network scanner
POPULARITY
This week we're live from Red Hat Summit! We talk security, evolving threats, and Steve gives an update on his journey with his new graphics card. -- During The Show -- 01:30 Vincent Danen - VP of Product Security You can secure your own data on premise Cloud you loose some control Supply chain attacks Where do you get your news? Hacker News Naked Security IBM security feed The Register AI for security Agentic workflows AI attack vectors "Slop squatting" Sanitizing AI input Guard rails 23:48 News Wire Calibre 8.4 - calibre-ebook.com (https://calibre-ebook.com/whats-new) Nmap 7.96 - gbhackers.com (https://gbhackers.com/nmap-7-96-launches/) Mesa 25.1 - plamolinux.org (https://plamolinux.org/posts/2025-05-07-plamo-8.2-released/) Linux Kernel 6.15 - theregister.com (https://www.theregister.com/2025/05/07/linux_kernel_drops_486/) Plamo Linux 8.2 - plamolinux.org (https://plamolinux.org/posts/2025-05-07-plamo-8.2-released/) Rust Sudo & Ubuntu 25.10 - discourse.ubuntu.com (https://discourse.ubuntu.com/t/adopting-sudo-rs-by-default-in-ubuntu-25-10/60583) Deepin Desktop Removed From openSUSE Repos - opensuse.org (https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html) Fedora 42 WLS - theregister (https://www.theregister.com/2025/05/07/fedora_42_wsl2_official/) ClickFix - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/) NordVPN Linux GUI - computerweekly.com (https://www.computerweekly.com/blog/Open-Source-Insider/NordVPN-goes-full-GUI-on-Linux) Fake AI Videos & Noodlophile - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-drop-new-noodlophile-infostealer-malware/) Reachy 2 - infoq.com (https://www.infoq.com/news/2025/05/huggingface-reachy-robot/) OpenVision - venturebeat.com (https://venturebeat.com/ai/new-fully-open-source-vision-encoder-openvision-arrives-to-improve-on-openais-clip-googles-siglip/) Open WebUI - reddit.com (https://www.reddit.com/r/opensource/comments/1kfhkal/open_webui_is_no_longer_open_source/) 26:00 Steve's GPU Travels Swapped the graphics card Custom Arch install GPU requires beta drivers ZFS on root and boot menu beta drivers require newer kernel DKMS Nvidia drivers Flatpaks are broken Picking the problem you want to solve What would you change? 36:48 Flatpak Problems Flatpaks use drivers Some launched some didn't Can't find some files on the system 42:50 Solar Panels - Tony Solar on a vehicle is great! Product vs system 12v vs 24v Jackery Inverter vs Micro Inverters Brands for a "product solution" Anker EcoFlow Make sure to get a LFP (LifePO4) model HQST PV Panels (https://hqsolarpower.com/products/solar-panels/) Monocrystalline 9BB or 10BB HQST MPPT Charge Controller (https://hqsolarpower.com/20a-mppt-solar-charge-controller-with-parallel-charging-bluetooth) 20 amp, consider the 60 amp LiTime (https://www.litime.com/) Pick a "Self Heating" SOK Battery (https://www.us.sokbattery.com/) Metal case batteries can be "rebuilt/repaired" Brands to consider Victron Epoch Battries (https://www.epochbatteries.com/collections/rv-van-camper-lithium-batteries) Renogy (https://www.renogy.com/) Brands listed above Brands to avoid GoalZero Any "Chineseium" 48:50 Cassette Tape Restoration - William Professional Services Local University Reach out to Noah/Altispeed -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/442) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
This week we dig into why and how Canonical designed and implemented Matrix. Noah gives an update to his solar project, and discovers some open source solutions for solar! -- During The Show -- 00:48 Olympia Mike Insperation ANS 439 (https://podcast.asknoahshow.com/439) Sorting out details Please give us feedback! Pair with homeless shelter Pair with food bank Technical details Windows 10 deadline coming Lowering friction 09:55 Solar Camera Update Panel brings in enough power Switch arrived, worked great SolarPoint Had to RMA Will R&D Issues with SolarPoint Renogy Charge Controller Victron Push the Victron Connect App Victron has a commitment to open source Victron GX controller Bare wire ends GX software on a raspberry pi 23:20 News Wire Calibre 8.4 - calibre-ebook.com (https://calibre-ebook.com/whats-new) Nmap 7.96 - gbhackers.com (https://gbhackers.com/nmap-7-96-launches/) Mesa 25.1 - plamolinux.org (https://plamolinux.org/posts/2025-05-07-plamo-8.2-released/) Linux Kernel 6.15 - theregister.com (https://www.theregister.com/2025/05/07/linux_kernel_drops_486/) Plamo Linux 8.2 - plamolinux.org (https://plamolinux.org/posts/2025-05-07-plamo-8.2-released/) Rust Sudo & Ubuntu 25.10 - discourse.ubuntu.com (https://discourse.ubuntu.com/t/adopting-sudo-rs-by-default-in-ubuntu-25-10/60583) Deepin Desktop Removed From openSUSE Repos - opensuse.org (https://security.opensuse.org/2025/05/07/deepin-desktop-removal.html) Fedora 42 WLS - theregister (https://www.theregister.com/2025/05/07/fedora_42_wsl2_official/) ClickFix - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/hackers-now-testing-clickfix-attacks-against-linux-targets/) NordVPN Linux GUI - computerweekly.com (https://www.computerweekly.com/blog/Open-Source-Insider/NordVPN-goes-full-GUI-on-Linux) Fake AI Videos & Noodlophile - bleepingcomputer.com (https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-drop-new-noodlophile-infostealer-malware/) Reachy 2 - infoq.com (https://www.infoq.com/news/2025/05/huggingface-reachy-robot/) OpenVision - venturebeat.com (https://venturebeat.com/ai/new-fully-open-source-vision-encoder-openvision-arrives-to-improve-on-openais-clip-googles-siglip/) Open WebUI - reddit.com (https://www.reddit.com/r/opensource/comments/1kfhkal/open_webui_is_no_longer_open_source/) 25:18 Minimalism Minimum viable battle station Tails (https://tails.net/) Reproduce-ability Linux Fest Northwest Laptop NixOS re-install Can't auto mount usb drives Dark theme 31:00 Matrix Interview Nils Buchner Matrix rabbit hole Ubuntu & Matrix Chat Ubuntu Juju setup Other Setup methods Where can Matrix grow/improve? Next steps for the Ubuntu Matrix server? Matrix clients Element (https://matrix.org/ecosystem/clients/element/) Cinny (https://matrix.org/ecosystem/clients/cinny/) Nheko (https://matrix.org/ecosystem/clients/nheko/) Matrix client matrix (https://matrix.org/ecosystem/clients/) Network effect Distros installing matrix clients 43:00 Juju & Charms Interview Merlijn Sebrechts Juju and Charms Abstraction Code re-use Where Juju and Charms work well Knowledge needed Making better charms 52:20 Continue Being a Petri dish Ansible is the biggest hammer Nix Juju -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/441) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Show Notes & Podcast Download available at http://podcast.asknoahshow.com Support us on Patreon ------------- https://www.patreon.com/linuxdelta --- Connect with us! --- On Twitter ------------------------ https://twitter.com/asknoahshow On Facebook ----------------------- https://www.facebook.com/asknoahshow Email The Show -------------------- live@asknoahshow.com • Ask Noah Show © CC-BY-ND 2025 •
Erweitere dein Wissen über industrielle Cybersicherheit mit "Cybersecurity ist Chefsache".In dieser spannenden Episode spricht Nico Freitag mit Sebastian Froede, Geschäftsführer bei Pentaris Security GmbH, über OT-Pentests und die wahren Herausforderungen in der Absicherung industrieller Steuerungsanlagen.Sebastian teilt seine Erfahrungen aus über einem Jahrzehnt OT-Security, erklärt den Unterschied zwischen IT- und OT-Pentests und warum klassische Tools wie Nmap in der Produktion verheerende Folgen haben können. Er zeigt auf, warum Verfügbarkeit das höchste Gut in OT-Umgebungen ist – und was das für das Sicherheitsdesign bedeutet.Folgende Themen werden behandelt:✅ Legacy-Systeme und deren Herausforderungen: 30 Jahre alt, keine Updates möglich, aber dennoch schützenswert✅ OT-Fernwartung: Warum Lösungen wie TeamViewer ein Sicherheitsrisiko darstellen✅ Angriffsszenarien aus der Praxis – von falschen Sensorwerten bis zur manipulierten HMI-Anzeige✅ Unterschiede zwischen IT- und OT-Pentests – und warum Blackbox-Ansätze hier nicht funktionieren✅ Wie Unternehmen OT-Netze absichern können: Segmentierung, Protokollkontrolle, sichere Fernzugriffe✅ Schulungen, Awareness und Fehlerkultur: Warum auch OT-Teams fit gemacht werden müssen✅ Incident Response in OT-Netzen: Warum Forensik nicht die höchste Priorität hat – sondern schnelle Wiederherstellung✅ Der Hype um ESP32 und Flipper Zero: Was wirklich dran ist und wie man fundiert damit umgeht
Erweitere dein Wissen über industrielle Cybersicherheit mit "Cybersecurity ist Chefsache".In dieser spannenden Episode spricht Nico Freitag mit Sebastian Froede, Geschäftsführer bei Pentaris Security GmbH, über OT-Pentests und die wahren Herausforderungen in der Absicherung industrieller Steuerungsanlagen.Sebastian teilt seine Erfahrungen aus über einem Jahrzehnt OT-Security, erklärt den Unterschied zwischen IT- und OT-Pentests und warum klassische Tools wie Nmap in der Produktion verheerende Folgen haben können. Er zeigt auf, warum Verfügbarkeit das höchste Gut in OT-Umgebungen ist – und was das für das Sicherheitsdesign bedeutet.Folgende Themen werden behandelt:✅ Legacy-Systeme und deren Herausforderungen: 30 Jahre alt, keine Updates möglich, aber dennoch schützenswert✅ OT-Fernwartung: Warum Lösungen wie TeamViewer ein Sicherheitsrisiko darstellen✅ Angriffsszenarien aus der Praxis – von falschen Sensorwerten bis zur manipulierten HMI-Anzeige✅ Unterschiede zwischen IT- und OT-Pentests – und warum Blackbox-Ansätze hier nicht funktionieren✅ Wie Unternehmen OT-Netze absichern können: Segmentierung, Protokollkontrolle, sichere Fernzugriffe✅ Schulungen, Awareness und Fehlerkultur: Warum auch OT-Teams fit gemacht werden müssen✅ Incident Response in OT-Netzen: Warum Forensik nicht die höchste Priorität hat – sondern schnelle Wiederherstellung✅ Der Hype um ESP32 und Flipper Zero: Was wirklich dran ist und wie man fundiert damit umgeht
We're diving into NMAP on today's show with guest Chris Greer. Chris, an expert in network analysis and forensics, explains what NMAP is, the difference types of scans, how device fingerprinting works, and more. We also coin the term “swaptions” as we have some fun with NMAP terminology. He also gives details on how to... Read more »
We're diving into NMAP on today's show with guest Chris Greer. Chris, an expert in network analysis and forensics, explains what NMAP is, the difference types of scans, how device fingerprinting works, and more. We also coin the term “swaptions” as we have some fun with NMAP terminology. He also gives details on how to... Read more »
Recorded during ThreatLocker Zero Trust World 2025 in Orlando, this episode of the On Location series features an engaging conversation with Alex Benton, Special Projects at ThreatLocker. Benton shares insights from his Metasploit lab, a beginner-friendly session that demonstrates the power of tools like Metasploit and Nmap in cybersecurity. The lab's objective is clear: to illustrate how easily unpatched systems can be exploited and reinforce the critical need for consistent patch management.Understanding the Metasploit LabBenton explains how participants in the lab learned to execute a hack manually before leveraging Metasploit's streamlined capabilities. The manual process involves identifying vulnerable machines, gathering IP addresses, examining open ports, and assessing software vulnerabilities. With Metasploit, these steps become as simple as selecting an exploit and running it, underscoring the tool's efficiency.A key demonstration in the lab involved Eternal Blue, the exploit associated with the WannaCry virus in 2017. Benton emphasizes how Metasploit simplifies this complex attack, highlighting the importance of maintaining patched systems to prevent similar vulnerabilities.The Real-World Implications of Unpatched SystemsThe discussion dives into the risks posed by cybercriminals who use tools like Metasploit to automate attacks. Benton points out that malicious actors often analyze patch notes to identify potential vulnerabilities and create scripts to exploit unpatched systems quickly. The conversation touches on the dark web's role in providing detailed information about exposed systems, making it even easier for attackers to target vulnerable machines.Lessons from WannaCryThe episode revisits the WannaCry incident, where a vulnerability in Windows systems led to a global cybersecurity crisis. Benton recounts how outdated systems and the absence of a strong security culture created an environment ripe for exploitation. He also shares the story of cybersecurity researchers, including Marcus Hutchins, who played pivotal roles in mitigating the virus's impact by identifying and activating its kill switch.Tune in to Learn MoreThis episode offers valuable insights into cybersecurity practices, the dangers of unpatched environments, and the tools that both ethical hackers and cybercriminals use. Listen in to gain a deeper understanding of how to secure your systems and why proactive security measures are more crucial than ever.Guest: Alex Benton, Special Projects at ThreatLocker | On LinkedIn: https://www.linkedin.com/in/alex-benton-b805065/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More
Is it possible to carve out a meaningful career in law by following your passions? What's harder: building a non-profit or a business? What do lawyers have to learn from animators?Join Adam Stofsky, CEO of Briefly and founder of the New Media Advocacy Project, as he shares how he used high-production documentary video to advocate for human rights across the globe and started a company to help lawyers better communicate with their clients.Listen as Adam discusses the challenges of non-litigation career paths, founding nonprofit and for-profit companies, the trauma of human rights work, working with creative professionals like animators and voice actors, the importance of bearing witness to human rights abuses, and much more.Read detailed summary: https://www.spotdraft.com/podcast/episode-84Topics:Introduction: 0:00Why Adam wanted to become a lawyer: 2:29Starting your career at Debevoise & Plimpton: 5:48Transitioning into human rights work: 7:20Founding the non-profit New Media Advocacy Project: 10:48Dealing with the challenges of human rights advocacy: 17:52Adam's biggest accomplishments at NMAP: 23:18Living on a farm in Upstate New York: 26:20Founding Briefly: 33:38Helping lawyers communicate better: 43:46Lessons from creative professionals: 47:26Expanding Briefly's customer base: 50:27Rapid-fire questions: 56:33Book recommendations: 59:20Connect with us:Adam Stofsky - https://www.linkedin.com/in/adamstofsky/Tyler Finn - https://www.linkedin.com/in/tylerhfinnSpotDraft - https://www.linkedin.com/company/spotdraftSpotDraft is a leading contract lifecycle management platform that solves your end-to-end contract management issues. Visit https://www.spotdraft.com to learn more.
