LIVE: Unraveling the SharePoint Zero-Day Exploit (CVE-2025-53770)

Summary:

Link to the live recording: https://www.youtube.com/live/DHbGpRtDvIw?si=h6tHumVLrl3HOgq0

Join Timothy De Block and special guest Ben Miller for a deep dive into the SharePoint zero-day exploit, CVE-2025-53770. This episode breaks down the technical details of the "goofy authentication bypass" and its serious implications for on-premise systems. The discussion also expands into broader topics, including the critical role of human intelligence in security, the shift to Managed Security Service Providers (MSSPs), and the importance of addressing business processes and mental health in the industry.

Key Takeaways

  • The SharePoint Exploit (CVE-2025-53770): Ben Miller describes this vulnerability as an unauthenticated "zero-click" exploit that requires no user interaction. It's a "goofy authentication bypass" that allows an attacker to gain full control of an on-premise SharePoint server by simply sending a web request. Once an attacker gains access, they can steal keys and maintain persistent control.

  • On-Premise vs. Cloud: The vulnerability primarily affects on-premise SharePoint servers, which are managed directly by businesses. Ben explains that even organizations that have moved their systems to a cloud like Azure might still be vulnerable if they've retained old, vulnerable configurations.

  • Challenges with Detection and Remediation: Many businesses lack adequate logging and internal threat hunters, making it nearly impossible to detect if a breach occurred. The widespread use of SharePoint makes its vulnerabilities particularly dangerous, and entrenched intruders can be so difficult to remove that they may require a complete system overhaul.

  • The Human Element in Security: The speakers discuss how humans are the "trust link" and "determiner" in a security program, not just the weakest link. If one person's single action can compromise a system, it points to a process problem, not a human one. The episode also highlights the powerful role of social engineering, even with something as simple as using food to gain access to a network.

  • MSSPs and Career Advice: The conversation touches on the growing trend of organizations using Managed Security Service Providers (MSSPs) for their security operations. Ben suggests that MSSPs are a great entry point for aspiring security professionals, as they provide broad exposure to a variety of incidents. For long-term career success, Ben advises being able to translate security needs into business sense and becoming an expert in your field.

  • Community and Mental Health: Ben and Timothy encourage listeners to attend the BSides St. Louis conference on September 27th. Timothy even offered to pay for a ticket for anyone who can't afford it. The episode concludes with a discussion on mental health, with Ben encouraging people to view therapy as "a form of hygiene" and to seek help when needed.

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How BSides St Louis Can Help Take The Next Step in Cybersecurity

Summary:

Timothy De Block and Ben Miller discuss the upcoming BSides St. Louis conference. Ben shares the mission behind the event: to provide a low-cost, high-value conference for beginners and those new to the security community. They cover the importance of community-building, the value of professional skills alongside technical ones, and the power of networking at local events.

Key Takeaways:

  • BSides St. Louis Mission: Ben and his co-founders created BSides St. Louis in 2015 as a "passion project" with the motto, "bringing the interested to the connected". The goal is to offer a free or low-cost conference to make cybersecurity knowledge accessible to beginners and career-changers who can't afford larger, more expensive events.

  • Cost and Accessibility: This year's conference operates on a donation basis, with a recommended $25 charge to help estimate food and t-shirt orders. Ben clarifies that no one will be turned away for an inability to pay, and the organization is a 501(c)(3) charity.

  • Networking and Career Growth: Both Ben and Timothy stress that attending local conferences like BSides on a Saturday demonstrates a commitment to learning that employers value. Networking at these events can lead to job opportunities and valuable professional connections.

  • Professional Skills Over Hard Skills: Ben argues that professional skills—such as public speaking, running effective meetings, and communicating politely—are more crucial for career longevity than hard technical skills. He shares a personal story about how a poorly chosen phrase accidentally hurt a colleague and taught him the importance of careful communication.

  • Encouraging New Speakers: BSides St. Louis actively seeks out first-time speakers. Ben looks for people who have never given a talk before because the audience is forgiving and it helps them develop skills vital for interviewing and running meetings.

