Search for episodes from The Shellsharks Podcast with a specific topic:

Latest episodes from The Shellsharks Podcast

/Chipotle

Play Episode Listen Later Jun 4, 2024 68:35


Join me as I chat with Apis Necros, a software developer & hacker about his intro to infosec, the IndieWeb, cookie recipes and more! Show Notes @ApisNecros@ioc.exchange The Hive Pokemon Go Apis Necros Projects Straddling Checkerboard Actually, Roll Your Own crypto, then throw it away. Apis Mellifera Cecropia The IndieWeb Hugo One of us Having a website isn't about blogging, it's about you Getting Into Information Security You have something to say, someone will listen Popular Shellsharks posts (2022) Exploring Minix Character Device Drivers Herman Miller Logitech Embody Review An Ode to Lost Friends Enshittification Facebook's AI Spam Isn't the ‘Dead Internet': It's the Zombie Internet Facebook's Shrimp Jesus, Explained AI Slop omg.lol Apis Necros Recipes Slash Pages /Chipotle Deobfuscating a Malware Stager Mental Illness, Autism, and Suffering A 5 Year Infosec Education Retrospective Desk Setup Infosec.exchange Ioc.exchange Stars, Boosts & Toots

The foremost expert on court cybersecurity vulnerabilities?

Play Episode Listen Later May 29, 2024 81:31


Join me as I chat with Jason Parker, a Software Developer, Cybersecurity Researcher and Independent Journalist about hacking court systems, punycode, infosec training and more! !! Explicit Language Alert !! Show Notes Jason Parker on Mastodon Twitter Migration Maricopa County Superior Corut eFiling system disclosure My call for Podcast guests on Mastodon Jeltz Bluesky Exploits Disorder In The Court OWASP Broken Access Control 404 Media LockBit ransomware Fulton county Toothbrush botnet Security flaws in court record systems used in five US states exposed sensitive legal documents | Tech Crunch Flaws in public records management tool could let hackers nab sensitive data linked to requests | Nextgov Software Flaws Exposed Sealed Court Docs, Researcher Says | Law360 Multiple Vulnerabilities Affecting Web-Based Court Case and Document Management Systems | CISA California Bar investigates after confidential discipline records published online State Bar of Calif. Data Breach Caused Confidential Disciplinary Records to Show Up on Third-Party Website, Class Action Says Microsoft Recall The best counterargument to using Recall Punycode Single-letter second-level domain Interesting instance domains Donate to the EFF ISC2 certified in cybersecurity Web Security Academy California Consumer Privacy Act (CCPA) Other US States w/ Privacy Laws iTerm moves AI functionality into a plugin Governor Wants to Prosecute Journalist Who Clicked View Source on Government Site AWS Shared Responsibility Model

The Shellsharks Podcast is back! (Season 2)

Play Episode Listen Later May 23, 2024 1:43


The Shellsharks Podcast is back! Season 2 begins now. The Last Episode: Mastodon & Cyber-success w/ @rebootkid The show is now available to follow on the Fediverse @ShellsharksPodcast@podcast.shellsharks.com The Shellsharks Podcast direct RSS link Shellsharks.com Follow me @shellsharks@shellsharks.social

Mastodon & Cyber-success w/ @rebootkid

Play Episode Listen Later Dec 30, 2022 79:54


Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management's role in combatting burnout. Show Notes Mastodon Stars, Boosts & Toots Diaspora Infosec.Exchange Fediverse Defcon.social ActivityPub rocks! Why I Blog. You Should Too! SQL Slammer What Certification or Training Should I Take? Interview w/ Security Engineer, Eva Georgieva MFA Prompt Bombing Getting Into Information Security An Ode to RSS Cybersecurity burnout is real

Privacy Chat w/ Dan Frechtling

Play Episode Listen Later Dec 30, 2022 62:15


Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy! Show Notes I Said No to Online Cookies. Websites Tracked Me Anyway. | Consumer Reports Story of Dan Frechtling & Scott Moore Privacy Regulations - GDPR, LGPD, CCPA, CPRA Sephora Privacy Settlement Global Privacy Control The American Data Privacy and Protection Act (ADPPA) Advanced Data Protection Control (ADPC) US Privacy String OSINT Sock Puppets RuTarget Harvesting Google Data Executive Order on Protecting Foreign Intel from Surveilling US Citizens Is TikTok safe? Deprecation of third-party cookies SSO wall of shame GDPR enforcement tracker Future of Privacy Forum TROPT Defining the Privacy tech Landscape Whitepaper IAPP Three Ways Your Data is Leaking in Advertising and How to Avoid It

