POPULARITY
GEORGIA WEIDMAN is is a security researcher and advisor — she has a few tips to reduce the chances of being hacked. The post HACKERS IN WHITE HATS! appeared first on sound*bytes.
Big thank you to Proton for sponsoring this video. Get Proton VPN using my link: https://davidbombal.wiki/protonvpn5 // Phillip's SOCIAL // X / Twitter: https://twitter.com/PhillipWylie Website: https://www.thehackermaker.com/ Linktree: https://linktr.ee/phillipwylie LinkedIn: https://www.linkedin.com/in/phillipwylie YouTube: https://www.youtube.com/c/phillipwylie // Books MENTIONED // The Pentester Blueprint by Phillip Wiley and Kim Crawley https://amzn.to/41N5CBl The Hacker Playbook by Peter Kim https://amzn.to/40LvInc The Hacker Playbook 2 by Peter Kim https://amzn.to/3oVemqr The Hacker Playbook 3 by Peter Kim https://amzn.to/40SjokN The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard https://amzn.to/3oLN5Xv Hacking API's by Cori Ball https://amzn.to/3Hi5amj Penetration Testing A Hands-On Introduction to Hacking by Georgia Weidman https://amzn.to/3Hi5zF RTFM (Read Team Field Manual) by Ben Clark and Nick Downer https://amzn.to/3Vf0XWs Operator Handbook Red Team + OSINT + Blue Team by Joshua Picolet https://amzn.to/41JTQYH Black Hat GraphQL by Nick Aleks and Dolev Farhi: https://amzn.to/47I8zpT // Videos MENTIONED // Pentester Blueprint: Your road to success: https://youtu.be/-FjL8y3B08k Free Hacking API course!: https://youtu.be/CkVvB5woQRM // YouTubers mentioned // Rana Khalil: https://www.youtube.com/@RanaKhalil101 Profesor Messer: https://www.youtube.com/@professormesser She Networks: https://www.youtube.com/@shenetworks Tib3rius: https://www.youtube.com/tib3rius // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb X / Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/@davidbombal // Menu // 00:00 - Coming Up 01:51 - Sponsored segment 03:35 - Intro 04:11 - Blackhat 06:43 - Try Hack Me / Hack The Box 08:35 - Roadmap in 2024 14:30 - Do You Need Certifications? 18:07 - Problems Getting a Job 20:16 - CCNA or Network+? 23:34 - Certifications & Degrees 27:43 - Roadmap for Developers 30:33 - Using BugBounty for Experience 32:40 - What Should you Focus on in 2024? 36:12 - A.I in 2024 41:12 - Modern Day Opportunities 42:02 - Books For 2024 44:58 - Last Advice 50:03 - You're Never Too Old 52:14 - Different Roles 54:00 - Phillip's regrets 57:33 - Outro // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com pentest pentester hack hacker hacking ethical hacking ethical hacker course ethical hacker Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #hacker #pentester #hack
This is your path to becoming a master hacker. From zero to getting the skills you need to be successful. // MENU // 00:00 - Coming up 00:43 - Top skills for hacking 01:34 - The Hacker Mindset 01:49 - Analytical/Problem Solving Skills // Be creative 05:34 - Persistence // Never give up 08:50 - CompTIA A+ and basic computer skills 09:21 - Networking skills // CompTIA Network+ and virtualisation 09:47 - Linux // CompTIA Linux+ 10:18 - Virtualization 12:02 - Basic Wireshark knowledge // Practical Packet Analysis 13:48 - Security concepts and technologies // CompTIA Security+ and Hackers-Arise Security+ Training 15:48 - Scripting skills // Python and GO 17:40 - Database skills // SQL injection 19:04 - Web application skills 19:57 - Forensics background // Understanding what you leave behind 21:28 - Learn more on Hackers-Arise.com 22:35 - Cryptography skills 23:42 - Conclusion // Videos mentioned // Top hacking books: https://youtu.be/trPJaCGBbKU Wireshark with Chris Greer: https://www.youtube.com/playlist?list... Vickie Li Bug Bounty Bootcamp: https://youtu.be/QqrK294l_oI // BOOKS // - Linux basics for hackers by Occupy the Web: https://amzn.to/3A2oJM1 - Gray Hat Hacking Sixth Edition, The Ethical Hacker's Handbook by Various Authors: https://amzn.to/3TkI0Pr - This is how they tell me the world ends by Nicole Perlroth: https://amzn.to/3NWj3st - Hands on Hacking by Matthew Hickey and Jennifer Arcuri: https://amzn.to/3WImAia - Penetration Testing by Georgia Weidman: https://amzn.to/3UL1i1D - The Science of Human Hacking by Christopher Hadnagy (social engineering): https://amzn.to/3UssbaM - Getting started becoming a master hacker by Occupy the Web: https://amzn.to/3EmguNa - Black Hat Python by Justin Seitz and Tim Arnold: https://amzn.to/3yQIdTD - Hacking Connected Cars by Alissa Knight: https://amzn.to/3G5cRN5 - Hacking: The Art of Exploitation by Jon Erickson: https://amzn.to/3ElVhTI - The Pentester Blueprint by Phillip L. Wylie and Kim Crawley: https://amzn.to/3WIoGP4 - Hacking API's by Corey J.Ball: https://amzn.to/3EfXDT5 - Bug Bounty Bootcamp by Vickie Li: https://amzn.to/3GlG8U3 - Network basics for hackers by Occupy the Web (coming in 2023) // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web's SOCIAL // Twitter: https://twitter.com/three_cube // OTW Security+ // https://www.hackers-arise.com/security // OTW classes // Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot cybersecurity cybersecurity jobs hacking comptia comptia a+ comptia network+ wireshark vmware wireshark sql sql injection comptia security+ python golang perl digital forensics database cryptography ethical hacking hacking jobs hack the box try hack me pico ctf htb thm cyber security career cybersecurity cybersecurity careers ceh oscp ine elearn security ejpt oscp oscp certification ctf for beginners first job cybersecurity job kali kali linux Disclaimer: This video is for educational purposes only. Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel #kalilinux #hacking #cybersecurity
What are the top hacking books to get started? Practical and good hacking books? OTW discusses his favourite Hacking and cybersecurity books with me. Do you agree with him? Did we miss any great books? // MENU // 00:00 - Coming Up 00:20 - Intro 00:25 - Welcome Back OccupyTheWeb 00:55 - Network Basics for Hackers 02:04 - Other Books Releasing 02:51 - OccupyTheWeb Book Recommendations 03:22 - Linux Basics for Hackers 05:02 - Gray Hat Hacking 05:52 - This is How They Tell Me the World Ends 07:49 - Hands On Hacking 09:33 - Penetration Testing 10:56 - Getting Started Becoming a Master Hacker 12:11 - The Science of Human Hacking 14:01 - Black Hat Python 15:25 - TikTok 16:15 - Hacking Connected Cars 17:47 - Hacking: The Art of Exploitation 18:29 - Pentesting Blueprint 19:21 - Hacking APIs 19:54 - Bug Bounty Bootcamp 21:02 - Books Conclusion 21:46 - Networking 22:58 - Conclusion 23:55 - Web Hacker's Handbook 24:29 - Go 25:39 - Hacker's Playbook 26:45 - Outro // BOOKS // - Linux basics for hackers by Occupy the Web: https://amzn.to/3A2oJM1 - Gray Hat Hacking Sixth Edition, The Ethical Hacker's Handbook by Various Authors: https://amzn.to/3TkI0Pr - This is how they tell me the world ends by Nicole Perlroth: https://amzn.to/3NWj3st - Hands on Hacking by Matthew Hickey and Jennifer Arcuri: https://amzn.to/3WImAia - Penetration Testing by Georgia Weidman: https://amzn.to/3UL1i1D - The Science of Human Hacking by Christopher Hadnagy (social engineering): https://amzn.to/3UssbaM - Getting started becoming a master hacker by Occupy the Web: https://amzn.to/3EmguNa - Black Hat Python by Justin Seitz and Tim Arnold: https://amzn.to/3yQIdTD - Hacking Connected Cars by Alissa Knight: https://amzn.to/3G5cRN5 - Hacking: The Art of Exploitation by Jon Erickson: https://amzn.to/3ElVhTI - The Pentester Blueprint by Phillip L. Wylie and Kim Crawley: https://amzn.to/3WIoGP4 - Hacking API's by Corey J.Ball: https://amzn.to/3EfXDT5 - Bug Bounty Bootcamp by Vickie Li: https://amzn.to/3GlG8U3 - Network basics for hackers by Occupy the Web (coming in 2023) // Videos mentioned // - Hacking Cars like Mr Robot: https://www.youtube.com/watch?v=5LvqU... - Hacking Cell phones like Mr Robot: https://youtu.be/bK1lsI-ehL8 - Nicole Perlroth: Cybersecurity and the weapons of Cyberwar: https://youtu.be/hy2G3PhGm-g - Best Hacking Python Book: https://www.youtube.com/watch?v=2B76C... - Hacking API's and Cars: You need to learn this in 2022 https://www.youtube.com/watch?v=4VaHN... - Free API Hacking Course https://www.youtube.com/watch?v=CkVvB... - Bug Bounty Bootcamp https://www.youtube.com/watch?v=QqrK2... - Top 5 hacking books with Neal Bridges: https://youtu.be/VrayWzHKVw4 // David's SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Occupy The Web's SOCIAL // Twitter: https://twitter.com/three_cube // OTW classes // Hacker's Arise Pro Subscription for $32.99 a month: https://hackers-arise.com/online-stor... Get 3 year's access to all live courses for $750: https://hackers-arise.com/online-stor... // Occupy The Web Website / Hackers Arise Website // Website: https://www.hackers-arise.com/?afmc=1d OTW Mr Robot series: https://www.hackers-arise.com/mr-robot hacking books hack hacker hacking python python hacking black hat python gray hat hacking linux linux for hackers bug bounty nsa nsa hacker nsa hacking ethical hacking ceh oscp ine try hack me hack the box hacking ethical hacker oscp certification ctf for beginners Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #hacking #hack #cybersecurity
In this episode, we have the powerful Georgia Weidman. She is a serial entrepreneur, penetration tester, security researcher, speaker, and author with an incredible backstory. Georgia's LinkedIn: https://www.linkedin.com/in/georgiaweidman/Georgia's Youtube: https://www.youtube.com/channel/UCNKUSu4TPk979JzMeKDXiwQ/featuredGeorgia's Company Website: https://www.shevirah.com/
Brakesec Podcast is now on Pandora! Find us here: https://pandora.app.link/p9AvwdTpT3 Book club Book club is starting up again with Hands-On AWS penetration testing with Kali Linux from Gilbert and Caudill. You read and get together to discuss or demo every Monday. Get the book, start reading and meet us for the kick off Monday the 24 at 10pm eastern. The book club meets virtually on zoom, and organizes on slack..get invited like this.” Book: https://smile.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725 NolaCon Training: https://nolacon.com/training/2020/security-detect-and-defense-ttx Roberto Rodriguez Bio @Cyb3rWard0g on Twitter Threat Intel vs. Threat Hunting = what’s the difference? What datasets are you using? Did you start with any particular dataset, or created your own? Technique development - what skills are needed? C2 setup Detection mechanisms Honeypots How can people get involved? Blacksmith - create ‘mordor’ environment to push scripts to setup honeypot/nets https://Threathunterplaybook.com https://github.com/hunters-forge/ThreatHunter-Playbook https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190815181010.html https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 https://medium.com/threat-hunters-forge/writing-an-interactive-book-over-the-threat-hunter-playbook-with-the-help-of-the-jupyter-book-3ff37a3123c7 https://www.exploit-db.com/exploits/47995 - Sudo buffer overflow Mordor: The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation (JSON) files for easy consumption. YAML Example: https://github.com/hunters-forge/ThreatHunter-Playbook/blob/master/playbooks/WIN-190810201010.yaml Notebook Example: https://threathunterplaybook.com/notebooks/windows/08_lateral_movement/lateral_movement/WIN-190810201010.html Jupyter notebook - Definition: https://jupyter-notebook-beginner-guide.readthedocs.io/en/latest/what_is_jupyter.html Lateral Movement - WMI - IMAGE Below SIGMA? What is a Notebook? Think of a notebook as a document that you can access via a web interface that allows you to save input (i.e live code) and output (i.e code execution results / evaluated code output) of interactive sessions as well as important notes needed to explain the methodology and steps taken to perform specific tasks (i.e data analysis). https://medium.com/threat-hunters-forge/threat-hunter-playbook-mordor-datasets-binderhub-open-infrastructure-for-open-8c8aee3d8b4 Have a goal for expanding to other parts of ATT&CK? Threat Hunter Playbook - Goals Expedite the development of techniques an hypothesis for hunting campaigns. Help Threat Hunters understand patterns of behavior observed during post-exploitation. Reduce the number of false positives while hunting by providing more context around suspicious events. Share real-time analytics validation examples through cloud computing environments for free. Distribute Threat Hunting concepts and processes around the world for free. Map pre-recorded datasets to adversarial techniques. Accelerate infosec learning through open source resources. Sub-techniques: https://medium.com/mitre-attack/attack-sub-techniques-preview-b79ff0ba669a