Send us a textStruggling with CompTIA Security+ exam questions? You're not alone. In this episode, I'm going to walk you through a couple of questions you might see on the Security+ SY0-701 exam that test your knowledge of how to improve back-end scalability, and how a pentester moves within a network after compromising a server.I'll break down the right answers and explain why each option works or doesn't. By the end, you'll know how to recognize similar patterns in your own exam. If you're getting ready for Security+, this is for you.There's a video version of this episode with visual explanations on YouTube here:For question 17 in this episode, here's the Nmap input command:INPUT********nmap -sV -p 1-65535 -T4 192.168.1.0/24********and the sample Nmap output: OUTPUT********Nmap scan report for 192.168.1.100 (Server B)Host is up (0.00044s latency).Not shown: 65532 closed portsPORT STATE SERVICE VERSION22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)80/tcp open http Apache httpd 2.4.7 ((Ubuntu))443/tcp open https Apache httpd 2.4.7 ((Ubuntu))********Good luck with your CompTIA Security+ SY0-701 exam! You can do it!
Old internet Stupid Astro Homelabbin' Farrmbiz
Descubra as cinco principais ferramentas de segurança cibernética que todo profissional deve dominar! Este vídeo apresenta um guia prático sobre como utilizar o NMAP, Nessus, WireShark, Metasploit e Burp Suite para fortalecer sua defesa cibernética. Com demonstrações passo a passo, você aprenderá como essas ferramentas podem ajudar a identificar vulnerabilidades, monitorar redes e realizar testes de penetração eficazes. Não perca as dicas valiosas que facilitarão seu trabalho em segurança da informação. Quer aprofundar seus conhecimentos em segurança da informação e melhorar suas chances no mercado de trabalho? Baixe gratuitamente o ebook "Conquiste sua Vaga em Segurança da Informação" e obtenha dicas exclusivas sobre entrevistas, descoberta de empregos na área e estudos necessários para se destacar! Acesse https://blueteam-academy.com.br para fazer o download agora mesmo! Links para download das ferramentas mencionadas no vídeo: https://nmap.org/download.html https://www.tenable.com/products/nessus/nessus-professional https://www.wireshark.org/download.html https://www.metasploit.com/download https://portswigger.net/burp/communitydownload
Josh and Kurt talk about a grab bag of old technologies that defined the security industry. Technology like SELinux, SSH, Snort, ModSecurity and more all started with humble beginnings, and many of them created new security industries. Show Notes SELinux AppArmor SSH ModSecurity Snort Nmap Nessus What comes after open source
What is Nmap? Nmap (Network Mapper) is a powerful and widely used open-source network scanning tool used for network exploration, security auditing, and vulnerability assessment. Nmap's capabilities encompass host discovery, revealing the presence of devices, unveiling open ports, discerning operating systems, and scrutinizing the network services running on these systems. It offers a range of scanning techniques, such as TCP SYN scan, TCP connect scan, UDP scan, and others. It provides detailed information about network devices, including their IP addresses, MAC addresses, and other relevant data. Network administrators, security experts, and ethical hackers all rely on Nmap for meticulous network mapping and security. View More: How Nmap Works?
Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/blog/ https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true https://www.microsoft.com/bluehat/ In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-796
In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-796
Jared has a long, and outstanding, history in cybersecurity. Today, he works for Microsoft helping them run and respond to bug bounty reports. The scale is massive and I think we can all learn a thing or two about vulnerability management and bug bounties! Segment Resources: https://www.microsoft.com/en-us/msrc/bounty?rtc=1 https://www.microsoft.com/en-us/msrc https://msrc.microsoft.com/report/vulnerability/new https://www.microsoft.com/en-us/msrc/bounty https://msrc.microsoft.com/blog/ https://jobs.careers.microsoft.com/global/en/search?q=msrc&l=en_us&pg=1&pgSz=20&o=Relevance&flt=true https://www.microsoft.com/bluehat/ In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw-796
In the Security News: Lora projects are popular, simple checksums are not enough, WinRAR: shareware or native OS?, ATM software is vulnerable, attackers could learn from security researchers (but lets hope they don't), NoFilter and behavior by design, Apple vs. A security researcher: there are no winners, sneaky npm packages, faster Nmap scans, kali on more phones, more LOl drivers, comparing security benchmarks to the real world, tunnelcrack and why VPNs are over-hyped, Ubuntu has lost its mind, and there's a Python in the sheets! All that and more on this episode of Paul's Security Weekly! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-796
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades. CyberWire Glossary link: https://thecyberwire.com/glossary/nmap
A network mapping tool that pings IP addresses looking for a response and can discover host names, open communications ports, operating system names and versions. Written and maintained by Gordon Lyon, a.k.a. Fyodor, it is a free and open source software application used by both system admins and hackers alike and has been a staple in the security community for well over two decades. CyberWire Glossary link: https://thecyberwire.com/glossary/nmap Learn more about your ad choices. Visit megaphone.fm/adchoices
Some of the most famous hacking tools in the market are Nmap (Network Mapper), Nessus, Nikto, Kismet, NetStumbler, Acunetix, Netsparker, and Intruder, Nmap, Metasploit, Aircrack-Ng, etc.
Cloud Security Podcast - This month we are talking about "Breaking the AWS Cloud" and next up on this series, we spoke to Seth Art (Seth's Linkedin) Cloud Penetration Testing Lead (Principal) at Bishop Fox. AWS cloud project to pentest AWS cloud architecture are not spoken about much - this stops today. We have Seth who works in the Cloud Penetration testing space to talk about open source tools and what Cloud pentesting is all about. Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv Host Twitter: Ashish Rajan (@hashishrajan) Guest Twitter: Seth Art (Seth's Linkedin) Podcast Twitter - @CloudSecPod @CloudSecureNews If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security News - Cloud Security Academy Spotify TimeStamp for Interview Questions (00:00) Introduction (04:24) A bit about Seth (06:10) Web App Pentesting vs Cloud Pentesting (08:11) Working with scale of multiple AWS accounts (10:20) What can you expect to find with Cloud Pentesting? (12:14) Foundational pieces about approaching pentesting in Cloud (15:19) How to start a Cloud Pentest? (18:25) The importance of IAM (23:43) Common services in AWS to look at (25:58) Mistakes people make for scoping (29:18) The role of shared responsibility in Cloud Pentesting (32:38) Boundaries for AWS pentesting (35:13) Nmap between 2 EC2 instances (36:37) How do you explain the findings? (40:26) Skillsets required to transition to Cloud Pentesting (45:41) Transitioning from Kubernetes to Cloud Pentesting (48:55) Resources for learning about Cloud Pentesting. (49:47) The Fun Section See you at the next episode!
"We've all seen the memes of how like, 'you can tell your neighborhood is getting gentrified when there's a Starbucks and a yoga studio.' But I think in a lot of ways, expensive martial arts are also an indicator of that, too. And for those same reasons because those things are not meant for the people that already live there. They're meant for the people they're trying to attract to those areas. So having a place that is meant for the people who are already there, who are being systematically neglected is also important." Sam speaks with Myles and Jelani from the Neighborhood Martial Arts Project (NMAP) about running a community-oriented martial arts gym. Find the Neighborhood Martial Arts Project on Instagram: @nmap.phl or by email at: nmap.philly@gmail.com Find the GoFundMe at: https://www.gofundme.com/f/neighborhood-martial-arts-project Sign up for Liberation Martial Arts Online: https://www.patreon.com/posts/liberation-arts-72505630 We can't continue to produce important episodes like this one without your solidarity. There is no Southpaw network without your financial support. In return, not only do you help produce our shows but you also get access to more great content. It's mutual aid. Find our Patreon, swag, and other ways to support us at: https://www.southpawpod.com You can find Southpaw on Facebook, Twitter, and Instagram: @SouthpawPod
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
NMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/ Spring Security Vulnerability https://tanzu.vmware.com/security/cve-2022-31692
Cybersecurity is the only technical, professional occupation I know of where practitioners routinely sharpen their skills through open competitions. The contests are based on the classic capture the flag game - except the flags are all virtual and capturing them involves hacking computers. Also unlike most other technical careers, cybersecurity is a high-paying profession that doesn't require a university degree or formal training. There are literally hundreds of thousands of unfilled cybersecurity jobs right now. You can also just dabble in cybersecurity, making money from bug bounty programs. Or you can just hack for the fun of it - in a completely safe and legal environment. Jordan will tell you all about it in today's show! Jordan Wiens has been a reverse engineer, vulnerability researcher, network security engineer, three-time DEF CON CTF winner, even a technical magazine writer but now he's mostly a has-been CTF player who loves to talk about them. He has been the CTF expert for the first three years of HackASat and he was one of the founders of Vector 35, the company that makes Binary Ninja. Interview Links Hack-A-Sat 3: https://hackasat.com/ Satellite hacked using $25 hardware: https://threatpost.com/starlink-hack/180389/ Decommissioned satellite hacked to broadcast movie: https://www.independent.co.uk/tech/hack-satellite-hijack-def-con-b2147595.html Student Rick-Rolls school: https://www.malwarebytes.com/blog/news/2021/10/high-school-student-rickrolls-entire-school-district-and-gets-praised Hack-A-Sat 2 interview: https://podcast.firewallsdontstopdragons.com/2021/06/21/hacking-satellites-for-fun-profit/ Plaid CTF: https://plaidctf.com/ CTFTime.org: https://ctftime.org/ Pwnable.kr: https://pwnable.kr/ Pwnable.tw: https://pwnable.tw/ Reversing.kr: http://reversing.kr/ Shodan: https://www.shodan.io/Burp Suite: https://portswigger.net/burp Wireshark: https://www.wireshark.org/ Binary Ninja: https://binary.ninja/ Metasploit: https://www.metasploit.com/ Nmap: https://nmap.org/ Live Overflow: https://liveoverflow.com/ TryHackMe: https://tryhackme.com/ Further Info Subscribe to the newsletter: https://firewallsdontstopdragons.com/newsletter/new-newsletter/Check out my book, Firewalls Don't Stop Dragons: https://www.amazon.com/gp/product/1484261887 Support my work! https://firewallsdontstopdragons.com/support/ Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequestGenerate secure passphrases! https://d20key.com/#/ Table of Contents Use these timestamps to jump to a particular section of the show. 0:01:03: Interview setup0:04:25: What is Hack-A-Sat?0:08:44: How has the Hack-A-Sat program evolved?0:12:58: How did CTF's start out and when did they become popular?0:17:37: Why do we have so many unfilled cybersecurity jobs?0:21:15: Do you need a college degree to work in cybersecurity?0:29:39: What's a black hat hacker vs white hat? What's a red team or blue team?0:32:15: How do CTF's actually work? What is a flag and how do I capture it?0:38:05: Are they beginner CTFs that are free to try?0:44:38: What sorts of tools do hackers use in CTFs and in real hacking?0:51:57: How do hackers chain together multiple exploits?0:56:26: What's your advice to someone who would like to try a CTF?1:00:36: What's next for Hack-A-Sat?1:02:25: interview wrapup1:04:07: What is Rick-Rolling?1:05:23: Try a CTF, go to a hacker con!