Mastodon & Cyber-success w/ @rebootkid

Play Episode Listen Later Dec 30, 2022 79:54


Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management's role in combatting burnout. Show Notes Mastodon Stars, Boosts & Toots Diaspora Infosec.Exchange Fediverse Defcon.social ActivityPub rocks! Why I Blog. You Should Too! SQL Slammer What Certification or Training Should I Take? Interview w/ Security Engineer, Eva Georgieva MFA Prompt Bombing Getting Into Information Security An Ode to RSS Cybersecurity burnout is real

Privacy Chat w/ Dan Frechtling

Play Episode Listen Later Dec 30, 2022 62:14


Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy! Show Notes I Said No to Online Cookies. Websites Tracked Me Anyway. | Consumer Reports Story of Dan Frechtling & Scott Moore Privacy Regulations - GDPR, LGPD, CCPA, CPRA Sephora Privacy Settlement Global Privacy Control The American Data Privacy and Protection Act (ADPPA) Advanced Data Protection Control (ADPC) US Privacy String OSINT Sock Puppets RuTarget Harvesting Google Data Executive Order on Protecting Foreign Intel from Surveilling US Citizens Is TikTok safe? Deprecation of third-party cookies SSO wall of shame GDPR enforcement tracker Future of Privacy Forum TROPT Defining the Privacy tech Landscape Whitepaper IAPP Three Ways Your Data is Leaking in Advertising and How to Avoid It

Interview w/ Security Engineer, Eva Georgieva

Play Episode Listen Later Nov 16, 2022 59:11


Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more! Note: Had some challenges with audio leveling, I apologize for any audio weirdness! Show Notes Uber Incident Eva's AMA on Reddit #hackintocybersec OLLMOO TryHackMe Hack The Box (Academy) TCM Security

Interview w/ Security Engineer, Eva Georgieva

Play Episode Listen Later Nov 16, 2022 59:12


Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more! Note: Had some challenges with audio leveling, I apologize for any audio weirdness! Show Notes Uber Incident Eva's AMA on Reddit #hackintocybersec OLLMOO TryHackMe Hack The Box (Academy) TCM Security

Threat Hunting w/ Shahar Vaknin of Hunters.ai

Play Episode Listen Later Nov 16, 2022 81:57


Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting! Show Notes Hunters.ai Long Tail Analysis The DFIR Report 2022 CrowdStrike Global Threat Report Red Canary 2022 Threat Detection Report Twitter Global CERTs/CSIRTs/ISACs list (Twitter is sort of defunct now though) MISP Threat Hunting w/ Python (Dragos) The Cyber Kill Chain (Lockheed Martin) - shellsharks CIS Critical Security Controls Practical Threat Hunting Training (Chris Sanders) MITRE ATT&CK

Threat Hunting w/ Shahar Vaknin of Hunters.ai

Play Episode Listen Later Nov 16, 2022 81:57


Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting!   Show Notes Hunters.ai Long Tail Analysis The DFIR Report 2022 CrowdStrike Global Threat Report Red Canary 2022 Threat Detection Report Twitter Global CERTs/CSIRTs/ISACs list (Twitter is sort of defunct now though) MISP Threat Hunting w/ Python (Dragos) The Cyber Kill Chain (Lockheed Martin) - shellsharks CIS Critical Security Controls alert(1) Practical Threat Hunting Training (Chris Sanders) MITRE ATT&CK

Vuln Research & Exploit Dev w/ VoidSec

Play Episode Listen Later Nov 16, 2022 66:56


Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!   Show Notes VoidSec The Shellcoder's Handbook Offensive Security | EXP-401 | AWE | OSEE Google Project Zero PrintDemon (Alex Ionescu & Yarden Shafir) VoidSec CVE-2020-1337 Zerodium Immunefi - Web3 has huge bounty payouts IDA Pro Burp Suite Professional 010 Editor Ghidra BinaryNinja The Art of Software Security Assessment RET2SYSTEMS Training Zero Day Initiative (ZDI) TrendMicro Corelan CVE North Stars Pwn2Own secret club UpdatedSecurity - Security Forum

research exploit vuln vulnerability research
Vuln Research & Exploit Dev w/ VoidSec