  • Family-Friendly Environment: The conference is explicitly family-friendly, encouraging attendees to bring children and high school students to explore the campus and participate in activities like lockpicking and soldering. Ben views "hackers" as anyone who does "something in a way that wasn't intended to be done".

  • Personal Philosophy: Ben shares his personal mission to help people "feel secure so they can sleep at night" and his belief that giving back through events like BSides is a way to help others who were not as fortunate as he was growing up.

Notable Quotes:

  • "Bringing the interested to the connected".

  • "One con talk isn't going to make you an expert, but learning just enough to know what to Google, so that you can become an expert when you need to later... Huge. So helpful".

  • "I can train somebody really easy to run NMAP... but telling somebody how to shut up in a meeting and listen way harder".

  • "Don't self-select yourself out of opportunities".

  • "My personal life goal is to help people feel secure so they can sleep at night".

Connect with Ben Miller & BSides St. Louis:

  • Website: bsidesstl.org

  • Event Date: September 27th

  • Event Location: Washington University's McKelvey School of Engineering

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]


How to Harness the Power of pfSense for Network Security

Summary:

In this episode of Exploring Information Security, Security Engineer Kyle Goode takes a deep dive into the versatile world of pfSense, a robust open-source firewall and router that has been a mainstay in the network security arena for over two decades. Kyle shares insights from his own experiences with pfSense, exploring both the practical and technical aspects of setting up and managing a pfSense system.

Episode Highlights:

  • Setting Up pfSense: Practical tips on how to set up pfSense on different types of hardware, and troubleshooting common setup issues.

  • Security Customizations: Detailed discussion on customizing pfSense for enhanced security, including the use of threat feeds and SSL inspection.

  • Maintenance and Updates: Tips on maintaining a pfSense installation, including regular updates and leveraging community resources for troubleshooting.

  • Benefits of Using pfSense: A look at the benefits of using pfSense over commercial routers, especially for those interested in a deeper understanding of network security.

Resources:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


What is Converge and BSides Detroit?

In this Motor City edition of the Exploring Information Security podcast, Ryan Harp, Kyle Andrus, and Kate Vajda join me to discuss the conferences Converge and BSides Detroit.

Ryan (@th3b00st), Kyle (@chaoticflaws), and Kate (@vajkat) help put on one of the best conferences. Last year was my first year at the conference. I was not disappointed. They had a workshop on application security; a room set aside to get resume feedback; Ham radio exams; and much more. They also had three days of wonderful talks with some really great speakers. At lunch there are multiple treks to go grab a coney dog.

The call for papers is currently open. They're looking for speakers and to add more workshops this year. Tickets are also available now. Make sure to grab yours and I'll see you at Converge and BSides Detroit May 10-12.

In this episode we discuss:

  • How the conference got started.

  • Where the conference is at and what's new this year for the layout.

  • What's unique about the conference.

  • Coney dogs.

What's happening at BSides Augusta?

In this masters edition of the Exploring Information Security podcast, Adam Twitty, Robert Preston, Jeff Lang, and myself discuss security things.

This is another EIS podcast special at BSides Augusta. I have some close friends joining me for this one. Adam, Jeff, and Robert all part of a local user group in Columbia, South Carolina, aptly named ColaSec. I also worked with Adam and Robert at my first security gig.

BSides Augusta is one of my favorite BSides events. It's really well run. It has a great facility and there's so much to do. In fact, I took part in my first conference capture the flag (CTF) with some of the guys from ColaSec. It was quite the experience and a lot of fun. I highly recommend the conference for those free in mid-September.

In this episode we discuss:

  • What it's like to be on a good team
  • What you need to know to get into the field?
  • What paths are available to get into infosec
  • What is ColaSec?

What is BSides Bordeaux

In this exquisite episode of the Exploring Information Security podcast, Allan Liska and Tim Gallo join me to discuss a brand new BSides in Bordeaux.