Email 1 - Help digitizing a church - Scott Hi Noah, I'm an IT guy from Brookings SD and my church wants to move to a more digital setup. This is currently a bit beyond my depth. Where would be a good place to post questions about our setup? Scott (Post Your Setup Here!)[https://notes.minddripmedia.com/kSLUHFePTz-IyVyN-40YcA#] Email 1 - Help digitizing a church - Scott Hi Noah, I'm an IT guy from Brookings SD and my church wants to move to a more digital setup. This is currently a bit beyond my depth. Where would be a good place to post questions about our setup? Scott Email 3 - Dub over video? - Jeremy What would you suggest to dub audio over pre-recorded video from a go pro? Best, Jeremy Picks (5 min) Zenmap https://nmap.org/zenmap/ Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database. Dev Term is now Available! https://liliputing.com/devterm-portable-terminal-is-now-available-with-a-raspberry-pi-cm4-for-279/ Discussion News / Main Segment (20 min) KDenlive's First Fundraiser KDE.org HEADLINE: The Kdenlive Funderaiser is Live! https://kdenlive.org/en/fund/ Today we break ground. Today we launch the first of what will be many fundraisers for specific projects. Our goal is to get funds directly into the hands of the people who make the software. The fundraiser starting today is very different. For the first time KDE is running a fundraiser for a specific project: today we have the ambitious goal of raising 15,000€ for the Kdenlive team. The funds will be given to contributors to help Kdenlive take the next step in the development of KDE's advanced, free and open video-editing application. For the record, on the cards for upcoming releases are nested timelines, a new effects panel, and improving the overall performance of Kdenlive, making it faster, more responsive, and even more fun to work with. Plasma 5.26 Beta - Bigscreen View https://liliputing.com/kde-plasma-5-26-beta-introduces-a-bigscreen-view-for-linux-apps-on-your-tv/ The new view has a 10-foot user interface, meaning everything is easily visible from your couch. And it's designed to be easy to navigate using a remote control. There are also a few applications optimized for large-screen displays including the Aura Browser, which is a web browser Plasma Bigscreen and the Plank Player for audio and video files. Plasma Bigscreen is built on top of Plasma Shell using the Qt toolkit, KWin window manager, and Wayland compositor. It also implements features from the Kirigami UI Framework, uses libCEC to handle remote control and HDMI functions, and comes with the open source Mycroft voice assistant pre-installed by default. You don't need a particularly powerful computer to get started with Plasma Bigscreen though. There are KDE Neon, postmarketOS, and Manjaro ARM images with the Bigscreen user interface available for a number of devices including low-power single-board computers like the Raspberry Pi 4, ODroid N2, Radxa Zero 2, RockPro64, and Khadas VIM line of devices. Just keep in mind that Plasma 5.26 is still consider beta software, and the Bigscreen UI is still pretty new. So don't be surprised to find some rough edges. FLIRC / RF Remote Off-gridders take energy needs into their own hands https://www.bbc.com/news/business-62351448 "We see no shortage of natural disasters in our area," says Mr Mooney, mentioning storms and wildfires as examples. "Whenever there's power outages in our community nearby, we're always fine," Ms Erickson adds. A 2,100 watt solar energy system is large enough to keep a small freezer, fridge, washing machine and laptops running, they say, adding that they hope to triple or quadruple their solar-generating capacity in the future. During the winter, the pair rely on a small gas generator when there is too much cloud around. They document their experiences on a YouTube channel called This Off Grid Life (https://www.youtube.com/c/ThisOffGridLife). -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/303) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1
Interview LinksCheck out Nmap if, for some reason, you haven't already.Learn about Npcap, the packet capture library tool that Gordon and his company also offer.Watch Gordon and HD Moore, the creator of Metasploit, chat about the evolution of network scanning on YouTube.Rapid Rundown LinksRead the Bleeping Computer story on hackers using DeFi bugs to steal cryptocurrency.Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.
We will review the primary needs for cloud security: - Guardrails against misconfiguration - Continuously Identify and Remediate Vulnerabilities in Cloud APIs, Apps, and Services - Observability, Protection, and Reporting against Compliance and Risk Policies - We will also review CNAPP -- Cloud Native Application Protection Platform -- and why companies need to take a closer look for the best cloud security Segment Resources: - https://www.datatheorem.com/news/2021/data-theorem-representative-vendor-cnapp-2021-gartner-innovation-insight-report Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux. Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw210
Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw210
We will review the primary needs for cloud security: - Guardrails against misconfiguration - Continuously Identify and Remediate Vulnerabilities in Cloud APIs, Apps, and Services - Observability, Protection, and Reporting against Compliance and Risk Policies - We will also review CNAPP -- Cloud Native Application Protection Platform -- and why companies need to take a closer look for the best cloud security Segment Resources: - https://www.datatheorem.com/news/2021/data-theorem-representative-vendor-cnapp-2021-gartner-innovation-insight-report Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux. Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw210
Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw210
How do you become a Cyber Security Expert? Hello and welcome to another episode of CISO Tradecraft, the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we're going to talk about how to provide advice and mentoring to help people understand how to become a cybersecurity expert. As always, please follow us on LinkedIn, and subscribe to our podcasts. As a security leader, part of your role is to develop your people. That may not be written anywhere in your job description and will probably never be on a formal interview or evaluation, but after years of being entrusted with leadership positions, I have learned what differentiates true leaders from those who just accomplish a great deal is the making of the effort to develop your people. Now, you may have heard the phrase, "take care of your people," but I'll take issue with that. I take care of my dog. I take care of a family member who is sick, injured, or incapacitated. Why? Because they are not capable of performing all of life's requirements on their own. For the most part, your people can do this. If you are constantly doing things for people who could have otherwise done it themselves, you run the risk of creating learned helplessness syndrome. People, and even animals, can become conditioned to not do what they otherwise could do out of a belief that someone else will do it for them. I am NOT going to get political here, so don't worry about that. Rather, I want to point out that effective leaders develop their people so that they may become independent actors and eventually become effective leaders themselves. In my opinion, you should measure your success by the promotion rate of the people entrusted to you, not by your own personal career advancement or financial success. That brings me to the subject of today's podcast -- how do you counsel and mentor others on how to become a cyber security expert? If you are listening to this podcast, there's a very good chance that you already are an expert in our field, but if not, keep listening and imagine that you are mentoring yourself, because these lessons can apply to you without having seek out a mentor. Some people figure it out, and when asked their secret, they're like Bill Murray in the movie Stripes, "We trained ourselves, sir!" But most of the time, career mastery involves learning from a number of others. Today on CISO Tradecraft we are going to analyze the question, " How do you become a Cyber Security Expert?" I'm going to address this topic as if I were addressing someone in search of an answer. Don't tune out early because you feel you've already accomplished this. Keep listening so you can get a sense of what more you could be doing for your direct reports and any proteges you may have. Let's start at the beginning. Imagine being a high school kid with absolutely zero work experience (other than maybe a paper route -- do kids still do that?) You see someone that tells you they have a cool job where they get paid to ethically hack into computers. Later on, you meet a second person that says they make really good money stopping bad actors from breaking into banks. Somehow these ideas stick into your brain, and you start to say to yourself, you know both of those jobs sound pretty cool. You begin to see yourself having a career in Cyber Security. You definitely prefer it to jobs that require a lot of manual labor and start at a low pay. So, you start thinking, "how I can gain the skills necessary to land a dream job in cyber security that also pays well?" At CISO Tradecraft we believe that there are really four building blocks that create subject matter experts in most jobs. The four building blocks are: Getting an education Getting certifications Getting relevant job experience, and Building your personal brand So, let's explore these in detail. Number 1: Getting an education. When most people think about getting an education after high school, they usually talk about getting an associate's or a bachelor's degree. If you were to look at most Chief Information Security Officers, you will see the majority of them earn a bachelor's degree in Computer Science, an Information Systems or Technology degree from a college of business such as a BS in Management of Information Systems (MIS) or Computer Information Systems, or more recently a related discipline such as a degree in Cyber Security. An associate degree is a great start for many, particularly if you don't have the money to pay for a four-year university degree right out of high school. Tuition and debt can rack up pretty quickly, leaving some students deeply in debt, and for some, that huge bill is a non-starter. Fortunately, community colleges offer quality educational opportunities at very competitive rates relative to four-year degree institutions. For example, Baltimore County Community College charges $122 per credit hour for in-county residents. A couple of miles away, Johns Hopkins University charges $2,016 per credit hour. Now, that's a HUGE difference -- over 16 times if you do the math. Now, Hopkins does have some wonderful facilities and excellent faculty, but when it comes to first- and second-year undergraduate studies, is the quality and content of the education THAT different? Well, that's up to you to decide. The important take-away is, no one should decide NOT to pursue a cybersecurity education because of lack of money. You can get started at any age on an associate degree, and that may give you enough to go on to get your first job. However, if you want to continue on to bachelor's degree, don't give up. Later I'll explain about a program that has been around since 2000 and has provided over 3,300 students with scholarships AND job placement after graduation. Back to those going directly for a bachelor's degree. Now, the good news is that your chosen profession is likely to pay quite well, so not only are you likely to be able to pay off the investment you make in your education, but it will return dividends many times that which you paid, for the rest of your career. Think of financing a degree like financing a house. In exchange for your monthly mortgage payment, you get to enjoy a roof over your head and anything else you do with your home. As a cybersecurity professional, in exchange for your monthly student loan payment, you get to earn well-above average incomes relative to your non-security peers, and hopefully enjoy a rewarding career. And, like the right house, the value of your career should increase over time making your investment in your own education one of your best performing assets. Does this mean that you 100% need a bachelor's degree to get a job in cyber? No, it does not. There are plenty of cyber professionals that speak at Blackhat and DEF CON who have never obtained a college degree. However, if ten applicants are going for an extremely competitive job and only seven of the ten applicants have a college degree in IT or Cyber, you shouldn't be surprised when HR shortens the list of qualified applicants to only the top five applicants all having college degrees. It may not be fair, but it's common. Plus, a U.S. Census Bureau study showed that folks who have a bachelor's degree make half a million dollars more over a career than those with an associate degree, and 1.6 times what a high school diploma holder may earn over a lifetime. So, if you want more career opportunities and want to monetize your future, get past that HR checkbox that looks for a 4-year degree. Now, some people (usually those who don't want to do academic work) will say that a formal education isn't necessary for success. After all, Bill Gates and Mark Zuckerberg were college dropouts, and they're both worth billions. True, but that's a false argument that there's a cause-and-effect relationship there. Both were undergraduates at Harvard University when they developed their business ideas. So, if someone wants to assert a degree isn't necessary, counter with you'll agree once they are accepted into Harvard, and they produce a viable business plan as a teenager while attending classes. You see, completing four years of education in a field of study proves a few things. I've interviewed candidates that said they took all of the computer science and cybersecurity courses they wanted and didn't feel a need to "waste time" with fuzzy studies such as history and English composition. Okay, I'll accept that that person had a more focused education. But consider the precedent here. When a course looked uninteresting or difficult, that candidate just passed on the opportunity. In the world of jobs and careers, there are going to be tasks that are uninteresting or difficult, and no one wants to do them, but they have to get done. As a boss, do you want someone who has shown the pe d completed it with an A (or maybe even a B), or do you want someone who