DiscoverThe Shellsharks Podcast
Claim Ownership
19 Episodes
Reverse
Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management’s role in combatting burnout.
Show Notes
Mastodon
Stars, Boosts & Toots
Diaspora
Infosec.Exchange
Fediverse
Defcon.social
ActivityPub rocks!
Why I Blog. You Should Too!
SQL Slammer
What Certification or Training Should I Take?
Interview w/ Security Engineer, Eva Georgieva
MFA Prompt Bombing
Getting Into Information Security
An Ode to RSS
Cybersecurity burnout is real
Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy!
Show Notes
I Said No to Online Cookies. Websites Tracked Me Anyway. | Consumer Reports
Story of Dan Frechtling & Scott Moore
Privacy Regulations - GDPR, LGPD, CCPA, CPRA
Sephora Privacy Settlement
Global Privacy Control
The American Data Privacy and Protection Act (ADPPA)
Advanced Data Protection Control (ADPC)
US Privacy String
OSINT Sock Puppets
RuTarget Harvesting Google Data
Executive Order on Protecting Foreign Intel from Surveilling US Citizens
Is TikTok safe?
Deprecation of third-party cookies
SSO wall of shame
GDPR enforcement tracker
Future of Privacy Forum
TROPT Defining the Privacy tech Landscape Whitepaper
IAPP
Three Ways Your Data is Leaking in Advertising and How to Avoid It
Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more!
Note: Had some challenges with audio leveling, I apologize for any audio weirdness!
Show Notes
Uber Incident
Eva’s AMA on Reddit
#hackintocybersec
OLLMOO
TryHackMe
Hack The Box (Academy)
TCM Security
Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting!
Show Notes
Hunters.ai
Long Tail Analysis
The DFIR Report
2022 CrowdStrike Global Threat Report
Red Canary 2022 Threat Detection Report
Twitter Global CERTs/CSIRTs/ISACs list (Twitter is sort of defunct now though)
MISP
Threat Hunting w/ Python (Dragos)
The Cyber Kill Chain (Lockheed Martin) - shellsharks
CIS Critical Security Controls
alert(1)
Practical Threat Hunting Training (Chris Sanders)
MITRE ATT&CK
Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!
Show Notes
VoidSec
The Shellcoder's Handbook
Offensive Security | EXP-401 | AWE | OSEE
Google Project Zero
PrintDemon (Alex Ionescu & Yarden Shafir)
VoidSec CVE-2020-1337
Zerodium
Immunefi - Web3 has huge bounty payouts
IDA Pro
Burp Suite Professional
010 Editor
Ghidra
BinaryNinja
The Art of Software Security Assessment
RET2SYSTEMS Training
Zero Day Initiative (ZDI)
TrendMicro
Corelan
CVE North Stars
Pwn2Own
secret club
UpdatedSecurity - Security Forum
Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust!
Show Notes
Pomerium
Latin meaning of "pomerium"
Some fun with Latin on Shellsharks - The Enchiridion of Impetus Exemplar
Jericho Forum, now The Open Group Security Forum
BeyondCorp
NIST SP 800-207: Zero Trust Architecture
M-22-09: Moving the US Government Toward Zero Trust Cybersecurity Principles
Q&A with Zero Trust Architecture Writers from NIST
Rego Policy Language
Open Policy Agent
Istio Service Mesh
Open Source Pomerium on GitHub
2021 Twitter Hack
OASIS eXtensible Access Control Markup Language (XACML)
HashiCorp Sentinel Framework
Awesome Zero trust
A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, minware!
Show Notes
TI-85 Graphing Calculator
Number Munchers
DragonRealms, Gemstone III
(current) NSA Student Programs
Web Tap: detecting covert web traffic
University of Michigan PhD in CSE
Executive Order on Improving the Nation's Cybersecurity
U.S. Cyber Command
Kevin's Usenix Security Publications - Chimera: A Declarative Language for Streaming Network Traffic Analysis + NSA Slides
Securing Network Input via a Trusted Input Proxy
Towards Quantification of Network-Based Information Leaks via HTTP
SELinux
Project Zero
Kevin Borders on QuoraDoes the NSA Have Better Engineers than Facebook or Google?
