will give you practical tools to sell the idea to your boss, sell the idea to your IT team, and sell the idea to your users which will help you create a powerful user defense against attackers.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 07

Steven Fox and Andrew MacPherson from Paterva join the podcast. We discuss Maltego and Steven’s Open Source Intelligence Workshop / Scavenger Hunt.

Abstract. The Internet is replete with information resources which communicate both trivial and useful information about people/organizations. Open Source Intelligence (OSINT) comprises an analytical process where this information is collected, distilled and deployed for use in a variety of scenarios. This process reveals the information associated with physical assets, enabling us to interface strategically with the world.

Attendees will learn, over two half-day sessions, the OSINT lifecycle in the context of a scavenger hunt. They wll become familier with the fundamentals behind cyber intelligence collection and analysis, and how these current methods can be deployed in their organizations. They will also learn to visualize connections between information and physical assets through the use of Paterva’s Maltego. Each workshop attendee will receive a 5-day enterprise license for us in both this workshop and the Security BSides Detroit CTF.

Note. This is a two part workshop. Part one is on Friday morning, part two is on Saturday afternoon, and the scavenger hunt runs through-out the conference. Exact times will be announced closer to the event.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 06

Keith Dixon (@Tazdrumm3r) joins us to share a brief retrospective of BSides Detroit 12, and to give a preview of his 13 talk on honeypots.

Abstract. Be vewy vewy quiet, we’re hunting hackers – Honeypots and the fun you can you have. This talk is to give a demonstration of what fun and interesting things you can discover and learn about by setting up a honeypot or two.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 05

Fresh from Twitter’s security breach with 250,000 passwords and the increased calls for Twitter to use two-factor authentication, John Moore (@RabidSecurity) joins the podcast to cover password strength and two-factor authentication. John covers his new BSides Detroit talk, Advanced Password Recovery Techniques and Modern Mitigation Strategies, along with his Cain and Abel password cracking workshop.

Abstract. Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have become the keys to our digital kingdoms. So it’s no surprise that Advanced Persistent Threat (APT) actors and malicious software target these credentials once they have compromised a system or systems in our network to further entrench and seek profit from unlocking our personal and corporate data. In order to curb this problem, most enterprises and operating systems encrypt this data to keep it safe. However, we have seen with the right tools these credentials can be unencrypted and used for more nefarious means. This problem has plagued even the largest organizations and the list of companies suffering from credential leaks is growing almost daily and includes such giants as LinkedIn, EHarmony and Yahoo. In this talk, we discuss how these breaches occur, the risks to the organization as well as the individual and what can be done to mitigate this growing security epidemic. An “Enclave Protected Defense-in-Depth” strategy toward creating, securing and managing passwords against this class of attack will be propounded and a focus will be placed on explicating the tools, techniques and practices (TTPs) used by malicious actors that leverage these attacks to gain access within the network to breach critical data that can bring harm to the individual and organization. Lastly, we will explore how to improve personal and enterprise password strategies, discuss alternatives like two factor authentication and Active Directory Group Policy strategies to help mitigate this risk and, finally, speculate to what the future of authentication may look like.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 04

The GrrCon conference is returning to sponsor BSides Detroit 13. The GrrCon crew is always a lot of fun. And on this episode, Chris Payne (@EggDropX) joins us to discuss this cross-state collaboration. “I see us all as one family. It is Michigan. It is what we do. If we are not going to support you, who is going to?”

Chris also previews his new talk, In case of ZOMBIES break glass. Fair warning: Chris uses explicit language at times.

Abstract: One thing is for certain, surviving the inevitable Zombie Apocalypse will not be easy. Many of you will die, potentially creating a larger army of the undead to attack the rest of us. Not sure what to do when the zombie apocalypse hits?  How do you and your loved ones survive an army of the undead with your brains, & sanity, intact? This presentation will cover some VERY real scenarios that may bring about the zombie apocalypse and provide you will invaluable information to make sure you are one of those left to retake the earth.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 03

On this episode, BSides Detroit announces its collaboration with BSides Chicago on a new capture the flag (CTF) contest. This is the first CTF, to the best of our knowledge, that stretches two conferences and stretches three months. Derek Thomas (@dth0m) and Juan Carlos (@kongo_86) take us behind the scenes to see the efforts going into this groundbreaking competition.

To find out more about the CTF, Derek and Juan suggest you follow @BSidesDetroit and @BSidesChicago on Twitter.

For more information about BSides Detroit 13, please see:

BSides Detroit 13 Episode 02

In this episode, we interview Mark (@Tech357) about his talk: I’m in, now what?: Recon and maintaining access in Linux system. Mark also discusses BSides Chicago’s New and Local track and the value of presentations that cover intermediate computer security skills.

Abstract: Pentesters going after Windows systems have the distinct advantage of using Meterpreter. They can install programs, clear logs, escalate privileges, to name a few. Unfortunately, there is no good Linux equivalent so we must do it all by hand. Attendees will learn how to map out the server and install a backdoor for later use. This talk will cover identifying key directories and files, noting additional services that may not have been immediately evident during initial Recon, using netcat combined with crontab to create a backdoor window, and selectively clearing logs. Some Linux / Minimal Pentesting experience required as this assumes you have already compromised the box.

Join us as we kick off BSides Detroit 13.