Slack Channel: https://launchpass.com/threathunting Twitter; https://twitter.com/mattifestation https://twitter.com/tifkin_ https://twitter.com/choldgraf https://twitter.com/Cyb3rPandaH on Brakeing Down Security Podcast on #Pandora- https://www.pandora.com/podcast/brakeing-down-security-podcast/PC:27866 Marcus Carey https://twitter.com/marcusjcarey Prolific Author, Defender, Enterprise Architect at ReliaQuest https://twitter.com/egyp7 https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950 “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.” Security model - everyone’s is diff How do you work with your threat model? A proper threat model Attack Simulation - How is this different from doing a typical Incident Response tabletop? Threat modeling systems? How is this different than a pentest? Is this automated red teaming? How effective can automated testing be? Is this like some kind of constant scanning system? How does this work with threat intel feeds? Can it simulate ransomware, or any attacks? Hedgehog principles A lot of things crappily, and nothing good Mr. Boettcher: “Why suck at everything…” Atomic Red Team - https://github.com/redcanaryco/atomic-red-team ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/ Tribe of Hackers https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit? https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #Pandora: https://pandora.app.link/p9AvwdTpT3 #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Brakeing Down Security Podcast on #Pandora- https://www.pandora.com/podcast/brakeing-down-security-podcast/PC:27866 Marcus Carey https://twitter.com/marcusjcarey Prolific Author, Defender, Enterprise Architect at ReliaQuest https://twitter.com/egyp7 https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950 “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.” Security model - everyone’s is diff How do you work with your threat model? A proper threat model Attack Simulation - How is this different from doing a typical Incident Response tabletop? Threat modeling systems? How is this different than a pentest? Is this automated red teaming? How effective can automated testing be? Is this like some kind of constant scanning system? How does this work with threat intel feeds? Can it simulate ransomware, or any attacks? Hedgehog principles A lot of things crappily, and nothing good Mr. Boettcher: “Why suck at everything…” Atomic Red Team - https://github.com/redcanaryco/atomic-red-team ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/ Tribe of Hackers https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit? https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Marcus Carey https://twitter.com/marcusjcarey Prolific Author, Defender, Enterprise Architect at ReliaQuest https://twitter.com/egyp7 https://www.darkreading.com/vulnerabilities---threats/reliaquest-acquires-threatcare/d/d-id/1335950 “GreyMatter integrates security data from security incident and event manager (SIEM), endpoint detection and response (EDR), firewalls, threat intelligence feeds, and other security tools, and includes analysis functions and automation. Threatcare's technology — which will become a new feature on the platform — simulates how a specific threat or attack could target an organization's network in order to determine whether its security tools and settings are or are not actually working to thwart the threats.” Security model - everyone’s is diff How do you work with your threat model? A proper threat model Attack Simulation - How is this different from doing a typical Incident Response tabletop? Threat modeling systems? How is this different than a pentest? Is this automated red teaming? How effective can automated testing be? Is this like some kind of constant scanning system? How does this work with threat intel feeds? Can it simulate ransomware, or any attacks? Hedgehog principles A lot of things crappily, and nothing good Mr. Boettcher: “Why suck at everything…” Atomic Red Team - https://github.com/redcanaryco/atomic-red-team ATT&CK Matrix - https://attack.mitre.org/matrices/enterprise/ Tribe of Hackers https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1793464189 - Red Book The Tribe of Hackers team is back with a new guide packed with insights from dozens of the world’s leading Red Team security specialists. With their deep knowledge of system vulnerabilities and innovative solutions for correcting security flaws, Red Team hackers are in high demand. Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity takes the valuable lessons and popular interview format from the original Tribe of Hackers and dives deeper into the world of Red Team security with expert perspectives on issues like penetration testing and ethical hacking. This unique guide includes inspiring interviews from influential security specialists, including David Kennedy, Rob Fuller, Jayson E. Street, and Georgia Weidman, who share their real-world learnings on everything from Red Team tools and tactics to careers and communication, presentation strategies, legal concerns, and more Learn what it takes to secure a Red Team job and to stand out from other candidates Discover how to hone your hacking skills while staying on the right side of the law Get tips for collaborating on documentation and reporting Explore ways to garner support from leadership on your security proposals Identify the most important control to prevent compromising your network Uncover the latest tools for Red Team offensive security https://smile.amazon.com/Tribe-Hackers-Cybersecurity-Advice-World/dp/1119643376 - Yellow Book Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting, Tribe of Hackers offers the practical know-how, industry perspectives, and technical insight you need to succeed in the rapidly growing information security market. This unique guide includes inspiring interviews from 70 security experts, including Lesley Carhart, Ming Chow, Bruce Potter, Robert M. Lee, and Jayson E. Street. Get the scoop on the biggest cybersecurity myths and misconceptions about security Learn what qualities and credentials you need to advance in the cybersecurity field Uncover which life hacks are worth your while Understand how social media and the Internet of Things has changed cybersecurity Discover what it takes to make the move from the corporate world to your own cybersecurity venture Find your favorite hackers online and continue the conversation https://smile.amazon.com/Tribe-Hackers-Security-Leaders-Cybersecurity/dp/1119643775 - Green Book (Next out!) Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businesses and governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world’s top security experts answer the questions that Chief Information Security Officers and other security leaders are asking, including: What’s the most important decision you’ve made or action you’ve taken to enable a business risk? How do you lead your team to execute and get results? Do you have a workforce philosophy or unique approach to talent acquisition? Have you created a cohesive strategy for your information security program or business unit? https://smile.amazon.com/Tribe-Hackers-Blue-Team-Cybersecurity/dp/1119643414 - Blue Book (OUT SOON!) Tribe of Hackers Blue Team goes beyond the bestselling, original Tribe of Hackers book and delves into detail on defensive and preventative techniques. Learn how to grapple with the issues that hands-on security experts and security managers are sure to build into their blue team exercises. Discover what it takes to get started building blue team skills Learn how you can defend against physical and technical penetration testing Understand the techniques that advanced red teamers use against high-value targets Identify the most important tools to master as a blue teamer Explore ways to harden systems against red team attacks Stand out from the competition as you work to advance your cybersecurity career Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Threat modeling, secrets, mentoring, self-care, program building, and much more. Clips from Georgia Weidman, Simon Bennetts, Izar Tarandach, Omer Levi Hevroni, Tanya Janca, Björn Kimminich, Caroline Wong, Adam Shostack, Steve Springett, Matt McGrath, Brook Schoenfield, and Ronnie Flathers. The post Season 5 Finale — A cross section of #AppSec appeared first on Security Journey Podcasts.
