2017-009-Dave Kennedy talks about CIAs 'Vault7', ISC2, and Derbycon updates!

Wikileaks published a cache of documents and information from what appears to be a wiki from the Central Intelligence Agency (CIA). This week, we discuss the details of the leak (as of 11Mar 2017), and how damaging it is to blue teamers. To help us, we asked Mr. Dave Kennedy  (@hackingDave) to sit down with us and discuss what he found, and his opinions of the data that was leaked. Mr. Kennedy is always a great interview, and his insights are now regularly seen on Fox Business News, CNN, and MSNBC. Dave isn't one to rest on his laurels. For many of you, you know him as the co-organizer of #derbycon, as well as a board member of #ISC2.  We ask him about initiatives going on with ISC2, and how you (whether or not you're a ISC2 cert holder). You can help with various committees and helping to improve the certification landscape. We talk about how to get involved. We finish up asking about the latest updates to DerbyCon, as well as the dates of tickets, and we talk about our CTF for a free ticket to DerbyCon.   Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-009-dave_kennedy_vault7_isc2_derbycon_update.mp3 Youtube:  https://www.youtube.com/watch?v=lqXGGg7-BlM iTunes: https://itunes.apple.com/us/podcast/2017-009-dave-kennedy-talks-abotu-cias-vault7-isc2/id799131292?i=1000382638971&mt=2   #Bsides #London is accepting Call for Papers (#CFP) starting 14 Febuary 2017, as well as a Call for Workshops. Tickets are sold out currently, but will be other chances for tickets. Follow @bsidesLondon for more information. You can find out more information at https://www.securitybsides.org.uk/    CFP closes 27 march 2017 ------ HITB announcement: "Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: [email protected] Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/     --show notes-- http://www.bbc.com/news/world-us-canada-10758578   WL: "CIA 'hoarded' vulnerabilities or 'cyber-weapons'     Should they not have tools that allow them to infiltrate systems of 'bad' people?     Promises to share information with manufacturers         BrBr- Manufacturers and devs are the reason the CIA has 'cyber-weapons'             Shit code, poor software design/architecture             Security wonks aren't without blame here either   http://www.bbc.com/news/technology-39218393  -RAND report         Report suggested stockpiling is 'good'             "On the other hand, publicly disclosing a vulnerability that isn't known by one's adversaries gives them the upper hand, because the adversary could then protect against any attack using that vulnerability, while still keeping an inventory of vulnerabilities of which only it is aware of in reserve."   Encryption does still work, in many cases… as it appears they are having to intercept the data before it makes it into secure messaging systems…   http://abcnews.go.com/Technology/wireStory/cia-wikileaks-dump-tells-us-encryption-works-46045668   (somewhat relevant? Not sure if you want to touch on https://twitter.com/bradheath/status/837846963471122432/photo/1)   Wikileaks - more harm than good?     Guess that depends on what side you're on     What side is Assange on? (his own side?)     Media creates FUD because they don't understand         Secure messaging apps busted (fud inferred by WL)             In fact, data is circumvented before encryption is applied. Some of the docs make you wonder about the need for 'over-classification' Vulnerabilities uncovered   Samsung Smart TVs "Fake-Off" Tools to exfil data off of iDevices     BrBr- Cellbrite has sold that for years to the FBI         CIA appears to only have up to iOS 9 (according to docs released) Car hacking tech Sandbox detection (notices mouse clicks or the lack of them)     Reported by eEye: https://wikileaks.org/ciav7p1/cms/page_2621847.html Technique: Process Hollowing: https://wikileaks.org/ciav7p1/cms/page_3375167.html     Not new: https://attack.mitre.org/wiki/Technique/T1093 **anything Mr. Kennedy feels is important to mention**   What can blue teamers do to protect themselves?     Take an accounting of 'smart devices' in your workplace         Educate users on not bringing smart devices to work             And at home (if they are remote)                 Alexa,         Restrict smart devices in sensitive areas             SCIFs, conference rooms, even in 'open workplace' areas                 Segment possibly affected systems from the internet     Keep proper inventories of software used in your environment     Modify IR exercises to allow for this type of scenario?     Reduce 'smart' devices         Grab that drill and modify the TV in the conference room         Cover the cameras on TV             Is that too paranoid?         Don't setup networking on smart devices or use cloud services on 'smart' devices     Remind devs that unpatched or crap code can become the next 'cyber-weapon' ;)