Play Episode Listen Later Nov 15, 2022 66:57


Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research! Show Notes VoidSec The Shellcoder's Handbook Offensive Security | EXP-401 | AWE | OSEE Google Project Zero PrintDemon (Alex Ionescu & Yarden Shafir) VoidSec CVE-2020-1337 Zerodium Immunefi - Web3 has huge bounty payouts IDA Pro Burp Suite Professional 010 Editor Ghidra BinaryNinja The Art of Software Security Assessment RET2SYSTEMS Training Zero Day Initiative (ZDI) TrendMicro Corelan CVE North Stars Pwn2Own secret club UpdatedSecurity - Security Forum

research exploit vuln vulnerability research
Zero Trust is not 0 or 1

Play Episode Listen Later Sep 2, 2022 55:14


Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust! Show Notes Pomerium Latin meaning of “pomerium” Some fun with Latin on Shellsharks - The Enchiridion of Impetus Exemplar Jericho Forum, now The Open Group Security Forum BeyondCorp NIST SP 800-207: Zero Trust Architecture M-22-09: Moving the US Government Toward Zero Trust Cybersecurity Principles Q&A with Zero Trust Architecture Writers from NIST Rego Policy Language Open Policy Agent Istio Service Mesh Open Source Pomerium on GitHub 2021 Twitter Hack OASIS eXtensible Access Control Markup Language (XACML) HashiCorp Sentinel Framework Awesome Zero trust

Zero Trust is not 0 or 1

Play Episode Listen Later Sep 2, 2022 55:14


Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust!   Show Notes Pomerium Latin meaning of "pomerium" Some fun with Latin on Shellsharks - The Enchiridion of Impetus Exemplar Jericho Forum, now The Open Group Security Forum BeyondCorp NIST SP 800-207: Zero Trust Architecture M-22-09: Moving the US Government Toward Zero Trust Cybersecurity Principles Q&A with Zero Trust Architecture Writers from NIST Rego Policy Language Open Policy Agent Istio Service Mesh Open Source Pomerium on GitHub 2021 Twitter Hack OASIS eXtensible Access Control Markup Language (XACML) HashiCorp Sentinel Framework Awesome Zero trust

Hacker Profile: Kevin Borders (NSA Red Team to Software Entrepreneur)

Play Episode Listen Later Aug 23, 2022 94:44


A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, Minware! Show Notes TI-85 Graphing Calculator Number Munchers DragonRealms, Gemstone III (current) NSA Student Programs Web Tap: detecting covert web traffic University of Michigan PhD in CSE Executive Order on Improving the Nation's Cybersecurity U.S. Cyber Command Kevin's Usenix Security Publications Chimera: A Declarative Language for Streaming Network Traffic Analysis + NSA Slides Securing Network Input via a Trusted Input Proxy Towards Quantification of Network-Based Information Leaks via HTTP SELinux Project Zero Kevin Borders on Quora Does the NSA Have Better Engineers than Facebook or Google? About minware Halting problem Blackhat / Defcon 100% Prevention What are some computer hacks that hackers know but most people don't? The Most Hated Man on the Internet NSO Group iMessage Zero-Click Exploit, FORCEDENTRY Okta breach 2022 NIST SP 800-207: Zero Trust Architecture SolarWinds Breach How to Contribute to Open Source

Hacker Profile: Kevin Borders (NSA Red Team to Software Entrepreneur)

Play Episode Listen Later Aug 23, 2022 94:44


A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, minware!   Show Notes TI-85 Graphing Calculator Number Munchers DragonRealms, Gemstone III  (current) NSA Student Programs Web Tap:  detecting covert web traffic University of Michigan PhD in CSE Executive Order on Improving the Nation's Cybersecurity U.S. Cyber Command Kevin's Usenix Security Publications - Chimera: A Declarative Language for Streaming Network Traffic Analysis + NSA Slides Securing Network Input via a Trusted Input Proxy Towards Quantification of Network-Based Information Leaks via HTTP SELinux Project Zero Kevin Borders on QuoraDoes the NSA Have Better Engineers than Facebook or Google? About minware Halting problem Blackhat / Defcon 100% Prevention - LOL! What are some computer hacks that hackers know but most people don't? The Most Hated Man on the Internet NSO Group iMessage Zero-Click Exploit, FORCEDENTRY Okta breach 2022 NIST SP 800-207: Zero Trust Architecture SolarWinds Breach How to Contribute to Open Source