About minware
Halting problem
Blackhat / Defcon
100% Prevention - LOL!
What are some computer hacks that hackers know but most people don't?
The Most Hated Man on the Internet
NSO Group iMessage Zero-Click Exploit, FORCEDENTRY
Okta breach 2022
NIST SP 800-207: Zero Trust Architecture
SolarWinds Breach
How to Contribute to Open Source
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more!
Show Notes
Preshow
MITRE ATT&CK
OWASP Docker Top 10
OWASP Kubernetes Top 10
Main Show
SLSA - Supply Chain Framework
Software Artifact Provenance
Software Attestations
in-toto - Supply Chain Framework
OpenSSF YouTube Channel
SLSA Community
SLSA Github
slsa.dev
OWASP Software Component Verification Standard
Pocket
NFTs, explains (The Verge)
2021 Gamestop short squeeze
r/wallstreetbets
GameStop NFT Marketplace
Immortal Game
Reddit NFT Marketplace
Bored Ape Yacht Club + Roaring 20's
CRYPTOCVES
NVD + Mitre
Moxie Marlinspike on NFTs and Web3
Web3
Web5 (lol)
Bitcoin
51% attacks
Poly Network cryptocurrency hack
Web 3 is going just great
Lattice-based cryptography
Postshow
Chinese Housewife Wikipedia Misinformation
Twitter verification
Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!
Show Notes
Main Show
Greg Edwards
CryptoStopper
WannaCry ransomware
Jigsaw ransomware
Colonial Pipeline hack
LambdaLocker
Solarwinds Supply Chain Compromise
18 CIS Critical Security Controls
Ransomware as a Service (RaaS)
Ransomware Payments via Crypto
OST Debate
Shadow Brokers
Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security’s challenging OSWE certification, discuss where we get our inspiration for blogging and more!
Show Notes
Main Show
tpetersonkth.github.io
Offensive Security - OSWE
DEF CON YouTube channel
HackTheBox
Offensive Security - OSCP
Thomas's OSWE Review 2022
Shellsharks Desk setup
eLearnSecurity - PTP
IKEA
OG Shellsharks Look
Shellsharks - Captains Log
Postshow
Swedish Fika
Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!
!! Explicit Language Alert !!
Show Notes
Preshow
Check out my monitor setup via my Desk Setup 2021 post
Check out the apps I typically use via my Mac Tools post
Hone your coding skills with Leetcode
Elite "PewPew" map courtesy of FireEye
Main Show
Ukraine Humanitarian Fund
Google (allegedly) un-blurring Russian satellite imagery
Tracking Russian soldiers using stolen iPhones
Destructive Wipers
Named Vulnerabilities List
CrowdStrike APT Adversary Universe
Mandiant APT Naming
Dragos Threat Activity Group Names
What is a Chollima?
Offensive Security Courses
OffSec WEB-300/AWAE/OSWE
Certifications are not like Pokemon Cards
Shellsharks Podcast on Burnout
My Reddit AMA
"Thought Leader"
The CISSP
DoD 8570
Metasploit Default Credential CVE
Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!
Show Notes
Main Show
Little Man In My Head: https://littlemaninmyhead.wordpress.com
Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
NaCl: Networking and Cryptography library: https://nacl.cr.yp.to
Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto
Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html
Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis
Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
Ron Rivest: https://people.csail.mit.edu/rivest/
Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography
AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/
Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm
Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
DevSecOps: Just one definition - https://www.devsecops.org
OWASP: https://owasp.org
CAPTCHA: https://support.google.com/a/answer/1217728?hl=en
reCAPTCHA: https://www.google.com/recaptcha/about/
Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/
OWASP Top 10: https://owasp.org/www-project-top-ten/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
SAST: https://www.synopsys.com/glossary/what-is-sast.html
Microservices: https://microservices.io
DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
OWASP Zap: https://owasp.org/www-project-zap/
SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html
Inception: https://www.imdb.com/title/tt1375666/
Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/
Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/
NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
TruffleHog: https://trufflesecurity.com/trufflehog
Log4Shell: https://log4shell.com/
CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Heartbleed: https://heartbleed.com
Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf
Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
BurpSuite: https://portswigger.net/burp
Postshow
Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.
Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!
Show Notes
Preshow
Simplenote: https://simplenote.com
Notion: https://www.notion.so
Obsidian: https://obsidian.md
Visual Studio Code: https://code.visualstudio.com
Notepad++: https://notepad-plus-plus.org/downloads/
GitHub Pages: https://pages.github.com
Atom: https://atom.io
Main Show
Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20
Infosec Blogs: https://shellsharks.com/infosec-blogs
An Ode to RSS: https://shellsharks.com/an-ode-to-rss
Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334
Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/
OWASP Top 10: https://owasp.org/www-project-top-ten/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf
OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf
OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf
OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
That’s some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/
ChaosDB: https://chaosdb.wiz.io
Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!
Show Notes
Preshow
Audio Hijack: https://rogueamoeba.com/audiohijack/
Rogue Amoeba: https://rogueamoeba.com
OmniFocus: https://www.omnigroup.com/omnifocus/
Todoist: https://todoist.com/
Notion: https://www.notion.so
Fantastical: https://flexibits.com/fantastical
Getting Things GNOME!: https://wiki.gnome.org/Apps/GTG
Main Show
Crader Security: https://cradersecurity.com
Why I Blog. You Should Too!: https://shellsharks.com/you-should-blog#title
WGU: https://www.wgu.edu
Shellsharks Captain’s Log: https://shellsharks.com/captains-log
MIT Open Courseware: https://ocw.mit.edu/index.htm
Raspberry Pi: https://ocw.mit.edu/index.htm
AWS Free Tier: https://aws.amazon.com/free/
Pluralsight: https://www.pluralsight.com
GitHub Developer Pack: https://docs.github.com/en
Google Cloud Free Tier: https://cloud.google.com/free
Potent Wisdom: https://potentwisdom.com - Coming Soon!
The Linux Smack: https://linuxsmack.com - Coming Soon!
The Privacy Smack: https://privacysmack.com - Coming Soon!
TryHackMe: https://tryhackme.com
Postshow
Shellsharks Inbox Zero - https://shellsharks.com/inbox-zero#title
Digital Minimalism - https://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515
Kyle (@cyberspacekyle) and Masie (@masiehabibi) join me (@shellsharks) once more to chat motivation and burnout in infosec and in life. We also have a fiery fitness challenge throw-down! I hope you enjoy this relatively short but lively episode!
Preshow
Apple Watch Fitness Competitions: https://support.apple.com/en-us/HT207014
Main Show
Shellsharks: https://shellsharks.com
Linkedin: https://www.linkedin.com/
Blind: https://www.teamblind.com
Join myself (@shellsharks) and my guest Sukrit (@sukritdua) as we chat pentesting, training, craft beer and more!
Note: I apologize in advance as Sukrit’s audio was a little spotty. Enjoy!
