A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
http://www.brakeingsecurity.com
episode 36: Tony Robinson, news of the week, @da_667 new book! -part1
Tony Robinson (@da_667)
Thought we’d put in a little news to round out the show
https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich
https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/
https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch
https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/
https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks
https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html
Similar device on ebay: https://www.ebay.com/itm/324762812721
https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year/
https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html
https://0xdf.gitlab.io/
www.leanpub.com/avatar2 MSRP = $30 USD
Book changes
What is the end goal?
Upskill?
Independent consultant?
Promotion?
Bug bounties?
Lab setup -
Lab setup types
Cloud based -
Desktop/laptop/NUC -
Server -
Good VMs to
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ - 90 day WIndows machines
What other home lab equipment have would be helpful?
Testing IoT/embedded devices?
Car hacking?
Malware analysis?
https://bazaar.abuse.ch/
Virus Total Intelligence
Honeypots
@malware_traffic - https://twitter.com/malware_traffic/status/1446627364147023877
Analyzing binaries?
Patch analysis (patch tuesday, print nightmare, etc)?
https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html
https://www.netresec.com/?page=networkminer
Soldering?
Oscillators for voltage checks?
Wireless?
Old cellphones (mobile apps, don’t need cellular)
Personal assistant devices (used IoT devices?)
Accessing data stored on devices
Specific software licenses?
Burp?
If I’m trying to break into infosec, how do I use my lab to sell myself to an employer?
Does the employer care?
How can someone show what they’ve learned in a way that shows the value?