passed when the going got a little rough? The business world isn't academia where you're free to pick and choose whether to complete requirements. Stuff has to get done, and someone who has a modified form of learned helplessness will most likely not follow through when that boring task comes due. Remember I said I was going to tell you how to deal with the unfortunate situation where a prospective student doesn't have enough money to pay for college? There are a couple of ways to meet that challenge. It's time to talk to your rich uncle about paying for college. That uncle is Uncle Sam. Uncle Sam can easily finance your college so you can earn your degrees in Cyber Security. However, Uncle Sam will want you to work for the government in return for paying for your education. Two example scholarships that you could look into are the Reserve Officer Training Corps (ROTC) and Scholarship for Service (SFS). ROTC is an officer accession program offered at more than 1,700 colleges and universities across the United States to prepare young adults to become officers in the U.S. Military. For scholarship students, ROTC pays 100% of tuition, fees, books, and a modest stipend for living expenses. A successful degree program can qualify an Army second lieutenant for a Military Occupation Specialty (or MOS) such as a 17A Cyber Operations Officer, a 17B Cyber and Electronic Warfare Officer, or a 17D Cyber Capabilities Development Officer, a great start to a cybersecurity career. For the Navy, a graduating Ensign may commission as an 1810 Cryptologic Warfare Officer, 1820 Information Professional Officer, 1830 Intelligence Officer, or an 1840 Cyber Warfare Engineer. The Navy uses designators rather than MOS's to delineate career patterns. These designators have changed significantly over the last dozen years and may continue to evolve. The Marine Corps has a 1702 cyberspace officer MOS. Note that the Navy and the Marine Corps share a commissioning source in NROTC (Navy ROTC), and unlike the Army that has over 1,000 schools that participate in AROTC and the Air Force that has 1,100 associated universities in 145 detachments, there are only 63 Navy ROTC units or consortiums, although cross-town affiliates include nearly one hundred more colleges and universities. There are a lot of details that pertain to ROTC, and if you're serious about entering upon a military officer career, it's well worth the time and effort to do your research. Not all ROTC students receive a scholarship; some receive military instruction throughout their four years and are offered a commission upon graduation. Three- and four-year scholarship students incur a military obligation at the beginning of sophomore year, two-year scholarship students at the beginning of junior year, and one-year scholarship students at the start of senior year. The military obligation today is eight years, usually the first four of which are on active duty; the rest may be completed in the reserves. If you flunk out of school, you are rewarded with an enlistment rather than a commission. These numbers were different when I was in ROTC, and they may have changed since this podcast was recorded, so make sure you get the latest information to make an informed decision. What if you want to serve your country but you're not inclined to serve in the military, or have some medical condition that may keep you from vigorous physical activity, or had engaged in recreational chemical use or other youthful indiscretions that may have disqualified you from further ROTC consideration? There is another program worth investigating. The National Science Foundation provides educational grants through the Scholarship For Service program or SFS for short. SFS is a government scholarship that will pay up to 3 years of costs for undergraduate and even graduate (MS or PhD) educational degree programs. It's understood that government agencies do not have the flexibility to match private sector salaries in cyber security. However, by offering scholarships up front, qualified professionals may choose to stay in government service; hence SFS continues as a sourcing engine for Federal employees. Unlike ROTC, a participant in SFS will incur an obligation to work in a non-DoD branch of the Federal government for a duration equal to the number of years of scholarship provided. In addition to tuition and education-related fees, undergraduate scholarship recipients receive $25,000 in annual academic stipends, while graduate students receive $34,000 per year. In addition, an additional $6,000 is provided for certifications, and even travel to the SFS Job Fair in Washington DC. That job fair is an interesting affair. I was honored to be the keynote speaker at the SFS job fair back in 2008. I saw entities and agencies of the Federal government that I didn't even know existed, but they all had a cybersecurity requirement, and they all were actively hiring. SFS students qualify for "excepted service" appointments, which means they can be hired through an expedited process. These have been virtual the last couple of years due to COVID-19 but expect in-person events to resume in the future. I wrote a recommendation for a young lady whom I've known since she was born (her mom is a childhood friend of mine), and as an electrical engineering student in her sophomore year, she was selected for a two-year SFS scholarship. A good way to make mom and dad happy knowing they're not going to be working until 80 to pay off their kid's education bills. In exchange for a two-year scholarship, SFS will usually require a student to complete a summer internship between the first and second years of school and then work two years in a government agency after graduation. The biggest benefit to the Scholarship for Service is you can work at a variety of places. So, if your dream is to be a nation state hacker for the NSA, CIA, or the FBI then this offers a great chance of getting in. These three-letter agencies heavily recruit from these programs. As I mentioned, there are a lot of other agencies as well. You could find work at the State Department, Department of Health and Human Services, the Department of Education, the Federal Reserve Board, and I think I remember the United States Agency for International Development (USAID). Federal executive agencies, Congress, interstate agencies, and even state, local, or tribal governments can satisfy the service requirement. So, you can get paid to go to college and have a rewarding job in the government that builds a nice background for your career. How would you put all this together? I spent nine years as an advisor to the National CyberWatch Center. Founded as CyberWatch I in 2005, it started as a Washington D.C. and Mid-Atlantic regional effort to increase the quantity and quality of the information assurance workforce. In 2009, we received a National Science Foundation award and grants that allowed the program to go nationwide. Today, over 370 colleges and universities are in the program. So why the history lesson? What we did was align curriculum between two-year colleges and four-year universities, such that a student who took the designated courses in an associate degree program would have 100% of those credits transfer to the four-year university. That is HUGE. Without getting into the boring details, schools would certify to the Committee on National Security Systems (CNSS) (formerly known as the National Security Telecommunications and Information Systems Security Committee or NSTISSC) national training standard for INFOSEC professionals known as NSTISSI 4011. Now with the help of an SFS scholarship, a student with little to no financial resources can earn an associate degree locally, proceed to a bachelor's degree from a respected university, have a guaranteed job coming out of school, and HAVE NO STUDENT DEBT. Parents, are you listening carefully? Successfully following that advice can save $100,000 and place your child on course for success. OK, so let's fast forward 3 years and say that you are getting closer to finishing a degree in Cyber Security or Computer Science. Is there anything else that you can do while performing a summer internship? That brings us to our second building block. Getting certifications. Number Two: Getting a Certification Earning certifications are another key step to demonstrate that you have technical skills in cyber security. Usually, technology changes rapidly. That means that universities typically don't provide specialized training in Windows 11, Oracle Databases, Amazon Web Services, or the latest programming language. Thus, while you may come out of a computer science degree with knowledge on how to write C++ and JavaScript, there are a lot of skills that you often lack to be quite knowledgeable in the workforce. Additionally, most colleges teach only the free version of software. In class you don't expect to learn how to deploy Antivirus software to thousands of endpoints from a vendor that would be in a Gartner Magic quadrant, yet that is exactly what you might encounter in the workplace. So, let's look at some certifications that can help you establish your expertise as a cyber professional. We usually recommend entry level certifications from CompTIA as a great starting point. CompTIA has some good certifications that can teach you the basics in technology. For example: CompTIA A+ can teach you how to work an IT Help Desk. CompTIA Network+ can teach you about troubleshooting, configuring, and managing networks CompTIA Linux+ can help you learn how to perform as a system administrator supporting Linux Systems CompTIA Server+ ensures you have the skills to work in data centers as well as on-premises or hybrid environments. Remember it's really hard to protect a technology that you know nothing about so these are easy ways to get great experience in a technology. If you want a certification such as these from CompTIA, we recommend going to a bookstore such as Amazon, buying the official study guidebook, and setting a goal to read every day. Once you have read the official study guide go and buy a set of practice exam questions from a site like Whiz Labs or Udemy. Note this usually retails for about $10. So far this represents a total cost of about $50 ($40 dollars to buy a book and $10 to buy practice exams.) For that small investment, you can gain the knowledge base to pass a certification. You just need to pay for the exam and meet eligibility requirements. Now after you get a good grasp of important technologies such as Servers, Networks, and Operating Systems, we recommend adding several types of certifications to your resume. The first is a certification in the Cloud. One notable example of that is AWS Certified Solutions Architect - Associate. Note you can find solution architect certifications from Azure and GCP, but AWS is the most popular cloud provider, so we recommend starting there. Learning how the cloud works is extremely important. Chances are you will be asked to defend it and you need to understand what an EC-2 server is, types of storage to make backups, and how to provide proper access control. So, spend the time and get certified. One course author who provides a great course is Adrian Cantrill. You can find his course link for AWS Solutions Architect in our show notes or by visiting learn.cantrill.io. The course costs $40 and has some of the best diagrams you will ever see in IT. Once again go through a course like this and supplement with practice exam questions before going for the official certification. The last type of certifications we will mention is an entry cyber security certification. We usually see college students pick up a Security+ or Certified Ethical Hacker as a foundation to establish their knowledge in cyber security. Now the one thing that you really gain out of Security+ is a list of technical terms and concepts in cyber security. You need to be able to understand the difference between Access Control, Authentication, and Authorization if you are to consult with a developer on what is needed before allowing access to a site. These types of certifications will help you to speak fluently as a cyber professional. That means you get more job offers, better opportunities, and interesting work. It's next to impossible to establish yourself as a cyber expert if you don't even understand the technical jargon correctly. Number Three: Getting Relevant Job Experience OK, so you have a college degree and an IT certification or two. What's next? At this point in time, you are eligible for most entry level jobs. So, let's find interesting work in Cyber Security. If you are looking for jobs in cyber security, there are two places we recommend. The first is LinkedIn. Almost all companies post there and there's a wealth of opportunities. Build out an interesting profile and look professional. Then apply, apply, apply. It will take a while to find the role you want. Also post that you are looking for opportunities and need help finding your first role. You will be surprised at how helpful the cyber community is. Here's a pro tip: add some hashtags with your post to increase its visibility. Another interesting place to consider is your local government. The government spends a lot of time investing in their employees. So go there, work a few years, and gain valuable experience. You can start by going to your local government webpage such as USAJobs.Gov and search for the Career Codes that map to cyber security. For example, search using the keyword “2210” to find the job family of Information Technology Management where most cyber security opportunities can be found. If you find that you get one of these government jobs, be sure to look into college repayment programs. Most government jobs will help you pay off student loans, finance master's degrees in Cyber Security, or pay for your certifications. It's a great win-win to learn the trade. Once you get into an organization and begin working your first job out of college, you then generally get one big opportunity to set the direction of your career. What type of cyber professional do you want to be? Usually, we see most Cyber Careerists fall into one of three basic paths. Offensive Security Defensive Security Security Auditing The reason these three are the most common is they have the largest amount of job opportunities. So, from a pure numbers game it's likely where you are to spend the bulk of your career. Although we do recommend cross training. Mike Miller who is the vCISO for Appalachia Technologies put out a great LinkedIn post on this where he goes into more detail. Note we have a link to it in our show notes. Here's some of our own thoughts