Both Allan (@uuallan) and Tim (@TimJGallo) are in the Unite States. This makes starting a BSides in France challenging and intriguing. Both organizers love wine and saw an opportunity to put France on the BSides map. BSides Bordeaux (@BsidesBDX) is October 21, 2017, in Bordeaux France. The venue is Mama Shelter (which has a wicked video). Tickets are limited so be sure to grab one soon.

In this episode we discuss:

  • What inspired them to start BSides Bordeaux
  • The challenges of organizing a BSides on another continent
  • What makes the conference unique
  • What are some of the things to do in Bordeaux

What is BSides Nashville?

In this musical edition of the Exploring Information Podcast, organizers Jennifer Samardak and Finn Breland join me to discuss BSides Nashville.

BSides Nashville (@bsidesnash) is the second BSides I attended and the only one I've attend each year since it's inception. It's a really well put together conference. They have three tracks. They have the usual side areas with lock picking, hardware hacking, and a kids area. The best part though is the lunch. They cater lunch from Martin's BBQ. One of Nashville's best BBQ places. I would put the food up against any conference. I join Jen (@jsmardak) and Finn (@FinnBreland) to talk about all that and much more.

BSides Nashville is April 22, 2017, at Lipscomb University. Tickets are sold out. A waiting list is available for those hoping to attend.

In this episode we discuss:

  • What is BSides Nashville
  • Who should attend the conference
  • What makes it's unique
  • Where are the places to visit in Nashville?

What is BSides Indy?

In this circular edition of the Exploring Information Security podcast, Frank the Tank joins me to discuss BSides Indy.

Frank (@TheDevilsVoice) is the lead organizer of BSides Indy (@indybsides). I am excited to be traveling to the conference this year. I will be taking pictures and speaking at the event. I decided to have Frank on to talk about BSides Indy to gauge what type of BSides event I can expect. The theme I got from my chat with Frank is that it's a very laid back type of BSides with a lot of the usual events. They have some wonderful speakers. A lock pick village and a place for hacking Internet of Things (IoT) devices. Hack4Kidz for the little ones and a devious capture the flag (CTF) event. I am excited to go. Tickets are still available. General Admission is $15 for Saturday. Hack Harder (Friday workshops) and the Saturday talks are $30. If you're a student or broke tickets are free. See you there!

In this episode we discuss:

  • What is BSides Indy?
  • How the con got started
  • What makes this conference unique?
  • What is the one thing to do in Indy (Pork tenderloin sandwiches)

What is BSides Hunstville?

In this launched edition of the Exploring Information Security podcast, Paul Coggin joins me to discuss BSides Hunstville.

Paul (@PaulCoggin) is the founder and organizer of BSides Hunstville (@BSidesHSV). I will be attending the conference for the first time this year. The conference is in it's fifth year of existence. In our discussion I found something unique about the conference. Paul doesn't deal with sponsors like some other BSides conferences. Which isn't a bad thing and I'm interested to see how that plays out in talks and networking opportunities. The lineup of speakers looks fantastic. Tickets are still available and I encourage people to check it out.

In this episode we discuss:

  • What is BSides?
  • How BSides Hunstville got started?
  • What is unique about the conference?
  • Why Huntsville is a prime place for a BSides?

What is BSides Augusta?

In this episode of the Exploring Information Security (EIS) podcast, I talk with one of the organizers of BSides Augusta, Doug Burks.

2015 will be the third year for the security conference and it looks to be even bigger and better than last year. This year the conference features a two blue team tracks, a red team track, CTF challenge, a lock pick village, and much more.  Doug also talked about his own conference that leads into BSides Augusta, the Security Onion conference. BSides Augusta is sold out, but the Security Onion conference still has tickets available.

Security Onion Conference - September 11, 2015 - Tickets available

BSides Augusta - September 12, 2015 - SOLD OUT with waiting list

In this interview Doug discusses:

  • What is BSides Augusta
  • How the security conference got started
  • The blue team atmosphere
  • The Security Onion conference