Afleveringen
-
Join me as I chat with Apis Necros, a software developer & hacker about his intro to infosec, the IndieWeb, cookie recipes and more!
Show Notes@[email protected] HivePokemon GoApis Necros ProjectsStraddling CheckerboardActually, Roll Your Own crypto, then throw it away.Apis Mellifera CecropiaThe IndieWebHugoOne of usHaving a website isnât about blogging, itâs about youGetting Into Information SecurityYou have something to say, someone will listenPopular Shellsharks posts (2022)Exploring Minix Character Device DriversHerman Miller Logitech Embody ReviewAn Ode to Lost FriendsEnshittificationFacebookâs AI Spam Isnât the âDead Internetâ: Itâs the Zombie InternetFacebookâs Shrimp Jesus, ExplainedAI Slopomg.lolApis Necros RecipesSlash Pages/ChipotleDeobfuscating a Malware StagerMental Illness, Autism, and SufferingA 5 Year Infosec Education RetrospectiveDesk SetupInfosec.exchangeIoc.exchangeStars, Boosts & Toots -
Join me as I chat with Jason Parker, a Software Developer, Cybersecurity Researcher and Independent Journalist about hacking court systems, punycode, infosec training and more!
!! Explicit Language Alert !!
Show NotesJason Parker on MastodonTwitter MigrationMaricopa County Superior Corut eFiling system disclosureMy call for Podcast guests on MastodonJeltzBluesky ExploitsDisorder In The CourtOWASP Broken Access Control404 MediaLockBit ransomware Fulton countyToothbrush botnetSecurity flaws in court record systems used in five US states exposed sensitive legal documents | Tech CrunchFlaws in public records management tool could let hackers nab sensitive data linked to requests | NextgovSoftware Flaws Exposed Sealed Court Docs, Researcher Says | Law360Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISACalifornia Bar investigates after confidential discipline records published onlineState Bar of Calif. Data Breach Caused Confidential Disciplinary Records to Show Up on Third-Party Website, Class Action SaysMicrosoft RecallThe best counterargument to using RecallPunycodeSingle-letter second-level domainInteresting instance domainsDonate to the EFFISC2 certified in cybersecurityWeb Security AcademyCalifornia Consumer Privacy Act (CCPA)Other US States w/ Privacy LawsiTerm moves AI functionality into a pluginGovernor Wants to Prosecute Journalist Who Clicked View Source on Government SiteAWS Shared Responsibility Model -
Zijn er afleveringen die ontbreken?
-
The Shellsharks Podcast is back! Season 2 begins now.
The Last Episode: Mastodon & Cyber-success w/ @rebootkidThe show is now available to follow on the Fediverse @[email protected] Shellsharks Podcast direct RSS linkShellsharks.comFollow me @[email protected] -
Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and managementâs role in combatting burnout.
Show NotesMastodonStars, Boosts & TootsDiasporaInfosec.ExchangeFediverseDefcon.socialActivityPub rocks!Why I Blog. You Should Too!SQL SlammerWhat Certification or Training Should I Take?Interview w/ Security Engineer, Eva GeorgievaMFA Prompt BombingGetting Into Information SecurityAn Ode to RSSCybersecurity burnout is real -
Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy!
Show NotesI Said No to Online Cookies. Websites Tracked Me Anyway. | Consumer ReportsStory of Dan Frechtling & Scott MoorePrivacy Regulations - GDPR, LGPD, CCPA, CPRASephora Privacy SettlementGlobal Privacy ControlThe American Data Privacy and Protection Act (ADPPA)Advanced Data Protection Control (ADPC)US Privacy StringOSINT Sock PuppetsRuTarget Harvesting Google DataExecutive Order on Protecting Foreign Intel from Surveilling US CitizensIs TikTok safe?Deprecation of third-party cookiesSSO wall of shameGDPR enforcement trackerFuture of Privacy ForumTROPT Defining the Privacy tech Landscape WhitepaperIAPPThree Ways Your Data is Leaking in Advertising and How to Avoid It -
Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more!
Note: Had some challenges with audio leveling, I apologize for any audio weirdness!
Show NotesUber IncidentEvaâs AMA on Reddit#hackintocybersecOLLMOOTryHackMeHack The Box (Academy)TCM Security -
Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting!
Show NotesHunters.aiLong Tail AnalysisThe DFIR Report2022 CrowdStrike Global Threat ReportRed Canary 2022 Threat Detection ReportTwitter Global CERTs/CSIRTs/ISACs list (Twitter is sort of defunct now though)MISPThreat Hunting w/ Python (Dragos)The Cyber Kill Chain (Lockheed Martin) - shellsharksCIS Critical Security ControlsPractical Threat Hunting Training (Chris Sanders)MITRE ATT&CK -
Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!