”Extra Decentralized” (A discussion on Web3 and SLSA)

Play Episode Listen Later Jul 28, 2022 77:34


Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more! Show Notes Preshow MITRE ATT&CK OWASP Docker Top 10 OWASP Kubernetes Top 10 Main Show SLSA - Supply Chain Framework Software Artifact Provenance Software Attestations in-toto - Supply Chain Framework OpenSSF YouTube Channel SLSA Community SLSA Github slsa.dev OWASP Software Component Verification Standard Pocket NFTs, explains (The Verge) 2021 Gamestop short squeeze r/wallstreetbets GameStop NFT Marketplace Immortal Game Reddit NFT Marketplace Bored Ape Yacht Club + Roaring 20's CRYPTOCVES NVD + Mitre Moxie Marlinspike on NFTs and Web3 Web3 Web5 (lol) Bitcoin 51% attacks Poly Network cryptocurrency hack Web 3 is going just great Lattice-based cryptography Postshow Chinese Housewife Wikipedia Misinformation Twitter verification

”Extra Decentralized” (A discussion on Web3 and SLSA)

Play Episode Listen Later Jul 28, 2022 77:34


Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more!   Show Notes Preshow MITRE ATT&CK OWASP Docker Top 10 OWASP Kubernetes Top 10 Main Show SLSA - Supply Chain Framework Software Artifact Provenance Software Attestations in-toto - Supply Chain Framework OpenSSF YouTube Channel SLSA Community SLSA Github slsa.dev OWASP Software Component Verification Standard Pocket NFTs, explains (The Verge) 2021 Gamestop short squeeze r/wallstreetbets GameStop NFT Marketplace Immortal Game Reddit NFT Marketplace Bored Ape Yacht Club + Roaring 20's CRYPTOCVES NVD + Mitre Moxie Marlinspike on NFTs and Web3 Web3 Web5 (lol) Bitcoin 51% attacks Poly Network cryptocurrency hack Web 3 is going just great Lattice-based cryptography Postshow Chinese Housewife Wikipedia Misinformation Twitter verification

Ransomware as a Podcast (RaaP)

Play Episode Listen Later Jul 11, 2022 63:02


Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more! Show Notes Main Show Greg Edwards CryptoStopper WannaCry ransomware Jigsaw ransomware Colonial Pipeline hack LambdaLocker Solarwinds Supply Chain Compromise 18 CIS Critical Security Controls Ransomware as a Service (RaaS) Ransomware Payments via Crypto OST Debate Shadow Brokers

Take a Fika

Play Episode Listen Later Jun 11, 2022 78:24


Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security's challenging OSWE certification, discuss where we get our inspiration for blogging and more! Show Notes Main Show tpetersonkth.github.io Offensive Security - OSWE DEF CON YouTube channel HackTheBox Offensive Security - OSCP Thomas's OSWE Review 2022 Shellsharks Desk setup eLearnSecurity - PTP IKEA OG Shellsharks Look Shellsharks - Captains Log Postshow Swedish Fika

Ransomware as a Podcast (RaaP)

Play Episode Listen Later Jun 11, 2022 63:02


Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!   Show Notes Main Show Greg Edwards CryptoStopper WannaCry ransomware Jigsaw ransomware Colonial Pipeline hack LambdaLocker Solarwinds Supply Chain Compromise 18 CIS Critical Security Controls Ransomware as a Service (RaaS) Ransomware Payments via Crypto OST Debate Shadow Brokers  

Take a Fika

Play Episode Listen Later Jun 11, 2022 78:23


Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security's challenging OSWE certification, discuss where we get our inspiration for blogging and more!   Show Notes Main Show tpetersonkth.github.io Offensive Security - OSWE DEF CON YouTube channel HackTheBox Offensive Security - OSCP Thomas's OSWE Review 2022 Shellsharks Desk setup eLearnSecurity - PTP IKEA OG Shellsharks Look Shellsharks - Captains Log Postshow Swedish Fika  

