Our July meetup was another riveting post-workday gathering of Boston’s local cybersecurity pros in Cambridge’s Kendall Square. After socializing with a slice of pizza and beer in hand, everyone centered their attention to the two guest speakers prepared with lightning talks:
Mike Li - Security Engineer @Rapid7 (exploitation frameworks) Mike Arpaia - Co-founder & CSO @Kolide (Osquery: host intrusion detection product)
First up at bat, Mike Li started off the night with a focus on exploitation frameworks: what to use, how to apply that tool to derive the best outcome, and all the stages in between.
Playing offense with your security systems
Mike Li took the stage to discuss exploitation frameworks, and how to responsibly use them. The goal: find and fix your weaknesses before an attacker does. Seems like a simple task in theory, but oftentimes people don’t even know what or where their vulnerabilities are to begin with. Enter penetration testing with exploitation framework tools.– Tools like Metasploit, Veil Evasion, etc. have given insights to modern security teams that help establish where vulnerabilities exist. When ethically utilized, these tools help to simulate real world attacks and expose weak spots in a network, which will ultimately help to build a stronger system that is challenging to breach.
But… even if you have a near impenetrable infrastructure, your systems are still susceptible to outsider attacks in the form of social engineering. We often think about holes in our system, or brute-force efforts as primary methods to gain access, when in reality many breaches occur due to human naiveté. And on that thought, Mike left us with a simple reminder: Penetration testing and exploitation frameworks are both necessary and valuable. But ultimately, they help us spot vulnerabilities in our systems, not our people. Humans are not infallible, and they are oftentimes a liability that cannot be disregarded. So while we are securing our systems, we also need to take into consideration the people and their behavior in conjunction with the systems.
“When you think of exploitation frameworks, you think of Metasploit. A system, a piece of code, a piece of software. But also, you can exploit a human. People are fallible, too.” - Mike Li #BostonSecurityMeetup @hacksecure
With a high barrier to entry, OSSEC isn’t easy to use. “Aw yeah OSSEC has a great UX!” (crowd chuckles) With a high barrier to entry, OSSEC isn’t easy to use.
“Aw yeah OSSEC has a great UX!” (crowd chuckles)
Embedded content: https://static1.squarespace.com/static/5552e203e4b05a323bd23602/t/57aa1244e3df2821d23e3821/1470763604251/?format=1500w
osquery is an open source framework used to easily and efficiently write SQL-based queries to accurately assess the current state of a system. It was intended to serve as a simple and reliable solution for Facebook’s intrusion detection issues, and has since evolved into a powerful community-driven framework that many companies leverage today.
After Facebook shared the initial osquery code, allowing for public use, the public in return has continued to test, alter, and make additions. What began as 27 SQL tables implemented via an easily extendable API, has now grown to 180 tables directly due to community contributions.
Mike Arpaia went on with tips on how to proactively find malware through the use of query packs and scheduling. To close, he extend an invitation to all listeners to test and reform the continuing osquery project. With over 6,434 stars, 900 contributors, and over 3,000 commits, osquery remains of the most popular repos on Github today.
Thank you Mike Li & Mike Arpaia for your time and expertise!
If you missed the July event, make sure to check us out at Boston Security Meetup, and RSVP for the upcoming meetup on August 11th!