Show NotesVoidSecThe Shellcoderâs HandbookOffensive Security | EXP-401 | AWE | OSEEGoogle Project ZeroPrintDemon (Alex Ionescu & Yarden Shafir)VoidSec CVE-2020-1337ZerodiumImmunefi - Web3 has huge bounty payoutsIDA ProBurp Suite Professional010 EditorGhidraBinaryNinjaThe Art of Software Security AssessmentRET2SYSTEMS TrainingZero Day Initiative (ZDI)TrendMicroCorelanCVE North StarsPwn2Ownsecret clubUpdatedSecurity - Security Forum -
Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust!
Show NotesPomeriumLatin meaning of âpomeriumâSome fun with Latin on Shellsharks - The Enchiridion of Impetus ExemplarJericho Forum, now The Open Group Security ForumBeyondCorpNIST SP 800-207: Zero Trust ArchitectureM-22-09: Moving the US Government Toward Zero Trust Cybersecurity PrinciplesQ&A with Zero Trust Architecture Writers from NISTRego Policy LanguageOpen Policy AgentIstio Service MeshOpen Source Pomerium on GitHub2021 Twitter HackOASIS eXtensible Access Control Markup Language (XACML)HashiCorp Sentinel FrameworkAwesome Zero trust -
A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, Minware!
Show NotesTI-85 Graphing CalculatorNumber MunchersDragonRealms, Gemstone III (current) NSA Student ProgramsWeb Tap: detecting covert web trafficUniversity of Michigan PhD in CSEExecutive Order on Improving the Nationâs CybersecurityU.S. Cyber CommandKevinâs Usenix Security PublicationsChimera: A Declarative Language for Streaming Network Traffic Analysis + NSA SlidesSecuring Network Input via a Trusted Input ProxyTowards Quantification of Network-Based Information Leaks via HTTPSELinuxProject ZeroKevin Borders on QuoraDoes the NSA Have Better Engineers than Facebook or Google?About minwareHalting problemBlackhat / Defcon100% PreventionWhat are some computer hacks that hackers know but most people donât?The Most Hated Man on the InternetNSO Group iMessage Zero-Click Exploit, FORCEDENTRYOkta breach 2022NIST SP 800-207: Zero Trust ArchitectureSolarWinds BreachHow to Contribute to Open Source -
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more!
Show NotesPreshowMITRE ATT&CKOWASP Docker Top 10OWASP Kubernetes Top 10Main ShowSLSA - Supply Chain FrameworkSoftware Artifact ProvenanceSoftware Attestationsin-toto - Supply Chain FrameworkOpenSSF YouTube ChannelSLSA CommunitySLSA Githubslsa.devOWASP Software Component Verification StandardPocketNFTs, explains (The Verge)2021 Gamestop short squeezer/wallstreetbetsGameStop NFT MarketplaceImmortal GameReddit NFT MarketplaceBored Ape Yacht Club + Roaring 20âsCRYPTOCVESNVD + MitreMoxie Marlinspike on NFTs and Web3Web3Web5 (lol)Bitcoin51% attacksPoly Network cryptocurrency hackWeb 3 is going just greatLattice-based cryptographyPostshowChinese Housewife Wikipedia MisinformationTwitter verification -
Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!
Show NotesMain ShowGreg EdwardsCryptoStopperWannaCry ransomwareJigsaw ransomwareColonial Pipeline hackLambdaLockerSolarwinds Supply Chain Compromise18 CIS Critical Security ControlsRansomware as a Service (RaaS)Ransomware Payments via CryptoOST DebateShadow Brokers -
Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Securityâs challenging OSWE certification, discuss where we get our inspiration for blogging and more!
Show NotesMain Showtpetersonkth.github.ioOffensive Security - OSWEDEF CON YouTube channelHackTheBoxOffensive Security - OSCPThomasâs OSWE Review 2022Shellsharks Desk setupeLearnSecurity - PTPIKEAOG Shellsharks LookShellsharks - Captains LogPostshowSwedish Fika -
Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!
!! Explicit Language Alert !!
Show NotesPreshowCheck out my monitor setup via my Desk Setup 2021 postCheck out the apps I typically use via my Mac Tools postHone your coding skills with LeetcodeElite âPewPewâ map courtesy of FireEyeMain ShowUkraine Humanitarian FundGoogle (allegedly) un-blurring Russian satellite imageryTracking Russian soldiers using stolen iPhonesDestructive WipersNamed Vulnerabilities ListCrowdStrike APT Adversary UniverseMandiant APT NamingDragos Threat Activity Group NamesWhat is a Chollima?Offensive Security CoursesOffSec WEB-300/AWAE/OSWECertifications are not like Pokemon CardsShellsharks Podcast on BurnoutMy Reddit AMAâThought LeaderâThe CISSPDoD 8570Metasploit Default Credential CVE -
Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!