Suburban Turtle

Play Episode Listen Later Apr 28, 2022 63:47


Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more! !! Explicit Language Alert !! Show Notes Preshow Check out my monitor setup via my Desk Setup 2021 post Check out the apps I typically use via my Mac Tools post Hone your coding skills with Leetcode Elite “PewPew” map courtesy of FireEye Main Show Ukraine Humanitarian Fund Google (allegedly) un-blurring Russian satellite imagery Tracking Russian soldiers using stolen iPhones Destructive Wipers Named Vulnerabilities List CrowdStrike APT Adversary Universe Mandiant APT Naming Dragos Threat Activity Group Names What is a Chollima? Offensive Security Courses OffSec WEB-300/AWAE/OSWE Certifications are not like Pokemon Cards Shellsharks Podcast on Burnout My Reddit AMA “Thought Leader” The CISSP DoD 8570 Metasploit Default Credential CVE

Suburban Turtle

Play Episode Listen Later Apr 28, 2022 63:46


Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more! !! Explicit Language Alert !!   Show Notes Preshow Check out my monitor setup via my Desk Setup 2021 post Check out the apps I typically use via my Mac Tools post Hone your coding skills with Leetcode Elite "PewPew" map courtesy of FireEye Main Show Ukraine Humanitarian Fund Google (allegedly) un-blurring Russian satellite imagery Tracking Russian soldiers using stolen iPhones Destructive Wipers Named Vulnerabilities List CrowdStrike APT Adversary Universe Mandiant APT Naming Dragos Threat Activity Group Names What is a Chollima? Offensive Security Courses OffSec WEB-300/AWAE/OSWE Certifications are not like Pokemon Cards Shellsharks Podcast on Burnout My Reddit AMA "Thought Leader" The CISSP DoD 8570 Metasploit Default Credential CVE

Security Friendliness Engineering

Play Episode Listen Later Dec 28, 2021 72:41


Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more! Show Notes Main Show Little Man In My Head: https://littlemaninmyhead.wordpress.com Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html NaCl: Networking and Cryptography library: https://nacl.cr.yp.to Don't Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf Ron Rivest: https://people.csail.mit.edu/rivest/ Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/ Grover's Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ DevSecOps: Just one definition - https://www.devsecops.org OWASP: https://owasp.org CAPTCHA: https://support.google.com/a/answer/1217728?hl=en reCAPTCHA: https://www.google.com/recaptcha/about/ Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/ OWASP Top 10: https://owasp.org/www-project-top-ten/ OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/ SAST: https://www.synopsys.com/glossary/what-is-sast.html Microservices: https://microservices.io DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/ OWASP Zap: https://owasp.org/www-project-zap/ SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html Inception: https://www.imdb.com/title/tt1375666/ Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/ Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/ NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html TruffleHog: https://trufflesecurity.com/trufflehog Log4Shell: https://log4shell.com/ CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability Heartbleed: https://heartbleed.com Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271 The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218 ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143 WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf Mandiant's Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor BurpSuite: https://portswigger.net/burp     Postshow Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/

Security Friendliness Engineering

Play Episode Listen Later Dec 28, 2021 72:42


Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more! Show Notes Main Show Little Man In My Head: https://littlemaninmyhead.wordpress.com Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html NaCl: Networking and Cryptography library: https://nacl.cr.yp.to Don't Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf Ron Rivest: https://people.csail.mit.edu/rivest/ Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/ Grover's Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ DevSecOps: Just one definition - https://www.devsecops.org OWASP: https://owasp.org CAPTCHA: https://support.google.com/a/answer/1217728?hl=en reCAPTCHA: https://www.google.com/recaptcha/about/ Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/ OWASP Top 10: https://owasp.org/www-project-top-ten/ OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/ SAST: https://www.synopsys.com/glossary/what-is-sast.html Microservices: https://microservices.io DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/ OWASP Zap: https://owasp.org/www-project-zap/ SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html Inception: https://www.imdb.com/title/tt1375666/ Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/ Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/ NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html TruffleHog: https://trufflesecurity.com/trufflehog Log4Shell: https://log4shell.com/ CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability Heartbleed: https://heartbleed.com Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271 The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218 ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143 WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf Mandiant's Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor BurpSuite: https://portswigger.net/burp     Postshow Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/

Analyzing the OWASP Top 10 2021

Play Episode Listen Later Sep 28, 2021 80:27


Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021. Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static! Show Notes     Preshow Simplenote: https://simplenote.com Notion: https://www.notion.so Obsidian: https://obsidian.md Visual Studio Code: https://code.visualstudio.com Notepad++: https://notepad-plus-plus.org/downloads/ GitHub Pages: https://pages.github.com Atom: https://atom.io Main Show Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20 Infosec Blogs: https://shellsharks.com/infosec-blogs An Ode to RSS: https://shellsharks.com/an-ode-to-rss Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334 Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/ OWASP Top 10: https://owasp.org/www-project-top-ten/ OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/ OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure That's some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/ ChaosDB: https://chaosdb.wiz.io