Welcome to Episode 61 Main topic Georgia! Infosec in general Mobile Pentesting (Bulb Security and Shevirah) (Mach37, DARPA, etc) Tribe of Hackers talk Derbycon News https://mdsattacks.com/ https://zombieloadattack.com/ https://www.bleepingcomputer.com/news/security/linux-kernel-prior-to-508-vulnerable-to-remote-code-execution/ https://www.zdnet.com/article/android-and-ios-devices-impacted-by-new-sensor-calibration-attack/ https://www.darkreading.com/endpoint/microsoft-patches-wormable-vuln-in-windows-7-2003-xp-server-2008/d/d-id/1334709 https://www.tomshardware.com/news/unhackable-processor-chip-morpheus-university-michigan,39267.html https://it.slashdot.org/story/19/05/22/208246/hackers-are-holding-baltimores-government-computers-hostage https://www.cnbc.com/2019/05/22/us-reportedly-considering-blacklisting-chinas-hikvision.html https://www.reuters.com/article/us-huawei-tech-alphabet-exclusive/exclusive-google-suspends-some-business-with-huawei-after-trump-blacklist-source-idUSKCN1SP0NB Watch us live on the 2nd and 4th Wednesday of every month! Subscribe and hit the bell! https://www.youtube.com/IronSysadminPodcast Slack workspace https://www.ironsysadmin.com/slack Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don't forget about our patreon! https://patreon.com/ironsysadmin Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/
Shevirah (https://www.shevirah.com/) and is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, author, and angel investor. She holds a MS in computer science as well as holding CISSP, CEH, and OSCP certifications. Her work in the field of smartphone exploitation has been featured internationally in print and on television including ABC World News Tonight, The New York Times, NBC Nightly News, and The Washington Post. She has presented or conducted training around the world including venues such as the NSA, West Point, and Black Hat. She was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the open source project, the Penetration Testing: A Hands-On Introduction to Hacking (https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641) and the recipient of the 2015 Women’s Society of CyberJutsu Pentest Ninja award. In this episode we discuss, her early red team days, where to get direction when starting in the industry, pen testing steps, founding a start-up, mobile device security, cybersecurity lion repellent (https://medium.com/@georgiaweidman/cybersecurity-lion-repellant-f6c413d90639) , and so much more. Where you an find Georgia: LinkedIn (https://www.linkedin.com/in/georgiaweidman) Twitter (https://twitter.com/georgiaweidman) Bulb Security (https://bulbsecurity.com/public-speaking/security-conferences/)
Georgia Weidman (@georgiaweidman) met with Robert at CodeMash to discuss her origin story, mobile, IoT, penetration testing, and details about her various companies. If you've never seen Georgia's book on penetration testing, we recommend you grab a copy. http://www.nostarch.com/pentesting To sign up for the newsletter mentioned at the start of this week's show, visit [...] The post Georgia Weidman — Mobile, IoT, and Pen Testing appeared first on Security Journey Podcasts.
