BTB Security's Managing Partner, Ron Schlecht discusses the latest details of Sabre Solution's data breach.
Do you own an Amazon Echo? The device is involved in a murder investigation in Arkansas and the case is raising questions about privacy and technology. NBC10's Jacqueline London chats with security expert Ron Schlecht, Jr. to learn about the new technology.
NBC10 talks to BTB about the Yahoo hack exposing 1 Billion users. This is one of the largest data breaches in US history.
Hacker for a Day - Part 2 - BTB Security and NBC10 teamed up to demonstrate the realities of workplace cybercrime. BTB turned Matt DeLucia of NBC10 into a "hacker for a day."
Hacker for a Day - Part 1 - BTB Security turned Matt DeLucia of NBC10 into a "hacker for a day." Did Via just compare us to Jason Bourne? Awesome!
To celebrate security awareness month this October, we presented a free security awareness training session. This can be used by your company to brief employees on current security issues and train them on appropriate security actions. Turn the weakest link in to the strongest link!
BTB Security's Chris McGinley appears on NBC10 News to address concerns raised by the latest release of hacked emails by WikiLeaks.
BTB Security's Chris McGinley was interviewed by NBC10 in Philadelphia about the recent news that Yahoo email was being scanned by government intelligence agencies.
BTB Security's Webinar: Shortening the Time from Breach to Normal
Breaches are unavoidable, and the volume of security incidents continue to increase. The challenge today is less about getting the threat alerts, but more about responding to accurate alerts with the most context, in the fastest way possible to reduce the amount of time a threat has to permeate the infrastructure. The new paradigm is to monitor all sources of events, apply threat intelligence, and contextually analyze security incidents to provide laser focus on preventing and responding to incidents. This requires either dramatic technology, people and process improvements for Security Operations Centers, or the reliance on a managed security services partner. Just take a guess what we'll talk about. Presenter: Brian Bailey
BTB Security's Webinar: Breaking In
How secure is your environment? If the delivery guy showed up with hot food, would you let him in to deliver it? How about a county code inspector? In this webinar, Matt Barnett, a security consultant for BTB Security shares some of his stories about breaking into banks, universities, and corporations throughout the country. Matt seems to have the knack for bypassing physical security controls and using social engineering to talk his way right into the most secure areas of an organization. Matt drills into how he does it and what advice he offers to help improve physical security in your organization. Presenter: Matt Barnett, GCFA
BTB Security's Webinar: Powershell Inveighsion
Attackers have been exploiting weaknesses in the LLMNR/NBNS protocols from Linux based machines for years. These methods typically required an attacker to be physically located on the victim's network, limiting the attack surface. With the growing popularity of Powershell among attackers, attackers have discovered ways to exploit these protocols directly from Windows machines. This greatly increases the risks to phishing victims as it provides yet another way to collect privileged credentials and pivot deeper into the network. Learn how these attacks are performed and prevented.
BTB Security's Webinar: What are companies not doing series: multi-factor authentication
MFA is getting adopted as one of the mainstream infosec controls. We believe you should have it. What happens if you don't (speaking from our experience and war stories) and what types of risks are you really addressing with MFA? You may be surprised by what most MFA doesn't protect you from (i.e., there's no silver bullet and MFA is definitely not it): HTTP authentication and phishing attacks.
Presentation at the 2015 Delaware Cyber Security Workshop on September 29, 2015. Top 10 Things You Can Do to Stay Out of the News!
Companies are being breached at an alarming rate. While some attacks have gotten more advanced, most are taking advantage of obscure default settings and simple misconfigurations to gain access to your network and escalate privileges. This talk will focus on the top security controls that can be implemented at low cost and low impact to your network, ensuring maximum ROI of your Domain Admins valuable time. Missing this talk could mean risking your companies reputation.
With the upward trend in telecommuting, endpoint protection has become more and more important. BTB Security will show how easy it is to thwart signature-based Anti-Virus and what measures should be put in place to reduce the risk of exposure.
The Advanced Persistent Threat (APT) is a terrifying concept as it means an attacker has gained unauthorized access to your environment and has been there long enough to be described as persistent. Unfortunately an APT can mean a lot of different things to a lot of different people. In truth, an APT can certainly be a number of different things, but regardless of delivery method and payload, APTs generally have the same characteristics. BTB is well versed in the art of the APT and has even developed their own unique tool used during Penetration Testing to demonstrate the risks associated with an APT.
Whether you are bound by regulation or guided by standards, security assessments are an integral part of a defensible security program. Security Assessments can take form in top-down security organizational (i.e., Compliance, Governance), bottom up technical (i.e., Penetration tests, Vulnerability Assessments), and even specific technology implementations (i.e., Mobile Application, Firewall). In this Webinar, we'll cover the list of reasons and benefits of performing self and independent security assessments
We'll spotlight a rather recent network intrusion case that was worked with the Secret Service. The case led to an international investigation, but really emphasizes that computer crime has changed, and that it’s more tightly woven into organized and street crime.
This covers the various techniques BTB Security uses in pen tests to defeat the protections put in place, and break in to our clients.
Developing your ROI for tools, processes, education for your team, for your user community and your board of directors.
Webinar from 5/21/2015 - David Williams and Matt Barnett of BTB Security talked about a 10+ year-long issue that still remain unresolved in many environments. The talk highlighted several issues: disabled SMB signing, LLMNR/NBNS spoofing attack, how these two issues combined could lead an attacker to easily compromise the entire environment (sometimes less than 10 minutes). We will also talk about issues with vulnerability management and vulnerability scoring metrics of these issues: the exploitability and risk of (disabled) SMB signing and LLMNR/NBNS are not accurately represented in most places; and how this issue has led to this issue being unaddressed in most places.
The security practitioners at BTB have been in the industry for over a decade apiece and have conducted countless penetration tests and vulnerability assessments. That's given us quite the arsenal of stories to tell. Stories that we think you might not only find entertaining in some cases, but informative as well. When we conduct Penetration Tests we fill the role of the bad guy and target our clients' information resources accordingly. These stories and demonstrations are designed to shed some insight into the bad guy's approach to security, what's important to them, and how you can better defend your organization against them.