on these three common cyber pathways: Offensive Security is for those that like to find vulnerabilities in things before the bad guys do. It's fun to learn how to hack and take jobs in penetration testing and the red team. Usually if you choose this career, you will spend time learning offensive tools like Nmap, Kali Linux, Metasploit, Burp Suite, and others. You need to know how technology works, common flaws such as the OWASP Top Ten web application security risks, and how to find those vulnerabilities in technology. Once you do, there's a lot of interesting work awaiting. Note if these roles interest you then try to obtain the Offensive Security Certified Professional (OSCP) certification to gain relevant skill sets that you can use at work. Defensive Security is for the protectors. These are the people who work in the Security Operations Center (SOC) or Incident Response Teams. They look for anomalies, intrusions, and signals across the whole IT network. If something is wrong, they need to find it and identify how to fix it. Similar to Offensive Security professionals they need to understand technology, but they differ in the types of tools they need to look at. You can find a defender looking at logs. Logs can come from an Intrusion Detection System, a Firewall, a SIEM, Antivirus, Data Loss Prevention Tools, an EDR, and many other sources. Defenders will become an expert in one of these tools that needs to be constantly monitored. Note if you are interested in these types of opportunities look for cyber certifications such as the MITRE ATT&CK Defender (MAD) or SANS GIAC Certified Incident Handler GCIH to gain relevant expertise. Security Auditing is a third common discipline. Usually reporting to the Governance, Risk, and Compliance organization, this role is usually the least technical. This discipline is about understanding a relevant standard or regulation and making sure the organization follows the intent of the standard/regulation. You will spend a lot of time learning the standards, policies, and best practices of an industry. You will perform risk assessments and third-party reviews to understand how we certify as an industry. If you would like to learn about the information systems auditing process, governance and management of IT systems, business processes such as Disaster Recovery and Business Continuity Management, and compliance activities, then we recommend obtaining the Certified Information Systems Auditor (CISA) certification from ISACA. Ok, so you have a degree, you have certifications, you are in a promising job role, WHAT's Next? If you want to really become an expert, we recommend you focus on… Number Four: Building your personal brand. Essentially find a way to give back to the industry by blogging, writing open-source software, creating a podcast, building cybersecurity tutorials, creating YouTube videos, or presenting a lecture topic to your local OWASP chapter on cyber security. Every time you do you will get smarter on a subject. Imagine spending three hours a week reading books in cyber security. If you did that for ten years, think of how many books you could read and how much smarter you would become. Now as you share that knowledge with others two things happen: People begin to recognize you as an industry expert. You will get invited to opportunities to connect with other smart people which allows you to become even smarter. If you spend your time listening to smart people and reading their works, it rubs off. You will absorb knowledge from them that will spark new ideas and increase your understanding The second thing is when you present your ideas to others you often get feedback. Sometimes you learn that you are actually misunderstanding something. Other times you get different viewpoints. Yes, this works in the financial sector, but it doesn't work in the government sector or in the university setting. This feedback also helps you become smarter as you understand more angles of approaching a problem. Trust us, the greatest minds in cyber spend a lot of time researching, learning, and teaching others. They all know G Mark's law, which I wrote nearly twenty years ago: "Half of what you know about security will be obsolete in eighteen months." OK so let's recap a bit. If you want to become an expert in something, then you should do four things. 1) Get a college education so that you have the greatest amount of opportunities open to you, 2) get certifications to build up your technical knowledge base, 3) find relevant job experiences that allow you to grow your skill sets, and 4) finally share what you know and build your personal brand. All of these make you smarter and will help you become a cyber expert. Thanks again for listening to us at CISO Tradecraft. We wish you the best on your journey as you Learn to Earn. If you enjoyed the show, tell one person about it this week. It could be your child, a friend looking to get into cyber security, or even a coworker. We would love to help more people and we need your help to reach a larger audience. This is your host, G. Mark Hardy, and thanks again for listening and stay safe out there. References: https://www.todaysmilitary.com/education-training/rotc-programs www.sfs.opm.gov https://www.comptia.org/home https://www.whizlabs.com/ https://www.udemy.com/ https://learn.cantrill.io/p/aws-certified-solutions-architect-associate-saa-c03 https://www.linkedin.com/feed/update/urn:li:activity:6965305453987737600/ https://www.offensive-security.com/pwk-oscp/ https://mitre-engenuity.org/cybersecurity/mad/ https://www.giac.org/certifications/certified-incident-handler-gcih/ https://www.ccbcmd.edu/Costs-and-Paying-for-College/Tuition-and-fees/In-County-tuition-and-fees.aspx https://www.educationcorner.com/value-of-a-college-degree.html https://www.collegexpress.com/lists/list/us-colleges-with-army-rotc/2580/ https://www.af.mil/About-Us/Fact-Sheets/Display/Article/104478/air-force-reserve-officer-training-corps/ https://www.netc.navy.mil/Commands/Naval-Service-Training-Command/NROTC https://armypubs.army.mil/pub/eforms/DR_a/NOCASE-DA_FORM_597-3-000-EFILE-2.pdf https://niccs.cisa.gov/sites/default/files/documents/SFS%20Flyer%20FINAL.pdf https://www.nationalcyberwatch.org/
Voices include: Puzzling Evidence, Dr. Howlland Owll, Dr. Philo Drummond, Cardhouse Robot, Promises of "Bob" from some unknown ranter, then The Boys meander into the mix, Doktors break their backs for the Show, Jonny Quest Intro, Exotic Alcoholic Drink names, Philo serves the booze, A Caller is an Active Listener, Peppe lost his way after, Gnomes can do it all, Effects of Colon-Blow by Colon-Blow Expert Dr. Hal, Movie jabber, Amazing Very Good SubGenius Guarantees and Warranties Are The Best, Where Is Michael Peppe, Again?, Colon Storage News, It is well known that ßs,H = w(e). This reduces the results of [12] to well-known properties of sets. In The Show, the authors address the existence of Cavalieri SUBalgebras under the additional assumption that there exists a left-canonical a most surely P -solvable vector. Therefore the work in the Show did not consider the semi-smooth, trivially Y -finite, ultra-everywhere integral case, as in fish-feeding reverse bad thing re-installation reduction strategies and such, We substantially increased caller lower-colon performance with less than 50% of the expected collateral damage which is no big deal. Dr. Hal ran our NMAP system on commodity operating systems, such as Microsoft Windows NT and Coyotos. Puzz Ev added support for our framework as a statically-linked user- caller-space application. Our lower-colon inhabitants experiments soon proved that exokernelizing our fuzzy Knesis Philo brand keyboards was more effective than making them autonomously, as previous work suggested. Our experiments soon proved that microkernelizing our PDP 11s was more effective than exokernelizing them, as previous work suggested. We note that other researchers have tried and failed to enable this functionality. In any case, they survived and nobody's feelings got hurt. --- Send in a voice message: https://podcasters.spotify.com/pod/show/philo-drummond/message
This is episode 50 of The TechTual Talk podcast. Joining us today is Miss Ciera aka the Pentest Princesss. We talk about her initially wanting to be a nurse during the pandemic, her pivoting in cybersecurity, her helpdesk experience, and her current SOC experience.0:00 Intro10:21 Doing IT Helpdesk during the Pandemic19:42 Ciera Had a strategy to get into cybersecurity32:42 Working for a MSP39:59 How is it being a Black women in tech48:35 Run the wrong nmap scan and you going to jailJoin the patreon: https://patreon.com/techtualchatterCheck out the youtube channel: https://youtube.com/techtualchatterGrab my ebook: https://techtualconsulting.com/digitalproductsCheck out my resume services: https://techualconsulting.com/offeringsFollow me on the rest of my socials: https://techtualconsulting.start.page/Use Riverside FM to record your video podcast: https://riverside.fm/?utm_campaign=campaign_1&utm_medium=affiliate&utm_source=rewardful&via=thetechtualtalkLaunch your podcast on buzzsprout: https://www.buzzsprout.com/?referrer_id=1974374Sales Bluebird for leaders and go-to-market teams at cyber security startupsTips, tricks, ideas and inspiration from legendary cyber security CEOs and CROsListen on: Apple Podcasts SpotifySupport the show
Time to dig in and start learning the tools. LINKS1. Kali Linux2. Nmap3. Shodan4. Gophish5. Zap6. Burp SuiteFIND US ON1. Twitter - DamienHull2. YouTube
So you think Linux is secure? In this video we'll escalate our privileges on Linux to become root. // MENU // 0:00:00 ▶️ Introduction 0:01:15 ▶️ Jump to the demo 0:01:38 ▶️ About Alexis, background and experience 0:07:38 ▶️ Starting HackerSploit 0:08:47 ▶️ Alexis and Linux 0:11:03 ▶️ Which is the preferred Linux distribution? 0:12:01 ▶️ Recommended Linux distribution for beginners 0:12:33 ▶️ LinuxJourney.com 0:12:01 ▶️ Favourite hacking distribution 0:13:51 ▶️ The PenTester Framework 0:15:21 ▶️ Best method to install a distribution 0:16:46 ▶️ Recommendations 0:18:29 ▶️ Recommended distribution for real-world pentesting 0:21:44 ▶️ Starting YouTube channel 0:22:18 ▶️ Windows vs MacOS vs Linux 0:23:30 ▶️ Recommended laptop 0:27:16 ▶️ Other advice 0:28:38 ▶️ Recommended certifications 0:30:46 ▶️ Recommended pre-requisite skills 0:33:13 ▶️ HackerSploit Linux Essential for Hackers 0:34:01 ▶️ HackerSploit Windows 0:34:26 ▶️ HackerSploit Networking Fundamentals 0:35:11 ▶️ Get your fundamentals right 0:35:29 ▶️ Dirty Pipe exploit presentation 0:43:52 ▶️ Dirty Pipe exploit demo 0:55:14 ▶️ Exploit 1 0:57:03 ▶️ Exploit 2 1:00:23 ▶️ Learning how to change scripts 1:02:14 ▶️ Recommended script language 1:04:00 ▶️ Thoughts on Golang 1:04:44 ▶️ Recommendations for learning languages 1:05:41 ▶️ Closing thoughts // HackerSploit Linux exploit scripts // Dirty Pipe Github page: https://github.com/AlexisAhmed/CVE-20... Dirty Pipe Blog: https://dirtypipe.cm4all.com/ CVE details: https://cve.mitre.org/cgi-bin/cvename... // Hackersploit Videos // Pentesters Framework: https://www.youtube.com/watch?v=Bx3RL... Linux for hackers: https://www.youtube.com/watch?v=T0Db6... Windows for hackers: Nmap series: https://www.youtube.com/watch?v=5MTZd... Linux exploitation: https://www.youtube.com/watch?v=i-dQw... Windows exploitation: https://www.youtube.com/watch?v=Bzmlj... // Books // Privilege Escalation Techniques: https://amzn.to/3xcPHjf Automate the boring the stuff with Python: https://amzn.to/3LQA5Gl // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // HackerSploit // LinkedIn: https://www.linkedin.com/in/alexisahmed/ YouTube: https://www.youtube.com/c/HackerSploit Twitter: https://twitter.com/HackerSploit Academy: https://hackersploit.academy/ // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com linux kali linux kali linux hack linux hacking hacker linux exploit linux privilege escalation linux hack linux dirty pipe linux dirty pipe explained linux dirty pipe cve linux dirty pipe exploit linux privilege escalation ethical hacking linux priv esc priv escalation linux hackersploit hacking linux exploit linux dirty pipe dirty pipe linux dirty pipe cve linux vulnerability linux security linux exploits linux kernel linux kernel vulnerablity dirty pipe vulnerability #linux #linuxhack #hacking
Chris and I go deep into what Nmap is actually sending onto the network and how you can find those dodgy packets! We then get into a real world Wireshark discussion on how to find stuff in a sea of packets. // MENU // 0:00 ▶️ Welcome 2:15 ▶️ What is Nmap? 3:54 ▶️ TCP SYN and TCP connect scans 6:55 ▶️ Wireshark IP Filter 7:42 ▶️ Wireshark TCP Port Filter 7:57 ▶️ Stealth Scan 09:37 ▶️ Why it's called a stealth scan 11:02 ▶️ Connect() scan 11:50 ▶️ How to identify potential Nmap scans in Wireshark 15:05 ▶️ Wireshark filters to find potential stealth scans 19:08 ▶️ Nmap Port Flag 20:16 ▶️ What makes a TCP connect scan different 22:47 ▶️ What is TCP Conversation Completeness 26:16 ▶️ Wireshark filter to identify potential TCP connect scans 29:06 ▶️ Are devices good enough today to capture huge amounts of data? 31:09 ▶️ Network Traffic Monitoring Device 32:55 ▶️ How to find specific data in huge files 42:27 ▶️ Final tips for beginners in cybersecurity 43:27 ▶️ Topics for future videos // Wireshark pcap file // https://davidbombal.wiki/nmapstealth // Wireshark documentation // https://www.wireshark.org/docs/wsug_h... // MY STUFF // https://www.amazon.com/shop/davidbombal // SOCIAL // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal //CHRIS GREER // LinkedIn: https://www.linkedin.com/in/cgreer/ YouTube: https://www.youtube.com/c/ChrisGreer Twitter: https://twitter.com/packetpioneer Pluralsight: TCP Analysis Course: https://davidbombal.wiki/tcpwireshark // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com nmap nmap stealth scan nmap scan nmap hacking nmap scan types wireshark wireshark tcp packet analysis ccna cisco ccna wireshark nmap wireshark real world real world wireshark Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! #nmap #wireshark #hacking
In the previous episode (Episode #3 - Quick nmap Introduction), Ryan and Evan demonstrated why we use nmap, where to get nmap, and how to perform a basic nmap scan. In this episode, they do a quick explanation of the results.NSE - Network Scan EngineDNS - Domain Name SystemTCP - Transmission Control ProtocolIP - Internet ProtocolDon't be intimidated by all the new words and numbers. This is a different language, a language that computers speak on a TCP/IP network. In time, you can (and should) learn the language too!NOTE: Evan made an error in this episode, see if you can find it!
