Security Headlines Firo Solutions

Subscribe to Hacker Talk and listen to the latest episodes at:

https://anchor.fm/hacker-talk

In this episode of Security Headlines we deep dive into fuzzing with Patrick Ventuzelo.



topics that we cover:

being niched in cyber security

patricks background, doing pentests on telecom networks, doing security research on the android kernel for the french DoD, reverse engineering, development

Zero days in the android kernel

choicing a target when fuzzing

 blackbox and whitebox fuzzing

fuzzing golang projects

fuzzing rust projects

setting up fuzzing enviroments

webassembly security 

fuzzing webassembly

invalid web assembly opcodes

the next generation of browser exploits

javascript runtimes

exploiting webassembly in the browser

fuzzing blockchain applications

how to write a fuzzer

what to look for while fuzzing

fuzzing javascript

writing fuzzers in python

ataris fuzzer for python code

libfuzzer

llvm

analysing code repositories and finding bad patterns

golang built in fuzzing(go-fuzz, fuzzing draft)

fuzzing ethereum solidity smart contracts

fuzz bench by google

fuzzing the android kernel

beacon fuzz

reporting security bugs

github security advisory

favorite security conferences











External links:



https://fuzzinglabs.com/

http://stackoverflow.com/questions/43153964/ddg#43154559

https://www.youtube.com/channel/UCGD1Qt2jgnFRjrfAITGdNfQ

telegram fuzzlab lab

https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-exploits.html

In this episode of Security Headlines, we are joined by Jay Townsend who is 

maintaining several infosec tools such as the harvester and discover.

The harvester is a very popular tool for doing Osint analysis. Tune into this episode 

as we deep dive into Osint, the opensource information gathering realms.







In this episode we cover:  

what is osint and how can we use it?

discover, lee baird

the harvester

dnsrecon

bash

python

backtrack

wifi security, wep

wifi pineapple, bash bunny, hack5

hack the box, try hack me, hack this site.org

sysadmin, ansible

finding passwords in log files

how to apply security hardenings, systemctl hardenings 

running weekly security scans

bug bounties

penetration tests

finding old applications in production

burpsuit

using the harvester 

harvester in kali linux, parrotsec, blackarch and debian

porting the harvester to python 3

screen-shooting websites with the harvester

hidden features in the harvester

fierce dns hacking

dnsrecon

how to perform osint analysis on yourself and others

how to protect yourself against osint attacks

using throw away email addresses

how to use osint during penetration tests

python development

docker

linux firmware, wifi drivers

visual code 

the latest windows exploits







Links:

https://en.wikipedia.org/wiki/PyCharm

https://www.parrotsec.org/

https://github.com/leebaird

https://www.youtube.com/watch?v=F9UZdPokkhw

https://github.com/laramies/theHarvester

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-windows-10-serioussam-vulnerability/

https://en.wikipedia.org/wiki/Open-source_intelligence

https://twitter.com/jay_townsend1

https://bloodhound.readthedocs.io/en/latest/ 

https://www.ansible.com/

In this episode of Security Headlines, Kolja Weber the creator of flokinet.is joins us. 



In this episode we talk about:

flokinet

internet privacy

german pirate party

internet privacy laws

Iceland

starting an internet service provider

running an internet service provider

ipv4 addresses

adoption of privacy friendly tools

handling abuse requests 

starting an internet service provider

RIPE

denial of service attacks

mitigating denial of service attacks

starting a privacy focused internet service provider

DNS amplification attacks

security

free speech

adoption of https, starttls and dkim



external links:

https://flokinet.is

https://twitter.com/frelsisbaratta

https://www.afrinic.net/

https://ripe.net

https://en.wikipedia.org/wiki/RIPE_NCC

https://en.wikipedia.org/wiki/AFRINIC

https://letsencrypt.org/

https://www.qubes-os.org/

In this episode of Security Headlines, we are joined by Michael Dubell who co-founded Sweden's first student security  

capture the flag team. What is capture the flag and how do you play it? How can you into hacking through the doors of playing  

ctf's?  Michael started playing around with security as a teenager and the journey led him the capture the flag team, known  

as "ChalmersCTF".

Today, Michael is working with security during the day, and during the night he is developing the soon to   

be released "bountrystrike"(which you can find on bountystrike.io) tool.



Tune in as we talk about CTF, and a lot more!





In this episode we cover:  



halo one online



wallhack



war games



hacking on forums



hack this site



over the wire



https://www.hellboundhackers.org/



chalmers  



chalmers CTF



how to start a "capture the flag" team  



organizing capture the flag meetups



beginner ctfs



over the wire  



the capture the flag scene in Sweden  



over the wire  



whitebox pentesting   



bug bounties



automating scanning and automating bug bounties



vulnerability management   



finding bugs in bug bounty programs   

 

## External links:   

https://github.com/search?q=capture%20the%20flag%20writeups&type=Everything&repo=&langOverride=&start_value=1   

https://github.com/zardus/ctf-tools       

https://ctftime.org     

https://chalmersctf.se/     

https://overthewire.org   

https://twitter.com/StevenVanAcker    

https://bountystrike.io/    

https://dubell.io/   

In this episode of Security Headlines, we are joined by one of the minds behind the OpenBSD project, Antoine Jacoutot.  He is responsible  

for porting over 300 packages into OpenBSD. He is also involved in syspatch which handles security binary upgrades for OpenBSD.  

Tune in, as we talk about development, security, programming, OpenBSD and a lot more!





##  Topics that we cover:   





OpenBSD's community



opensource   



rcctl  



init systems  



classic BSD



background daemons in OpenBSD   



OpenBSD desktops in the wild   



companies running OpenBSD



writing shellcode



openup



binary patches in OpenBSD



How OpenBSD handle security issues



how security binary patches are carried out.   



syspatch 



porting software to OpenBSD  



Gnome on OpenBSD   



OpenBSDs future with Amazon AWS



sysmerge  



submitting feature requests to OpenBSD  



tmux 



advice for first-time OpenBSD users   





 





## External links:   

https://www.OpenBSD.org/errata.html 

https://bsdfrog.org/   

https://twitter.com/ajacoutot

https://OpenBSD.org   

https://gnome.org

https://www.OpenBSD.org/faq/ports/ports.html   

https://man.OpenBSD.org/syspatch

https://man.OpenBSD.org/sysmerge    

https://github.com/ajacoutot    

https://man.OpenBSD.org/rcctl