Conversations At The Intersection Of IT Security And Society Guests Georgia Weidman | Larry Whiteside Hosts Selena Templeton | Sean Martin | Marco Ciappelli This episode: Bringing representation to the underrepresented. Let’s talk about mentors. By definition a mentor is a wise or trusted adviser or guide, a counselor or a teacher. The origin of the word goes all the way back to the Odyssey, where Mentor was a friend of Odysseus who placed him in charge of his son Telemachus, when he left for the Trojan War. When Athena visited Telemachus she took the disguise of Mentor, and she encouraged him to stand up against the suitors and go abroad to find out what happened to his father. Because of Mentor's relationship with Telemachus, and the disguised Athena's encouragement and practical plans for dealing with personal dilemmas, the personal name Mentor has been adopted in English as a term meaning someone who imparts wisdom to, and shares knowledge with, a less-experienced colleague. The first recorded modern usage of the term can be traced to a 1699 book entitled Les Aventures de Télémaque by the French writer François Fénelon, in which the lead character is that of Mentor. This book was very popular during the 18th century and the modern application of the term can be traced to this publication. That was then. What about now? In todays Unusual Gathering, we discuss the many aspects of mentorship. Who can be one, what it takes to be a modern mentor, and where we stand now with this practice—and in particular, where we stand in the cybersecurity industry with respect to mentors. A mentor is a role model and nowadays this role can be a very powerful figure as an educator, a motivator, and a facilitator for someone’s career in cybersecurity. Every one can be a mentor—and everyone also needs one at some stages of their career. Also, the benefit of mentoring goes well beyond and above the individual growth: an entire company, community, industry and society as a whole become more productive, open, inclusive and evolves because through mentorship. As we discovered while having this conversation, the best part of mentorship is that there are no rules, no limits on places, no specific qualifications or skills, no minimum time commitments; it can be performed in an infinite—yet equally beneficial—number of ways. As long as you mean it, as long as you are passionate about it, and most importantly, as long as you are not an asshole, you can be both a mentor and also an amazing role model destined to change someone’s life for the best; even if you didn’t set out to do so in the first place. Thank you to today's episode sponsor: Devo Visit their directory page on ITSPmagazine to learn more: https://www.itspmagazine.com/company-directory/devo Learn more about sponsoring the Unusual Gatherings Podcasts: https://www.itspmagazine.com/talk-show-sponsorships Learn more about supporting our quest by joining us on Patreon If you can donate $1/month, you can help us to make a difference. https://www.patreon.com/itspmagazine Would you like to participate in more Unusual Gatherings? No problem ... https://www.itspmagazine.com/itspmagazine-unusual-gatherings/
A special two part interview in this week's episode: There’s been some controversy around DerbyCon, a popular security conference that recently announced its shutting down after this year’s event. In the aftermath, there has been a lot of mudslinging, with a particular line of harassment coming from a private infosec-focused Facebook group. We talk to the subject of that harassment, Georgia Weidman, as well as Joshua Marpet, a member of the private Facebook group and security organizer at DerbyCon.
http://s3.amazonaws.com/ironsysadmin/episodes/IronSysadmin-EP48.mp3 Welcome to Episode 48 October 10th 2018 News https://www.redhat.com/en/blog/red-hat-announces-satellite-64 https://infosystir.blogspot.com/2018/10/inaugural-mental-health-wellness.html https://www.youtube.com/watch?v=U673ieY9WmE&feature=youtu.be https://www.nj.com/news/index.ssf/2018/09/fortnite_mindcraft_join_other_platforms_where_pred.html https://www.engadget.com/2018/10/08/google-shutting-down-google-plus/ https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/ Announcements DC610 Charity Event, Benefiting humane society, 11/13/2018 5pm to 8pm Original Event: http://www.mcall.com/news/breaking/mc-nws-humane-society-beagles-how-to-help-20181008-story.html BSides Delaware, November 9-10 Tickets: https://www.eventbrite.com/e/security-bsides-delaware-2018-registration-49984827966 Chat Nate is interested in learning stuff. Book suggestions: Da_667 : https://www.amazon.com/dp/B071G4SCB4/ref=dp-kindle-redirect?_encoding=UTF8&btkr=1 Georgia Weidman : https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_3?ie=UTF8&qid=1539216896&sr=8-3&keywords=penetration+testing Amanda Berlin + Lee Brotherston : https://www.amazon.com/Defensive-Security-Handbook-Practices-Infrastructure/dp/1491960388/ref=sr_1_1?ie=UTF8&qid=1539216917&sr=8-1&keywords=defensive+security Main topic Derbycon Talks: https://www.irongeek.com/i.php?page=videos/derbycon8/mainlist Watch us live on the 2nd and 4th Wednesday of every month! Subscribe and hit the bell! https://www.ironsysadmin.com/youtube Slack workspace https://www.ironsysadmin.com/slack Find us on Twitter, and Facebook! https://www.facebook.com/ironsysadmin https://www.twitter.com/ironsysadmin Subscribe wherever you find podcasts! And don’t forget about our patreon! https://patreon.com/ironsysadmin Intro and Outro music credit: Tri Tachyon, Digital MK 2http://freemusicarchive.org/music/Tri-Tachyon/
Show Notes: https://thugcrowd.com/notes/20180904.html
Show Notes: https://thugcrowd.com/notes/20180904.html
Georgia wrote the infosec best-seller Penetration Testing: A Hands-On Introduction to Hacking. She's currently a founder of Shevirah Inc. a security startup that specializes in mobile security testing, and Bulb Security a consulting firm that specializes in security assessments and training. Much of her work focuses on mobile and IoT exploitation, and assessing the risk of mobility in the enterprise and the effectiveness of preventative security tools in detecting and stopping attacks. She's an engaging speaker who gave her first presentation at ShmooCon several years ago and has since added premiere conferences like Black Hat and keynoting OWASP Appsec Europe to her resume. Most recently she conducted a hands-on exploit development class at the inaugural Defcon China.