Show Notes
Main Show
Little Man In My Head: https://littlemaninmyhead.wordpress.comJava Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.htmlNaCl: Networking and Cryptography library: https://nacl.cr.yp.toDonât Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-cryptoSony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.htmlCryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysisDeprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdfRon Rivest: https://people.csail.mit.edu/rivest/Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptographyAppSec Australia: https://www.meetup.com/en-AU/appsec-australia/Groverâs Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithmInternet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/DevSecOps: Just one definition - https://www.devsecops.orgOWASP: https://owasp.orgCAPTCHA: https://support.google.com/a/answer/1217728?hl=enreCAPTCHA: https://www.google.com/recaptcha/about/Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/OWASP Top 10: https://owasp.org/www-project-top-ten/OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/SAST: https://www.synopsys.com/glossary/what-is-sast.htmlMicroservices: https://microservices.ioDAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/OWASP Zap: https://owasp.org/www-project-zap/SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.htmlInception: https://www.imdb.com/title/tt1375666/Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.htmlTruffleHog: https://trufflesecurity.com/trufflehogLog4Shell: https://log4shell.com/CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerabilityHeartbleed: https://heartbleed.comShellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdfMandiantâs Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoorBurpSuite: https://portswigger.net/burp Postshow
Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/
-
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.
Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!
Show Notes
Preshow
Simplenote: https://simplenote.comNotion: https://www.notion.soObsidian: https://obsidian.mdVisual Studio Code: https://code.visualstudio.comNotepad++: https://notepad-plus-plus.org/downloads/GitHub Pages: https://pages.github.comAtom: https://atom.ioMain Show
Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20Infosec Blogs: https://shellsharks.com/infosec-blogsAn Ode to RSS: https://shellsharks.com/an-ode-to-rssShortcuts: https://apps.apple.com/us/app/shortcuts/id915249334Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/OWASP Top 10: https://owasp.org/www-project-top-ten/OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdfOWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdfOWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdfOMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azureThatâs some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/ChaosDB: https://chaosdb.wiz.io
-
Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!
Show NotesPreshowAudio HijackRogue AmoebaOmniFocusTodoistNotionFantasticalGetting Things GNOME!Main ShowCrader SecurityWhy I Blog. You Should Too!WGUShellsharks Captainâs LogMIT Open CoursewareRaspberry PiAWS Free TierPluralsightGitHub Developer PackGoogle Cloud Free TierPotent Wisdom Coming Soon!The Linux Smack Coming Soon!The Privacy Smack Coming Soon!TryHackMePostshowShellsharks Inbox ZeroDigital Minimalism -
Kyle (@cyberspacekyle) and Masie (@masiehabibi) join me (@shellsharks) once more to chat motivation and burnout in infosec and in life. We also have a fiery fitness challenge throw-down! I hope you enjoy this relatively short but lively episode!
PreshowApple Watch Fitness CompetitionsMain ShowShellsharksLinkedinBlind -
Join myself (@shellsharks) and my guest Sukrit (@sukritdua) as we chat pentesting, training, craft beer and more!
Note: I apologize in advance as Sukritâs audio was a little spotty. Enjoy!
Show NotesPreshowCollective Arts BrewingQuebec Maple CokeIcewineDragon StoutMain ShowKali LinuxHackerOneBugCrowdSANS Cyber Security BlogPortSwigger BlogINE / eLearnSecurityShellsharksGetting Into Information SecurityReddit FeedbackPTPOSCPTry HarderWeb Application Hackers HandbookWeb Security AcademyHacker101 CTFOverTheWirepicoCTFSANS Holiday Hack ChallengeCybraryPentesterAcademyPentesterLabeWPTeWPTXSANS SEC542INE PlansSANS Work Study ProgramSANS SummitsSAN SEC660Stephen SimsaCloudGuruPluralsightLinux AcademyPostshowUntappdFoursquareMike on Untappd: @beersharksSukrit on Untappd: @AllPintsHill High MarketplaceuntappdScraperCaptains Log -
This week on The Shellsharks Podcast, @masiehabibi joins me (@shellsharks) to talk Clubhouse, ransomware, the Colonial Pipeline hack, Google I/O, iOS vs Android and more!
Podcast Pre-chatClubhouse: https://www.joinclubhouse.comFind me on Clubhouse @shellsharks!2021 Microsoft Exchange Vulnerabilities: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/Twitter Spaces: https://blog.twitter.com/en_us/topics/product/2021/spaces-is-here.htmlThe Shellsharks Podcast website: https://shellsharks.com/podcastColonial Pipeline Hack & Ransomware DiscussionColonial Pipeline hack: https://www.wired.com/story/colonial-pipeline-ransomware-attack/Tesla: https://www.tesla.comDarkside ransomware group: https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/Home Depot breach: https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5RTF Report: Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/publications/detail/sp/800-207/finalBeyondCorp: https://cloud.google.com/beyondcorpGoogle I/O vs Apple Events & iOS vs AndroidGoogle I/O: https://events.google.com/io/?lng=enGoogle LaMDA: https://www.blog.google/technology/ai/lamdaApple Spring Event 2021: https://www.apple.com/apple-events/april-2021/?useASL=trueGoogle Duplex: https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.htmlWWDC: https://developer.apple.com/wwdc21/iOS Jailbreaking: https://en.wikipedia.org/wiki/IOS_jailbreakingCheatsWithFriends: http://cydia.saurik.com/package/com.fire30.hackingwithfriends/ - Laat meer zien