VIDEO TRANSCRIPTION
Wild West Hackin' Fest
An Invitation to "Getting Started in Security with BHIS and MITRE ATT&CK" w/ John Strand
Description generated by Skrybot
No description has been generated for this video.
Transcription generated by Skrybot
Hello and welcome. My name is John Strand and I'd like to take a few moments to invite you to our intro to security class, specifically our intro to security class that cross references against the MITRE ATT&CK technique matrix, or as I like to call it, a gentle, caring introduction to computer security. Now, what this particular class is designed to be is a bootstrap class. If you look at computer security, it is a very, very difficult concept to get going on, right? There's a lot going on with patches and crypto and exploits and different types of defenses, CASB, all of these different things.
But what this class is designed to be, a two-day class spread over four days to give you more time to digest the specific topics, is really designed, if you're in getting started in security and you have to know what actually works to stop attacks right out of the gate, then this is the class for you. If you're trying to look at all of the things in computer security and you're trying to find a starting point to actually move into the rest of your career, this class is absolutely for you. We're going to cover in this course what it takes to defend a network.
And more importantly, we're going to be covering the different things that make our lives at Black Hills Information Security and our pen test side of the house incredibly difficult. Our goal is to make the pen testers of companies like Black Hills Information Security cry. And when they cry, I hope you collect their tears because their tears make the best wine. So in this class, we cover 11 topics and we go to 11 because 11 is just better than 10. And as I said, we're going to focus on the things that actually work. That doesn't mean other things like doing asset inventory isn't important in computer security.
It doesn't mean that user awareness training isn't important to computer security. But we're really going to focus on the crash course. Look at it from the perspective of an administrator is brought into a small to medium sized business. Everything's completely broken. They have to get things fixed in a matter of a couple of weeks. What would be the things that they would do to actually improve their security noticeably and they can do it at little to no cost that they can fire up very, very quickly. That is the goal of our intro to security class.
Now, for this particular course, we have mapped all the different defenses over to the MITRE ATT&CK technique matrix. Now, a couple of quick notes on this. We're not talking about taking the hundreds of individual techniques and saying here's how you defend against this one and here's how you defend against that one. But rather, we're talking about how you can systematically address entire categories of ATT&CK techniques in MITRE. For example, if you're looking at lateral movement in MITRE, you can try to stop each one of those or you could just enable your host based firewalls and do proper segmentation.
So instead of trying to address each individual little technique, we're saying here's the different things that you can do that categorically shut these entire classes of ATT&CKs down. Things like application allow listing. Yeah, believe it or not, for a lot of EDR products, that's the most powerful thing in their endpoint security arsenal. And it's actually free. So we cover how you can do that sanely and intelligently. Password controls. The vast majority of the access that we get at BHIS is through password spraying or bypassing two factor authentication.
So by learning how to set up your passwords, two factor authentication, using tools like LastPass to actually reduce your total ATT&CK service is something easy, doesn't cost much, and it will immediately have impacts on the security in your organization. Egress traffic analysis, utilizing tools like NetFlow or Zeclogs, using real intelligence threat analytics to be able to detect beacons that are leaving your environment. User and entity behavioral analytics. How can you actually utilize your SIM so it's not a complete piece of garbage but actually gives you value? How do you actually go through tuning your SIM with UEBA enabled on top of it to make it effective for you? Advanced endpoint protection.
Getting away from traditional deny list level AV and really getting into something that works fairly well at stopping a tremendous number of attacks. Not all attacks. We get into bypass techniques. They don't stop everything, but they really help. They're great. And we get into that. How you can do proper logging and analysis in your environment to detect attacks. Turning on host-based firewalls and segmentation. Using internet allow listing so your users can't go everywhere. And more importantly, if an attacker takes over one of your systems, their command and control servers will fail. Vulnerability management. How to do it right.
Not breaking it up by IP address, but looking at vulnerabilities based on the plugin ID that's being utilized. And also active directory hardening. Utilizing tools like Pingcastle and Plumhound to identify the vulnerabilities in your active directory environment that allow an attacker to move laterally, escalate their privileges, and take over more systems. And then finally, we briefly talk about backup and recovery because if you're dealing with ransomware style attacks, you have to have that. Now, is this exhaustive? Is this the equivalent of a six-day class? No, it's not. Is this a class that can help get you ramped up very quickly as a crash course? Absolutely.
Is this a class that will help you get ready for a six-day class? Absolutely. So this is a great starting point for your career. Also, this class is pay what you can. In fact, all the classes I teach for Anti-Siphon, Black Hills Information Security, and Wild West Hacking Fest are now pay what you can. And the goal of me giving classes that are pay what you can is really trying to reduce the gates and barriers to getting people into computer security. Reducing the gates and barriers for people furthering their career in computer security. And that barrier oftentimes costs an employer that won't pay for world-class training like the SANS Institute.
Or you're just trying to get into security, and all the jobs want you to have basic core skills, but you can't get those skills unless you can get the training. You can only get the training once you get the job. I'm trying to break that chicken and egg argument completely to pieces to make sure that there's an easy on-ramp for absolutely everybody, regardless of race, background, gender, sexual orientation, like economic background. I don't care. Everybody can come to this class, and there's literally no gates to keep you from it. So I hope to see you at a class sometime in the very near future. Once again, check it out.
It's the Intro to Security class specifically with the MITRE emphasis. So check it out. There'll be a link in the description of this particular video, and I can't wait to see you in the next class. .
S K R Y B O T
Skrybot. 2023, Video transcriptions from YouTube
By visiting or using our website, you agree that our website or the websites of our partners may use cookies to store information for the purpose of delivering better, faster, and more secure services, as well as for marketing purposes.