Analyzing the OWASP Top 10 2021

Play Episode Listen Later Sep 28, 2021 80:26


Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021. Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!   Show Notes     Preshow Simplenote: https://simplenote.com Notion: https://www.notion.so Obsidian: https://obsidian.md Visual Studio Code: https://code.visualstudio.com Notepad++: https://notepad-plus-plus.org/downloads/ GitHub Pages: https://pages.github.com Atom: https://atom.io Main Show Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20 Infosec Blogs: https://shellsharks.com/infosec-blogs An Ode to RSS: https://shellsharks.com/an-ode-to-rss Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334 Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/ OWASP Top 10: https://owasp.org/www-project-top-ten/ OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/ OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure That's some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/ ChaosDB: https://chaosdb.wiz.io

Blogging & WGU

Play Episode Listen Later Jul 23, 2021 55:47


Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more! Show Notes Preshow Audio Hijack Rogue Amoeba OmniFocus Todoist Notion Fantastical Getting Things GNOME! Main Show Crader Security Why I Blog. You Should Too! WGU Shellsharks Captain's Log MIT Open Courseware Raspberry Pi AWS Free Tier Pluralsight GitHub Developer Pack Google Cloud Free Tier Potent Wisdom Coming Soon! The Linux Smack Coming Soon! The Privacy Smack Coming Soon! TryHackMe Postshow Shellsharks Inbox Zero Digital Minimalism

blogging western governors university wgu
Blogging & WGU

Play Episode Listen Later Jul 23, 2021 55:46


Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more! Show Notes     Preshow Audio Hijack: https://rogueamoeba.com/audiohijack/ Rogue Amoeba: https://rogueamoeba.com OmniFocus: https://www.omnigroup.com/omnifocus/ Todoist: https://todoist.com/ Notion: https://www.notion.so Fantastical: https://flexibits.com/fantastical Getting Things GNOME!: https://wiki.gnome.org/Apps/GTG Main Show Crader Security: https://cradersecurity.com Why I Blog. You Should Too!: https://shellsharks.com/you-should-blog#title WGU: https://www.wgu.edu Shellsharks Captain's Log: https://shellsharks.com/captains-log MIT Open Courseware: https://ocw.mit.edu/index.htm Raspberry Pi: https://ocw.mit.edu/index.htm AWS Free Tier: https://aws.amazon.com/free/ Pluralsight: https://www.pluralsight.com GitHub Developer Pack: https://docs.github.com/en Google Cloud Free Tier: https://cloud.google.com/free Potent Wisdom: https://potentwisdom.com - Coming Soon! The Linux Smack: https://linuxsmack.com - Coming Soon! The Privacy Smack: https://privacysmack.com - Coming Soon! TryHackMe: https://tryhackme.com     Postshow Shellsharks Inbox Zero - https://shellsharks.com/inbox-zero#title Digital Minimalism - https://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515

Burnout & Motivation

Play Episode Listen Later Jul 12, 2021 42:41


Kyle (@cyberspacekyle) and Masie (@masiehabibi) join me (@shellsharks) once more to chat motivation and burnout in infosec and in life. We also have a fiery fitness challenge throw-down! I hope you enjoy this relatively short but lively episode! Preshow Apple Watch Fitness Competitions Main Show Shellsharks Linkedin Blind

Burnout & Motivation

Play Episode Listen Later Jul 12, 2021 42:40


Kyle (@cyberspacekyle) and Masie (@masiehabibi) join me (@shellsharks) once more to chat motivation and burnout in infosec and in life. We also have a fiery fitness challenge throw-down! I hope you enjoy this relatively short but lively episode! Preshow Apple Watch Fitness Competitions: https://support.apple.com/en-us/HT207014 Main Show Shellsharks: https://shellsharks.com Linkedin: https://www.linkedin.com/ Blind: https://www.teamblind.com

Pentesting Chat (and Beer Chat)