A quick introduction to nmap. Topics covered in this episode include: - Why would we use nmap? - How to get nmap. - Installation - nmap and Zenmap - Basic scansIntense Scannmap -T4 -A -v scanme.nmap.org (or 192.168.0.0/24, etc.)Intense Scan, all TCP Portsnmap -p 1-65535 -T -A -v scan.nmap.org (or 192.168.0.0/24, etc.)Stealth SYN Scannmap -sS -O scanme.nmap.org (or 192.168.0.0/24, etc.)Enumeration on specific ports (only)nmap -sV -p 22,53,110,143,4564 scanme.nmap.org (or 192.168.0.0/24, etc.)Try these scans at home!
Links: Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases: https://www.darkreading.com/cloud/microsoft-azure-cloud-vulnerability-exposed-thousands-of-databases Google, Amazon, Microsoft Share New Security Efforts After White House Summit: https://www.darkreading.com/operations/google-amazon-microsoft-share-new-security-efforts-post-white-house-summit New Data-Driven Study Reveals 40% of SaaS Data Access is Unmanaged, Creating Significant Insider and External Threats to Global Organizations: https://www.darkreading.com/cloud/new-data-driven-study-reveals-40-of-saas-data-access-is-unmanaged-creating-significant-insider-and-external-threats-to-global-organizations Researchers Share Common Tactics of ShinyHunters Threat Group: https://www.darkreading.com/attacks-breaches/researchers-share-common-tactics-of-shinyhunters-threat-group How to automate forensic disk collection in AWS: https://aws.amazon.com/blogs/security/ Confidential computing: an AWS perspective: https://aws.amazon.com/blogs/security/ New in October: AWS Security Awareness Training and AWS Multi-factor Authentication available at no cost: https://aws.amazon.com/blogs/security/amazon-security-awareness-training-and-aws-multi-factor-authentication-tokens-to-be-made-available-at-no-cost/ Use IAM Access Analyzer to generate IAM policies based on access activity found in your organization trail: https://aws.amazon.com/blogs/security/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary weeks ahead.Jesse: Disaster befell much of the middle south of the US when Ida slammed into the coast and plowed its way up north through the land. What does a hurricane have to do with security? Business continuity. Business continuity is the discipline of maintaining business operations, even in the face of disasters of any kind, such as a hurricane-driven storm surge running over the levees and flooding whole towns. If you have all your computing systems in the cloud in multiple regions, then such a disaster won't fully halt your business operations.However, you still might have connectivity issues and possibly either temporary or permanent loss of non-cloud systems. Be sure your non-cloud systems have appropriate backups off-site to another geographically disparate location. Better yet, push backups into your cloud infrastructure and consider ways to utilize that data with your cloud systems during a crisis. Hmm, perhaps you'll like it so much you will push everything else up to the cloud that isn't a laptop, tablet, or phone.Meanwhile in the news, Microsoft Azure Cloud Vulnerability Exposed Thousands of Databases. Security for cloud providers can potentially have catastrophic and large scale repercussions. Keep an eye out for any problems that come up that might affect your operations and your data. Do keep in mind your platform has a direct impact on your own risk profile.Google, Amazon, Microsoft Share New Security Efforts After White House Summit. The National Institute of Standards and Technology—or NIST—is building a technology supply chain framework with the big tech companies, including Apple, Amazon, Google, IBM, and Microsoft, and this is a big deal. I'm sure the fighting amongst those companies will make this initiative die on the vine, but I hope I'm wrong.New Data-Driven Study Reveals 40% of SaaS Data Access is Unmanaged, Creating Significant Insider and External Threats to Global Organizations. Back to basics: secure your data; lock down those buckets; don't be stupid. Also, when we're talking cloud apps and services, there should be no assumption that anyone accessing the application via an obfuscated link or permissions too broad to effectively secure the data therein.Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, teleport is open-source and a pleasure to use. Download teleport at goteleport.com. That's goteleport.com.Researchers Share Common Tactics of ShinyHunters Threat Group. Put Indicators of Compromise—or IOC—data for the latest APT group or malware into your monitoring tool or tools. It's possible, depending on the vendor, that there are already detections you can add to your production monitoring. Save some time and look for those pre-made searches, configurations, and scripts before you make your own.How to automate forensic disk collection in AWS. Automating forensic data gathering is incredibly valuable. This not only has obvious value in security incident response, but it has value in teaching us how these parts in AWS work. This is worth a close read—several times if you need to—to understand how EBS, S3, automating EC2 actions, CloudWatch logging—among other services—operate. There are other pieces to the glue here to learn, as well.Confidential computing: an AWS perspective. If you use EC2, you need to understand the AWS Nitro System. Their hardware-based approach to their hypervisor for virtualization combined with hardware-based security and encryption is quite well made. Everyone worried about security at all while using EC2—which I argue should be all of you—should know the concepts of how Nitro works.New in October: AWS Security Awareness Training and AWS Multi-factor Authentication available at no cost. Now, this has value. Free basic security training for average users on fundamental computer security, including things like phishing and social engineering, is an amazing gift. Also, how many times have I wanted to point someone into an easy-to-understand multi-factor authentication tutorial? Oh, not often; only every single day.Use IAM Access Analyzer to generate IAM policies based on access activity found in your organization trail. Creating solid IAM access policies is hard because you have to know all things an account needs to touch to perform an operation or deliver a service. The IAM Access Analyzer is a total game-changer.You can review the activity to ensure you don't see anything nefarious happening, then apply the config generated. Now, you have a working app that has the bare minimum permissions required to function, but blocking all operations outside those things. This prevents many malware from sneakily doing other things.And now for the tip of the week. Know your compliance requirements; are you a school, preschool, K-12, college? FERPA; are you a medical facility? HIPAA; are you a US government entity? FISMA; are you conducting credit card transactions? PCI; are you storing data on an EU citizen? GDPR. The list goes on, and on, and on.You need to know every single one of the compliance requirements your systems and people touch. Most of these compliance rules and laws cover a fair amount of the same ground, so compliance with several of them isn't an order of magnitude more work than compliance with one or two of them. However, it is critical that you have clear documentation for each one on how you are compliant and what processes, or data, or report proves compliance. If you build these processes into your IT or security operations monitoring or reporting system, your life will be far better off than doing it by hand every single time someone asks—or demands—proof of compliance. And that it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Links: How to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkward 5 Vexing Cloud Security Issues: https://www.itprotoday.com/hybrid-cloud/5-vexing-cloud-security-issues Attackers Increasingly Target Linux in the Cloud: https://www.darkreading.com/threat-intelligence/attackers-increasingly-target-linux-in-the-cloud Top 5 Best Practices for Cloud Security: https://www.infosecurity-magazine.com/magazine-features/top-5-best-practices-for-cloud/ Zix Releases 2021 Mid-Year Global Threat Report: https://www.darkreading.com/cloud/zix-releases-2021-mid-year-global-threat-report The big three innovations transforming cloud security: https://siliconangle.com/2021/08/21/big-three-innovations-transforming-cloud-security/ The Benefits of a Cloud Security Posture Assessment: https://fedtechmagazine.com/article/2021/08/benefits-cloud-security-posture-assessment How to Maintain Accountability in a Hybrid Environment: https://www.darkreading.com/cloud/how-to-maintain-accountability-in-a-hybrid-environment 6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP: https://www.eweek.com/security/6-cloud-security-must-haves-with-help-from-cspm-cwpp-or-cnapp/ The hybrid-cloud security road map: https://www.techradar.com/news/the-hybrid-cloud-security-road-map How Biden's Cloud Security Executive Order Stacks Up to Industry Expectations: https://securityintelligence.com/articles/biden-executive-order-industry-expectations/ Cloud Security: Adopting a Structured Approach: https://customerthink.com/cloud-security-adopting-a-structured-approach/ The Overlooked Security Risks of the Cloud: https://threatpost.com/security-risks-cloud/168754/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary weeks ahead.Jesse: It is 2021. Conference calls and remote meetings have the same decade-old problems. Connection drops, asking if anyone can hear us, asking if anyone can see our screen, even though we can clearly see the platform is in sharing mode with our window front and center. Why is this so hard? We live in the golden age of the cloud.Shouldn't we be easily connecting and sharing like we're in the same room rather than across the planet? Yes we should. Sure, there have been improvements, and now we can do high-quality video, connect dozens or hundreds of people from everywhere on a webinar, and usually most of us can manage a video meeting with some screen sharing. I don't understand how we can have Amazon Chime, WebEx, Teams, Zoom, Google Meet—or whatever it's called this month—GoToMeeting, Adobe Connect, FaceTime, and other options, and still not have a decent way for multiple people to see and hear one another and share a document, or an application, or screen without routine problems. All of these are cloud-based solutions.Why do they all suck? When I have to use some of these platforms, I dread the coming meeting. The worst I've seen is Amazon Chime—yes, that's you, Amazon—Microsoft Teams—as always—and Adobe Connect. Oof. The rest are largely similar with more or less the same features and quality, except FaceTime, which is still only a personal use platform and not so great for conferences for work. I just want one of these to not suck so much.Meanwhile in the news. How to Make Your Next Third-Party Risk Conversation Less Awkward. You know that moment. Someone asks a question at the networking event. The deafening silence while you stare at the floor trying to find a way to get out of embarrassing yourself. Do your future self a favor and do some work before this happens again. You'll feel better and you'll have better visibility while improving your security posture.5 Vexing Cloud Security Issues. Unlike the tips and best practices list, this one is a ‘don't be stupid' type list. Some of these are foundational basic security steps. Watch out for the zombies.Attackers Increasingly Target Linux in the Cloud. Linux is the most common cloud-hosted OS. It shouldn't be surprising that it's the most common platform to attack, as well. Secure and monitor your cloud hosts closely. This is also a good reason to consider pushing toward a dynamic services model without traditional operating system footprints.Top 5 Best Practices for Cloud Security. Oh, yay. Another top number list for newbs. We all need reminding of the basics of best practices, especially as they evolve. Are you doing these five things? Why not?Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, teleport is open-source and a pleasure to use. Download teleport at goteleport.com. That's goteleport.com.Jesse: Zix Releases 2021 Mid-Year Global Threat Report. I suggest looking at the whole report, however, know attackers are using email, SMS and text messages, and customizing phishing more than ever before. Your people are going to see more social engineering attacks, so be sure everyone understands the basics of what types of things not to say on the phone and the usual about not following URLs in messages and emails.The big three innovations transforming cloud security. CASB, SASE, and CSPM—pronounced ‘cazzbee' ‘sassy' and, well, nothing fancy for CSPM that rolls off the tongue, so just use the letters—are your new friends. With the three of these used for your cloud environment, you'll have better visibility and control of your risk profile and security posture.The Benefits of a Cloud Security Posture Assessment. Okay, so we've covered CSPM some, but you need a CSPA before you implement your CSPM. I tried to use more acronyms but I ran out of energy. Seriously, an assessment of your risks and security posture are invaluable. Without it, you may be missing vital areas that leave you exposed.How to Maintain Accountability in a Hybrid Environment. If you support delivery of services to mobile apps, you should consider the security of the client end as relates to your application. You could get caught by some nasty surprises, no matter how secure your server environment appears to be.6 Cloud Security Must-Haves–with Help from CSPM, CWPP or CNAPP. Gartner loves making up—I mean defining, new markets so they can invent new acronyms and sell us yet another Magic Quadrant subscription. Sadly, it's the lens through which we must view the industry because media and vendors rely too much on Gartner Magic Quadrants.The hybrid-cloud security road map. Migrating some or all of our services to the cloud can feel like scaling an inverted cliff with butter on our hands, but it's easier than you think. Sometimes we just need some gentle guidance on an approach that might work for us.How Biden's Cloud Security Executive Order Stacks Up to Industry Expectations. US President Biden's Executive Order number 14028, “Executive Order on Improving the Nation's Cybersecurity” is surprisingly relevant to the real problems we face in cybersecurity every day. If you don't have time or energy to read the entirety of the 24-page document, you should understand the impact of it. Hint: it's a good thing for security.Cloud Security: Adopting a Structured Approach. Sure, the basics are largely the same as security in non-cloud environments. However, there are new ways to implement much of these security measures, and if you aren't careful, you will miss all the new ways you must protect your resources and services that either change or are wholly new in the cloud.The Overlooked Security Risks of the Cloud. It's easy to think moving things to the cloud offloads work and