Share The Security Engineering Show
Share to email
Share to Facebook
Share to X
By The Security Engineering Show
The podcast currently has 5 episodes available.
A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Finn Foulds-Cook: Senior Penetration Tester at Volkis
00:00 - Intro
1:40 - The Engagement
4:45 - Windows Exploitation and Tooling
6:55 - ADCS, Coerced Auth, and Certs!
11:10 - Domain Controller Takeover
13:20 - Abusing DC Sync and EDR
15:55 - From DA to Azure
18:00 - Disabling your fancy EDR
19:30 - Escalating to Azure Global Admin
21:10 - Everything hacked, now what?
22:03 - Enumerating SCADA
24:31 - From SCADA to DEATH
27:44 - How do we fix all of this?
30:01 - Important security insights
31:47 - Message to Security / IT teams
33:36 - Outro
What happens when an American computer science student studies abroad in China and decides to find out what the Chinese government is censoring? Learn about how he did it, and what he discovered on this episode of The Security Engineering Show.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford: CEO at 0pass
Mitch Edwards: CEO at GrabbrApp
00:00 - Intro
1:16 - About Mitchell
4:12 - Chinese Yahoo Answers
6:00 - The Zhihu web scraper
9:10 - Analyzing the data
13:00 - Cat and mouse game
19:45 - Defense and iterations
21:35 - Threat Intel on the Dark Web
26:11 - Outro
Delve into the nitty-gritty of a company's two run-ins with the Lazarus Group. The first time, to clean up the mess they left behind, and the second, to stop them in their tracks after getting a telltale alert from the SEIM.
This story is about a security engineer who hijacked the most important web page on the internet as part of a capture the flag challenge. While I can't tell you which exact page or company this happened at, you definitely know it and most likely use it every day in your business and personal life.
"Oh the places you'll find malware" brings surprising stories of infections and security incidents. Michael Grube, formerly a security engineer at SpaceX and now a vulnerability researcher at an employer we won't disclose, tells the stories about how he found malware in a Hadoop cluster, on a water jet machine (bought straight from the manufacturer), and in an Active Directory environment. We talk about the tricks that threat actors used to cover their tracks and how they were exposed.
This is the show for security engineers, by security engineers.
Featuring
Noah Stanford, CEO at 0pass: https://www.linkedin.com/in/pwned/
Michael Grube: Vulnerability Researcher and Security Engineer
The podcast currently has 5 episodes available.
371 Listeners
908 Listeners
7,630 Listeners