Play Episode Listen Later Jun 11, 2021 60:29


Join myself (@shellsharks) and my guest Sukrit (@sukritdua) as we chat pentesting, training, craft beer and more! Note: I apologize in advance as Sukrit's audio was a little spotty. Enjoy! Show Notes Preshow Collective Arts Brewing Quebec Maple Coke Icewine Dragon Stout Main Show Kali Linux HackerOne BugCrowd SANS Cyber Security Blog PortSwigger Blog INE / eLearnSecurity Shellsharks Getting Into Information Security Reddit Feedback PTP OSCP Try Harder Web Application Hackers Handbook Web Security Academy Hacker101 CTF OverTheWire picoCTF SANS Holiday Hack Challenge Cybrary PentesterAcademy PentesterLab eWPT eWPTX SANS SEC542 INE Plans SANS Work Study Program SANS Summits SAN SEC660 Stephen Sims aCloudGuru Pluralsight Linux Academy Postshow Untappd Foursquare Mike on Untappd: @beersharks Sukrit on Untappd: @AllPints Hill High Marketplace untappdScraper Captains Log

Pentesting Chat (and Beer Chat)

Play Episode Listen Later Jun 11, 2021 60:29


Join myself (@shellsharks) and my guest Sukrit (@sukritdua) as we chat pentesting, training, craft beer and more! Note: I apologize in advance as Sukrit's audio was a little spotty. Enjoy! Show Notes     Preshow Collective Arts Brewing: https://collectiveartsbrewing.com/us/ Quebec Maple Coke: https://www.coca-colacanada.ca/en/specialtysoda/quebec-maple/ Icewine: https://mywinecanada.com/wine/ice-wine Dragon Stout: https://www.ratebeer.com/Ratings/Beer/Beer-Ratings.asp?BeerID=749 Main Show Kali Linux: https://www.kali.org HackerOne: https://www.hackerone.com BugCrowd: https://www.bugcrowd.com SANS Cyber Security Blog: https://www.sans.org/blog/ PortSwigger Blog: https://portswigger.net/blog INE / eLearnSecurity: https://ine.com/pages/elearnsecurity-pricing Shellsharks: https://shellsharks.com Getting Into Information Security: https://shellsharks.com/getting-into-information-security Reddit Feedback: https://www.reddit.com/r/netsecstudents/comments/m0lbst/a_guide_for_those_looking_to_break_into_the/ PTP: https://elearnsecurity.com/blog/ptpv4-launch/ OSCP: https://www.offensive-security.com/pwk-oscp/ Try Harder: https://www.offensive-security.com/offsec/say-try-harder/ Web Application Hackers Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 Web Security Academy: https://portswigger.net/web-security Hacker101 CTF: https://www.hackerone.com/blog/Introducing-Hacker101-CTF OverTheWire: https://overthewire.org/wargames/ picoCTF: https://picoctf.org SANS Holiday Hack Challenge: https://holidayhackchallenge.com Cybrary: https://www.cybrary.it PentesterAcademy: https://www.pentesteracademy.com PentesterLab: https://pentesterlab.com eWPT: https://elearnsecurity.com/product/ewpt-certification/ eWPTX: https://elearnsecurity.com/product/ewptxv2-certification/ SANS SEC542: https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/ INE Plans: https://ine.com/pages/plans SANS Work Study Program: https://www.sans.org/work-study-program/ SANS Summits: https://www.sans.org/cyber-security-summit SAN SEC660: https://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/ Stephen Sims: https://www.sans.org/profiles/stephen-sims/ aCloudGuru: https://acloudguru.com Pluralsight: https://www.pluralsight.com Linux Academy: https://login.linuxacademy.com     Postshow Untappd: https://untappd.com Foursquare: https://foursquare.com Mike on Untappd: @beersharks Sukrit on Untappd: @AllPints Hill High Marketplace: http://www.hill-high.com untappdScraper: https://github.com/WebBreacher/untappdScraper Captains Log: https://shellsharks.com/captains-log

Colonial Pipeline Hack & More!