Show Notes
Preshow
Collective Arts Brewing: https://collectiveartsbrewing.com/us/
Quebec Maple Coke: https://www.coca-colacanada.ca/en/specialtysoda/quebec-maple/
Icewine: https://mywinecanada.com/wine/ice-wine
Dragon Stout: https://www.ratebeer.com/Ratings/Beer/Beer-Ratings.asp?BeerID=749
Main Show
Kali Linux: https://www.kali.org
HackerOne: https://www.hackerone.com
BugCrowd: https://www.bugcrowd.com
SANS Cyber Security Blog: https://www.sans.org/blog/
PortSwigger Blog: https://portswigger.net/blog
INE / eLearnSecurity: https://ine.com/pages/elearnsecurity-pricing
Shellsharks: https://shellsharks.com
Getting Into Information Security: https://shellsharks.com/getting-into-information-security
Reddit Feedback: https://www.reddit.com/r/netsecstudents/comments/m0lbst/a_guide_for_those_looking_to_break_into_the/
PTP: https://elearnsecurity.com/blog/ptpv4-launch/
OSCP: https://www.offensive-security.com/pwk-oscp/
Try Harder: https://www.offensive-security.com/offsec/say-try-harder/
Web Application Hackers Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Web Security Academy: https://portswigger.net/web-security
Hacker101 CTF: https://www.hackerone.com/blog/Introducing-Hacker101-CTF
OverTheWire: https://overthewire.org/wargames/
picoCTF: https://picoctf.org
SANS Holiday Hack Challenge: https://holidayhackchallenge.com
Cybrary: https://www.cybrary.it
PentesterAcademy: https://www.pentesteracademy.com
PentesterLab: https://pentesterlab.com
eWPT: https://elearnsecurity.com/product/ewpt-certification/
eWPTX: https://elearnsecurity.com/product/ewptxv2-certification/
SANS SEC542: https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/
INE Plans: https://ine.com/pages/plans
SANS Work Study Program: https://www.sans.org/work-study-program/
SANS Summits: https://www.sans.org/cyber-security-summit
SAN SEC660: https://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/
Stephen Sims: https://www.sans.org/profiles/stephen-sims/
aCloudGuru: https://acloudguru.com
Pluralsight: https://www.pluralsight.com
Linux Academy: https://login.linuxacademy.com
Postshow
Untappd: https://untappd.com
Foursquare: https://foursquare.com
Mike on Untappd: @beersharks
Sukrit on Untappd: @AllPints
Hill High Marketplace: http://www.hill-high.com
untappdScraper: https://github.com/WebBreacher/untappdScraper
Captains Log: https://shellsharks.com/captains-log
This week on The Shellsharks Podcast, @masiehabibi joins me (@shellsharks) to talk Clubhouse, ransomware, the Colonial Pipeline hack, Google I/O, iOS vs Android and more!
Podcast Pre-chat
Clubhouse: https://www.joinclubhouse.com
Find me on Clubhouse @shellsharks !
2021 Microsoft Exchange Vulnerabilities: https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/
Twitter Spaces: https://blog.twitter.com/en_us/topics/product/2021/spaces-is-here.html
The Shellsharks Podcast website: https://shellsharks.com
Colonial Pipeline Hack & Ransomware Discussion
Colonial Pipeline hack: https://www.wired.com/story/colonial-pipeline-ransomware-attack/
Tesla: https://www.tesla.com
Darkside ransomware group: https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/
Home Depot breach: https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5
RTF Report: Combatting Ransomware: https://securityandtechnology.org/ransomwaretaskforce/report/
SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/publications/detail/sp/800-207/final
BeyondCorp: https://cloud.google.com/beyondcorp
Google I/O vs Apple Events & iOS vs Android
Google I/O: https://events.google.com/io/?lng=en
Google LaMDA: https://www.blog.google/technology/ai/lamda
Apple Spring Event 2021: https://www.apple.com/apple-events/april-2021/?useASL=true
Google Duplex: https://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.html
WWDC: https://developer.apple.com/wwdc21/
iOS Jailbreaking: https://en.wikipedia.org/wiki/IOS_jailbreaking
CheatsWithFriends: http://cydia.saurik.com/package/com.fire30.hackingwithfriends/
Join myself (@shellsharks), Kyle (@cyberspacekyle) and Masie (@masiehabibi) as we discuss Getting Into Information Security, what industry certifications are best to get for those new to the field and more!
Old Ox Brewery: https://www.oldoxbrewery.com
Chimay Blue: https://www.beeradvocate.com/beer/profile/215/2512/
Security+: https://www.comptia.org/certifications/security
SANS: https://www.sans.org
SEC503 Network Intrusion Detection: https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/
ACloudGuru: https://acloudguru.com
Python: https://www.python.org
DOD 8570 (from SANS): https://www.giac.org/certifications/dodd-8570
Introducing The Shellsharks Podcast! Join me (@shellsharks) in this new show about all things Infosec, Technology and Life-in-general.
For more on Shellsharks, check out the site!