Everyone wants to think about how secure they are. This podcast flips the script and assesses insecurity, specifically Mobile Insecurity. We discuss issues within the mobile computing ecosystem. 1. Current Event: Apple Quick Time and why could it not have been Flash. Georgia's dad still uses Microsoft XP and won't connect his printer to the network. 2. Georgia delivers her "Mobile Insecurity" talk and we discuss issues in the mobile threat landscape and possible mobile issues. 3. Mobile Malware, Ransomware, and MDM are discussed. Issues within the actual mobile Operating Systems are discussed briefly. 4. Joe asks if Georgia sees mobile devices distributing Ransomware and Malware to cars. 5. Quick banter of Apple vs FBI and the implications of the precedent both attempted and actually set. The post Mobile Insecurity (with Georgia Weidman) first appeared on Advanced Persistent Security. --- Send in a voice message: https://podcasters.spotify.com/pod/show/the-osintion/message Support this podcast: https://podcasters.spotify.com/pod/show/the-osintion/support
Everyone wants to think about how secure they are. This podcast flips the script and assesses insecurity, specifically Mobile Insecurity. We discuss issues within the mobile computing ecosystem. 1. Current Event: Apple Quick Time and why could it not have been Flash. Georgia's dad still uses Microsoft XP and won't connect his printer to the network. 2. Georgia delivers her "Mobile Insecurity" talk and we discuss issues in the mobile threat landscape and possible mobile issues. 3. Mobile Malware, Ransomware, and MDM are discussed. Issues within the actual mobile Operating Systems are discussed briefly. 4. Joe asks if Georgia sees mobile devices distributing Ransomware and Malware to cars. 5. Quick banter of Apple vs FBI and the implications of the precedent both attempted and actually set.
It only gets better in Part 2 of our Interview with Georgia Weidman, Author, Security Researcher and Creator of the Smartphone Pentesting Framework. She talks about how people underestimate the mobile platform for pentesting purposes, and we even find out that in addition to Teaching a class on exploit development at BlackHat this year, she's going to be helping a great organization overseas. We also got her talking about some do's and don'ts of pentesting! ;) Please enjoy! Georgia's book on No Starch: http://www.nostarch.com/pentesting on Amazon.com: http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641 (non-sponsored link) Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/
We have a real treat the next two weeks. Author and Mobile Security Researcher Georgia Weidman, who we also found out will be providing exploit development training at Black Hat this year. She is the author of an awesome book "Penetration Testing: A Hands-On Introduction to Hacking" (http://www.amazon.com/Penetration-Testing-Hands-On-Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1405304124&sr=8-1&keywords=georgia+weidman) She sat down with us over Skype and gave a nice talk about where she came from, and why she wrote the book, and even what she's about to do in the future (that's next week) ;) You'll have to listen next week to find out the awesome trip she's about to take. http://www.bulbsecurity.com/ Intro "Private Eye", transition "Mining by Moonlight", and Outro "Honeybee" created by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 3.0http://creativecommons.org/licenses/by/3.0/