lowers our risk profiles. Don't forget there are tradeoffs. We have to do more and different security things to ensure our services, data, and users are protected.And now for the Tip of the Week. Lock down your AMIs. If you have Amazon Machine Images—or AMIs—be sure they aren't available to other people. Even if these don't have your proprietary information in them, they do disclose your foundational EC2 image, so attackers can more easily tailor their approach to get into your real infrastructure. Ensure your AMI permissions are restrictive so the public can't touch them.Go to your AWS Console, EC2, and then AMIs. Select your AMIs, and then Actions, Modify Image Permissions, and then add your accounts. And that it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Links: AWS Cancels re:Inforce Security Conference in Houston Due to COVID-19: https://www.crn.com/news/cloud/aws-cancels-re-inforce-security-conference-in-houston-due-to-covid-19 Cloud-native security benefits and use cases: https://searchcloudsecurity.techtarget.com/tip/cloud-native-security-benefits-and-use-cases The state of cloud security: IaC becomes priority one: https://techbeacon.com/security/state-cloud-security-iac-becomes-priority-one Takeaways from Gartner's 2021 Hype Cycle for Cloud Security report: https://venturebeat.com/2021/08/12/takeaways-from-gartners-2021-hype-cycle-for-cloud-security-report/ IBM upgrades its Big Iron OS for better cloud, security, and AI support: https://www.networkworld.com/article/3626486/ibm-upgrades-its-big-iron-os-for-better-cloud-security-and-ai-support.html Securing cloud environments is more important than ever: https://federalnewsnetwork.com/commentary/2021/08/securing-cloud-environments-is-more-important-than-ever/ The Misunderstood Security Risks of Behavior Analytics, AI & ML: https://www.darkreading.com/risk/the-misunderstood-security-risks-of-behavior-analytics-ai-ml Accenture Says it ‘Detected Irregular Activity,' Restored Systems from Backup: https://www.darkreading.com/attacks-breaches/accenture-detected-irregular-activity- Google Releases Tool to Help Developers Enforce Security: https://www.darkreading.com/application-security/google-releases-tool-to-help-developers-enforce-security How to Make Your Next Third-Party Risk Conversation Less Awkward: https://www.darkreading.com/vulnerabilities-threats/how-to-make-your-next-third-party-risk-conversation-less-awkward Cost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations: https://www.darkreading.com/threat-intelligence/healthcare-sees-more-attacks-with-costs-higher-for-smaller-groups TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst Canary. This might take a little bit to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, or anything else like that that you can generate in various parts of your environment, wherever you want them to live; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use them. It's an awesome approach to detecting breaches. I've used something similar for years myself before I found them. Check them out. But wait, there's more because they also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment and manage them centrally. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files that it presents on a fake file store, you get instant alerts. It's awesome. If you don't do something like this, instead you're likely to find out that you've gotten breached the very hard way. So, check it out. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I am so glad I found them. I love it.” Again, those URLs are canarytokens.org and canary.tools. And the first one is free because of course it is. The second one is enterprise-y. You'll know which one of those you fall into. Take a look. I'm a big fan. More to come from Thinkst Canary weeks ahead.Jesse: There are many types of attacks that result in security breaches. To understand how many of them work, you need to understand how software languages function and how the hardware operations work in memory and in the CPU. However, you can learn a lot about security without having to learn those things. You can look at some of the attack vectors and gain a high-level understanding of what is happening. For example, man in the middle, or MITM, attacks are when someone inserts malicious code into the communication of two entities. That MITM service will capture communications, make a copy, then send it along like normal.A buffer overflow happens when the allocated memory space for some type of input–whether its contents of a file or dialog boxes and the like—is less than the amount of input. In simpler terms, there is a bucket available for input. The attacker pours more water into the bucket than the bucket can handle. The result is that code in memory could be overwritten and become executable. So, you can learn about security flaws without digging under the surface to see what is actually happening. However, I strongly urge anyone doing security-related things to learn more about these attack types, and the others.Meanwhile in the News. AWS Cancels re:Inforce Security Conference in Houston Due to COVID-19. The closings have begun. Dust off those creator lights, and prep that mic on your desk. In the wake of last year's lockdowns and sudden remote working, there was a huge spike in phishing and other scams. Don't be caught in this round.Cloud-native security benefits and use cases. If you have a multi-cloud or a hybrid SaaS and self-managed systems in cloud providers or in data centers, it's possible you need different security tools. Don't go all cloud-native just because you have an initiative to do so. Slow down and ensure your security meets the needs of all your technology and services, not just the new and shiny ones.The state of cloud security: IaC becomes priority one. Cloud-native services are far too complex to do traditional cybersecurity. Truly cloud-native services need cloud-native monitoring systems. Consider Infrastructure as Code, or IaC, as part of a comprehensive solution in your process.Takeaways from Gartner's 2021 Hype Cycle for Cloud Security report. If you only read this one because the headline is awesome, I think that's okay. Gartner's evaluations are often seen as a deep truths into impenetrable markets. Don't forget though, Gartner simply looks at all the parameters that are quantifiable and makes a judgement of comparison between products. They are valuable reports, yes, but it should never be the only deciding factor in making decisions on products to use.IBM upgrades its Big Iron OS for better cloud, security, and AI support. Don't worry if you aren't running z/OS. Most people aren't. However, if you are using z/OS, this looks to be a solid upgrade, assuming your systems meet the requirements et cetera, et cetera, et cetera.Securing cloud environments is more important than ever. I post a lot of foundational articles that talk about different—and sometimes the same—aspects of cybersecurity. I do this because there are so many of you who haven't implemented even one of my suggestions yet. Please read this one if you've ignored my earlier warnings.Announcer: Have you implemented industry best practices for securely accessing SSH servers, databases, or Kubernetes? It takes time and expertise to set up. Teleport makes it easy. It is an identity-aware access proxy that brings automatically expiring credentials for everything you need, including role-based access controls, access requests, and the audit log. It helps prevent data exfiltration and helps implement PCI and FedRAMP compliance. And best of all, teleport is open-source and a pleasure to use. Download teleport at goteleport.com that's goteleport.com.The Misunderstood Security Risks of Behavior Analytics, AI & ML. Finally someone with a realistic view of artificial intelligence—or AI—and machine learning—or ML. First, there is zero AI in generally available security software. None. They are not autonomous machines with the ability to think for themselves and make nuanced judgements. ML implies a feedback loop for self-tuning, based on the calculated confidence interval of the results. This is a lot to do on the fly with security data feeds, but some products do implement some ML, or at least make it available. The upshot is this: AI and ML are marketing terms. Grill your vendor on what the math is doing.Accenture Says it ‘Detected Irregular Activity,' Restored Systems from Backup. Oops. Don't forget, we all get popped someday. Please remember, we'll all get embarrassingly owned someday. How you recover, how fast you detect, and how fast you identify root causes are far more important than a tiny news article talking about how you got popped.Google Releases Tool to Help Developers Enforce Security. Yay, automated code analysis and testing. This is great. If you are running Google products and services, this helps your transition to shift left and introducing true DevSecOps.How to Make Your Next Third-Party Risk Conversation Less Awkward. Talking to vendors or open-source project teams about security issues in their code or services can be tough. You don't want to come off as completely suspicious and untrusting, however, you shouldn't come across as not caring or implying security isn't important, either.Cost of Cyberattacks Significantly Higher for Smaller Healthcare Organizations. Take heed, you smaller healthcare organizations. Ransomware tends to target critical infrastructure and hospitals because there is a higher probability of getting paid than there is for different verticals.And now for the tip of the week. You should have a network scanner that performs routine scans all the time. This is true of cloud-hosted systems, as well. Don't scan at the exact same time or in the same order in a day. Splay the times so it's a bit less predictable.Bring the scan data results into your SIEM and use it to help baselines, produce alerts, and generally to improve visibility of the current risk levels and overall security posture. Active scanning like this is valuable in several ways, such as enumerating what devices are answering on your network or networks. This can be input into your configuration management database, or asset list as well. Also, either the SIEM or the scanner will likely provide a way to map findings to the known security flaws in your systems. And that's it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Links: Cloud Security Basics CIOs and CTOs Should Know: https://www.informationweek.com/cloud/cloud-security-basics-cios-and-ctos-should-know/a/d-id/1341578? Spring 2021 PCI DSS report now available with nine services added in scope: https://aws.amazon.com/blogs/security/spring-2021-pci-dss-report-now-available-with-nine-services-added-in-scope/ Top 5 Benefits of Cloud Infrastructure Security: https://www.kratikal.com/blog/top-5-benefits-of-cloud-infrastructure-security/ The three most important AWS WAF rate-based rules: https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/ Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities: https://www.darkreading.com/cloud/researchers-call-for-cve-approach-for-cloud-vulnerabilities Managed Private Cloud: It's all About Simplification: https://www.computerworld.com/article/3623118/managed-private-cloud-its-all-about-simplification.html 100 percent of companies experience public cloud security incidents: https://betanews.com/2021/08/04/100-percent-public-cloud-security-incidents/ Why cloud security is the key to unlocking value from hybrid working: https://www.welivesecurity.com/2021/08/05/why-cloud-security-key-unlocking-value-hybrid-working/ Organizations Still Struggle to Hire & Retain Infosec Employees: Report: https://www.darkreading.com/careers-and-people/organizations-still-struggle-to-hire-retain-infosec-employees-report NSA, CISA release Kubernetes Hardening Guidance: https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/ HTTP/2 Implementation Errors Exposing Websites to Serious Risks: https://www.darkreading.com/application-security/http-2-implementation-errors-exposing-websites-to-serious-risks Ransomware Gangs and the Name Game Distraction: https://krebsonsecurity.com/2021/08/ransomware-gangs-and-the-name-game-distraction/ Using versioning in S3 buckets: https://docs.aws.amazon.com/AmazonS3/latest/userguide/Versioning.html TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org, in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of: canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Jesse: The general theme in security news and trends show us that perimeter defense has a whole new meaning. There is no large perimeter anymore. Nearly every device is on a public or otherwise hostile network, from servers to phones to laptops. Every device needs scanning, protecting, monitoring, and analyzing. None of these devices can be viewed in a vacuum, as separate entities without the context of behavior of systems and services accessed from across a network.This is why zero trust and cloud native applications and services go so well in these hard times. If you can't trust anything without checking on current events, then you have to authenticate and analyze in real-time to determine if something is safe to allow. In the ancient days of yore, everything was default allow and you stopped things you knew were bad. Then along came default deny, where you allowed only those things you white listed. But that was a full-time allowance of bad things to happen when an account was compromised.Ditch the white list and just implement real-time contextual security. If you do this, does it really matter if someone gets a hostile device on your network? Nope. If you treat everything, including owned and managed assets, as hostile, some new unmanaged device or service doesn't change your operations or exposure much if at all.Meanwhile in the news. Cloud Security Basics CIOs and CTOs Should Know. Some of the critical things non-cybersecurity execs ought to know: moving to the cloud isn't a security easy button, cybersecurity insurance generally sucks, and moving to the cloud takes a lot more work than people think to get operationally secure.Spring 2021 PCI DSS report now available with nine services added in scope. When you do compliance and use cloud infrastructures and SaaS services, you need to prove your services support compliance requirements. This AWS report can help. Also, review the new services added to see if you can improve your service delivery and applications supporting PCI.Top 5 Benefits of Cloud Infrastructure Security. Using the cloud doesn't make you more secure, but there are advantages that can make security more manageable in the cloud than it is in legacy data centers.The three most important AWS WAF rate-based rules. Sometimes ya just got to geek out. Also, your security person won't always be there to set up things like Web Application Firewalls with DDOS mitigation and other nifty security and compliance tools.Researchers Call for ‘CVE' Approach for Cloud Vulnerabilities. If there is a vulnerability in cloud service provider services, they should get a CVE like anyone else, right? After all, it's just software, which is what the CVE is supposed to track.I understand shining light on the problems to force cloud companies to fix them, but that is partly what the CVE system is for. If there are configurations that open gaping security holes, they need to be in CVE. Why do they want to make a new thing to replace a perfectly good thing?Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Managed Private Cloud: It's all About Simplification. So, let's see if I understand this. Several article sources talk about the benefits of using private cloud citing the exact same benefits as using a public cloud service, except claiming it's more secure for finance and medical verticals. Hello folks, AWS Outposts anyone? The only difference is the shared responsibility model, except that now you have an outside agency managing everything. Neither are more or less secure than the other. They are different approaches to risk acceptance and mitigation.100 percent of companies experience public cloud security incidents. Despite the sensationally alluring feel of the headline, the real news from this is that moving to cloud operations exposes the horrible lack of processes around custom development and production management that most organizations have. Don't blame being in the cloud for your poor operations, just don't be stupid.Why cloud security is the key to unlocking value from hybrid working. [sigh]. Hybrid cloud, hybrid cars, hybrid corn, and now hybrid work. I haven't understood why it's so hard to understand that there are additional security concerns and either increased or displaced risk pushing workloads and data to the cloud. The only common answer I can think of is that security in general is full of theater and drama. Of course, there's more risk. Obfuscated risk is dangerous.Organizations Still Struggle to Hire & Retain Infosec Employees: Report. The extreme lack of trained and/or experienced cybersecurity talent underscores the importance of all of us knowing security well enough to mitigate most risks. Sure, having someone dedicated to the work is far superior to having security tacked onto the duties of others, but without the ability to fill those dedicated roles, someone has to keep the script kiddies and APTs out.NSA, CISA release Kubernetes Hardening Guidance. This is pure IT security gold. The spooks often hold secrets most of us haven't figured out, partially due to the immense resources they throw at cybersecurity. This report is 52 pages of great advice. Also, now everyone knows security issues in Kubernetes environments. Don't be stupid. Go read this now.HTTP/2 Implementation Errors Exposing Websites to Serious Risks. Black hat and other security conferences are famous for gloom and doom pronouncements that are just theoretical attacks that likely won't ever be practical in real-world production systems. However, this one may have some legs.Ransomware Gangs and the Name Game Distraction. With ransomware groups regularly getting international media attention, they're retreating to the shadows when the heat turns up on them. They will vanish from headlines, but they will simply rebrand and move forward as if they were a new group. This is why following Indicators Of Compromise, or IOCs, is more important than worrying about the exact behavior profile or name of a group.And now for the tip of the week. Don't lose overwritten file data. Use S3 versioning. Enabling versioning on your S3 buckets allows disaster recovery and an audit trail for changes in your data objects. The docs are fairly straightforward, as well. Check out the AWS doc section called: Using versioning in S3 buckets. And that's it for the week, folks. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
Links: 4 Factors that Should Be Part of Your Cybersecurity Strategy: https://www.csoonline.com/article/3625254/4-factors-that-should-be-part-of-your-cybersecurity-strategy.html Software Bill of Materials'—not just good for security, good for business: https://thehill.com/opinion/cybersecurity/564787-software-bill-of-materials-not-just-good-for-security-good-for-business Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant: https://www.cpomagazine.com/cyber-security/third-party-security-failure-caused-1-tb-data-breach-at-saudi-aramco-hackers-play-puzzle-games-with-oil-giant/amp/ Federal Tech Leaders Outline Future of FedRAMP: https://governmentciomedia.com/federal-tech-leaders-outline-future-fedramp ‘Holy moly!': Inside Texas' fight against a ransomware hack: https://apnews.com/article/technology-government-and-politics-business-texas-hacking-47e23be2d9d90d67383c1bd6cee5aef7 Firefox 90 Drops Support for FTP Protocol: https://www.securityweek.com/firefox-90-drops-support-ftp-protocol Lower-Level Employees Become Top Spear-Phishing Targets: https://www.darkreading.com/attacks-breaches/lower-level-employees-become-top-spearphishing-targets U.S. Government unlikely to ban ransomware payments: https://U.S. Government unlikely to ban ransomware payments The Power of Comedy for Cybersecurity Awareness Training: https://www.darkreading.com/careers-and-people/the-power-of-comedy-for-cybersecurity-awareness-training Inside the Famed Black Hat NOC: https://www.darkreading.com/edge-articles/inside-the-famed-black-hat-noc Cloud Security Alliance Releases Guide to Facilitate Cloud Threat Modeling: https://cloudsecurityalliance.org/press-releases/2021/07/29/cloud-security-alliance-releases-guide-to-facilitate-cloud-threat-modeling/ 5 Benefits of Disaster Recovery in the Cloud: https://securityboulevard.com/2021/08/5-benefits-of-disaster-recovery-in-the-cloud/ Black Hat USA 2021 and DEF CON 29: What to expect from the security events: https://www.techrepublic.com/article/black-hat-usa-2021-and-def-con-29-what-to-expect-from-the-security-events/ TranscriptJesse: Welcome to Meanwhile in Security where I, your host Jesse Trucks, guides you to better security in the cloud.Corey: This episode is sponsored in part by Thinkst. This is going to take a minute to explain, so bear with me. I linked against an early version of their tool, canarytokens.org in the very early days of my newsletter, and what it does is relatively simple and straightforward. It winds up embedding credentials, files, that sort of thing in various parts of your environment, wherever you want to; it gives you fake AWS API credentials, for example. And the only thing that these things do is alert you whenever someone attempts to use those things. It's an awesome approach. I've used something similar for years. Check them out. But wait, there's more. They also have an enterprise option that you should be very much aware of canary.tools. You can take a look at this, but what it does is it provides an enterprise approach to drive these things throughout your entire environment. You can get a physical device that hangs out on your network and impersonates whatever you want to. When it gets Nmap scanned, or someone attempts to log into it, or access files on it, you get instant alerts. It's awesome. If you don't do something like this, you're likely to find out that you've gotten breached, the hard way. Take a look at this. It's one of those few things that I look at and say, “Wow, that is an amazing idea. I love it.” That's canarytokens.org and canary.tools. The first one is free. The second one is enterprise-y. Take a look. I'm a big fan of this. More from them in the coming weeks.Jesse: As more services are delivered by cloud-native microservices with dynamic scaling, compliance management and monitoring becomes terrifyingly complex and difficult. The way around this is to implement processes and tools that can continuously monitor and manage compliance-related configurations using automated analysis and reporting of your cloud-native services. This collection of processes and tools is called Cloud Security Posture Management, or CSPM. CSPM generally involves a fair amount of automation to ensure secure practices are used and compliance requirements are continuously met. Implementing CSPM alongside DevSecOps and an organizational focus on shifting left in services development rounds out a tripod to support your cloud initiatives.Meanwhile, in the news. 4 Factors that Should Be Part of Your Cybersecurity Strategy. Our security perimeters are no longer controlled by our organizations. With so many people working remote, every device on their network has become part of the threat landscape, from connected fridges to game consoles.‘Software Bill of Materials'—not just good for security, good for business. SBOMs, as they're called, are coming. Even if there is never a law forcing SBOMs like food ingredients labels, there could be an ever-increasing requirement for vendors to supply them. It might be a good idea to start building these, even if they're only supplied when legally or contractually required.Third Party Security Failure Caused 1 TB Data Breach at Saudi Aramco; Hackers Play Puzzle Games With Oil Giant. This case study is like slowing down to see the aftermath of a crash and trying to piece together what happened. Given the breach came from a vendor, it's a sideways attack on Aramco. Are you sure your vendors are secure? Thoroughly analyze all your third-party tools and services to ensure they aren't the weaker link.Federal Tech Leaders Outline Future of FedRAMP. Changes to FedRAMP are a big deal if they open up options for US federal agencies, or if the FedRAMP process—or its replacement—speed up certification. Many FedRAMP SaaS services lag their commercial counterparts because it takes so long to jump through the FedRAMP approval process. This hurts the market and the federal agencies.‘Holy moly!': Inside Texas' fight against a ransomware hack. Learn from the plight of others before others learn from your plight. Reading case studies of disclosed incidents gives us insight into how doomed we are if we don't get our act together.Firefox 90 Drops Support for FTP Protocol. [sigh]. This is the end of an era of wide-open access and abuse. But I'm a little sad and nostalgic for my early computing days. I remember using FTP to get things to my internet-connected host account where I could then use Zmodem or Kermit to download things to my local machine. I remember when using HTML sites were new, but you could still get everything from FTP sites. Ugh, the bad old days.Announcer: If you have several PostgreSQL databases running behind NAT, check out Teleport, an open-source identity-aware access proxy. Teleport provides secure access to anything running behind NAT, such as SSH servers or Kubernetes clusters and—new in this release—PostgreSQL instances, including AWS RDS. Teleport gives users superpowers like authenticating via SSO with multi-factor, listing and seeing all database instances, getting instant access to them using popular CLI tools or web UIs. Teleport ensures best security practices like role-based access, preventing data exfiltration, providing visibility, and ensuring compliance. Download Teleport at goteleport.com. That's goteleport.com.Jesse: Lower-Level Employees Become Top Spear-Phishing Targets. We always protect the big fish but the better target for phishing are the people not being closely monitored. If you can trick a system into lateral movement or privilege escalations, you can start with any non-admin user and infiltrate silently. This is why good SIM tools and behavior analysis mechanisms are critical to modern security.U.S. Government unlikely to ban ransomware payments. Now, this is a relief. This is like making it illegal to pay a kidnapper, even when the kidnapper is not within the U.S. Please try to solve your ransomware problems without paying, but if you must, you must.The Power of Comedy for Cybersecurity Awareness Training. The Duckbill Group's own Corey Quinn is the living embodiment of teaching through humor. When we laugh, we remember. Also, there's a lot of hilarity in security if you lean back and see it all at once. Aren't we just a series of bad sitcom reruns where all the same tropes are trotted out every season, and you can't even tell a rerun from a first-run? It's the same attacks and mostly the same old tired defenses, day in and day out.Inside the Famed Black Hat NOC. I was inside the DEFCON SOC once and the concentration of security skill and experience in the room was amazing. They were friendly and collegial and great to work with. If a couple dozen people can build a world-class SOC or NOC for an event that lasts only a few days, we can all make some great improvements with the limited resources at home.Cloud Security Alliance Releases Guide to Facilitate Cloud Threat Modeling. When shifting left and doing DevSecOps, there has to be methods for assessing security issues faced by the systems you build. If you don't have at least a flashlight, you won't notably improve security.5 Benefits of Disaster Recovery in the Cloud. When I first worked with disaster recovery and business continuity, we would ship tapes to a vendor who sets up hardware we were using for recovery from backups exercise on bare-metal systems. Whoo. Wow, have times changed. DR in the cloud could be more about distributed active sites split across regions, and other such fun things instead of slow hardware solutions.Black Hat USA 2021 and DEF CON 29: What to expect from the security events. The last week of July and/or the first week of August each year is ‘Security Summer Camp' in Las Vegas, Nevada, in the United States of America. We've called this week that for years because in the same week in the same city, there is Black Hat, one of the largest security conferences in the world, DEF CON the largest hacker conference in the world, and besides—although this year it's virtual again—as well as a variety of other events.And now for the tip of the week. Use Kubernetes. If you want to decouple your services delivery from the underlying systems and infrastructure, look to Kubernetes. If you are building a multi-cloud hybrid strategy, using Kubernetes is likely a great option to reduce your complexity and overhead. And that's it for the week. Securely yours, Jesse Trucks.Jesse: Thanks for listening. Please subscribe and rate us on Apple and Google Podcast, Spotify, or wherever you listen to podcasts.Announcer: This has been a HumblePod production. Stay humble.
This week Paulino Calderón joins the show to chat about his methodology for finding bugs in IoT devices, using Lua for quick exploit development, alarming vulnerabilities he found in a smart water bottle, extending Nmap's functionality and his tips for starting a security business. For more information, including the show notes check out https://breachsense.io/podcast
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
MacOS GateKeeper Bypass https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass Fortinet FortiOS SSL VPN Vulnerabilities https://fortiguard.com/psirt Customizing NMAP Service Detection https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/