Play Episode Listen Later May 20, 2021 74:13


This week on The Shellsharks Podcast, @masiehabibi joins me (@shellsharks) to talk Clubhouse, ransomware, the Colonial Pipeline hack, Google I/O, iOS vs Android and more! Podcast Pre-chat Clubhouse: https://www.joinclubhouse.com Find me on Clubhouse @shellsharks ! 2021 Microsoft Exchange Vulnerabilities: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/ Twitter Spaces: https://blog.twitter.com/en_us/topics/product/2021/spaces-is-here.html The Shellsharks Podcast website: https://shellsharks.com Colonial Pipeline Hack & Ransomware Discussion Colonial Pipeline hack: https://www.wired.com/story/colonial-pipeline-ransomware-attack/ Tesla: https://www.tesla.com Darkside ransomware group: https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/ Home Depot breach: https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5 RTF Report: Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/ SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/publications/detail/sp/800-207/final BeyondCorp: https://cloud.google.com/beyondcorp Google I/O vs Apple Events & iOS vs Android Google I/O: https://events.google.com/io/?lng=en Google LaMDA: https://www.blog.google/technology/ai/lamda Apple Spring Event 2021: https://www.apple.com/apple-events/april-2021/?useASL=true Google Duplex: https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.html WWDC: https://developer.apple.com/wwdc21/ iOS Jailbreaking: https://en.wikipedia.org/wiki/IOS_jailbreaking CheatsWithFriends: http://cydia.saurik.com/package/com.fire30.hackingwithfriends/

Colonial Pipeline Hack & More!

Play Episode Listen Later May 19, 2021 74:14


This week on The Shellsharks Podcast, @masiehabibi joins me (@shellsharks) to talk Clubhouse, ransomware, the Colonial Pipeline hack, Google I/O, iOS vs Android and more! Podcast Pre-chat Clubhouse: https://www.joinclubhouse.com Find me on Clubhouse @shellsharks! 2021 Microsoft Exchange Vulnerabilities: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/ Twitter Spaces: https://blog.twitter.com/en_us/topics/product/2021/spaces-is-here.html The Shellsharks Podcast website: https://shellsharks.com/podcast Colonial Pipeline Hack & Ransomware Discussion Colonial Pipeline hack: https://www.wired.com/story/colonial-pipeline-ransomware-attack/ Tesla: https://www.tesla.com Darkside ransomware group: https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/ Home Depot breach: https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5 RTF Report: Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/ SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/publications/detail/sp/800-207/final BeyondCorp: https://cloud.google.com/beyondcorp Google I/O vs Apple Events & iOS vs Android Google I/O: https://events.google.com/io/?lng=en Google LaMDA: https://www.blog.google/technology/ai/lamda Apple Spring Event 2021: https://www.apple.com/apple-events/april-2021/?useASL=true Google Duplex: https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.html WWDC: https://developer.apple.com/wwdc21/ iOS Jailbreaking: https://en.wikipedia.org/wiki/IOS_jailbreaking CheatsWithFriends: http://cydia.saurik.com/package/com.fire30.hackingwithfriends/

Getting Into Infosec (Part I)

Play Episode Listen Later May 7, 2021 70:28


Join myself (@shellsharks), Kyle (@cyberspacekyle) and Masie (@masiehabibi) as we discuss Getting Into Information Security, what industry certifications are best to get for those new to the field and more! Old Ox Brewery: https://www.oldoxbrewery.com Chimay Blue: https://www.beeradvocate.com/beer/profile/215/2512/ Security+: https://www.comptia.org/certifications/security SANS: https://www.sans.org SEC503 Network Intrusion Detection: https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/ ACloudGuru: https://acloudguru.com Python: https://acloudguru.com DOD 8570 (from SANS): https://www.giac.org/certifications/dodd-8570

Introduction

Play Episode Listen Later May 7, 2021 1:05


Introducing The Shellsharks Podcast! Join me (@shellsharks) in this new show about all things Infosec, Technology and Life-in-general. For more on Shellsharks, check out the site!

Getting Into Infosec (Part I)

Play Episode Listen Later May 7, 2021 70:27


Join myself (@shellsharks), Kyle (@cyberspacekyle) and Masie (@masiehabibi) as we discuss Getting Into Information Security, what industry certifications are best to get for those new to the field and more! Old Ox Brewery: https://www.oldoxbrewery.com Chimay Blue: https://www.beeradvocate.com/beer/profile/215/2512/ Security+: https://www.comptia.org/certifications/security SANS: https://www.sans.org SEC503 Network Intrusion Detection: https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/ ACloudGuru: https://acloudguru.com Python: https://www.python.org DOD 8570 (from SANS): https://www.giac.org/certifications/dodd-8570

Introduction

Play Episode Listen Later May 7, 2021 1:05


Introducing The Shellsharks Podcast! Join me (@shellsharks) in this new show about all things Infosec, Technology and Life-in-general.  For more on Shellsharks, check out the site!

Claim The Shellsharks Podcast

In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

Claim Cancel