Hacker Public Radio Hacker Public Radio

We get to visit New Orleans, and a bit of Louisiana, in this episode.
Of course, we only scratched the surface, but that is true of most
travel when you think about it. We did see a few interesting things
along the way, and started to realize that this trip is not just about
NASA sites, but also a lot of military history, which is also an
interest of mine.
Links:

https://flic.kr/s/aHBqjAvhRR
https://flic.kr/s/aHBqjAvoB6
https://www.flickr.com/photos/ahuka/52740199646/in/dateposted-public/
https://flic.kr/s/aHBqjAvp24
https://flic.kr/s/aHBqjAvpc9
https://flic.kr/s/aHBqjAviHF
https://www.palain.com/travel/rv-trip-2022-2023-southeast-us/new-orleans/

Holiday
Challenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge
Since some of the information you are about to hear is time specific,
I want to let you know that I am recording this near the end of November
in 2023.
If you missed the first episode, which introduces this series, you
can go back and listen to HPR3996
I have been using TryHackMe for several years, and I recommend it to
all of my students. It is a great environment where people can get hands
on experience with technology that relates to cyber security, all from
the comfort of their browser and free year-round.
The TryHackMe Advent of Cyber challenge is a free gamified
environment which focuses on penetration testing, security
operations/engineering, forensics/incident response, malware analysis,
machine learning, and more!
This year's challenge opens on December 1, 2023 (Which is the reason
why I am posting twice this week). Typically, the Advent of Cyber
challenge includes daily beginner-friendly exercises for people new to
cybersecurity. These can consist of walkthroughs, video tutorials, and
challenges. There are also prizes available based on random drawings and
on participant success.
Infosec personalities like John Hammond, Gerald Auger, InsiderPHD,
and InfoSec Pat are featured in this year's challenge.
You can play with last year's Advent of Cyber challenge by visiting
https://tryhackme.com/room/adventofcyber4. It outlines
the overall story and shows all of the tasks last year's participants
experienced, including both offensive and defensive topics like: log
analysis, OSINT, scanning, brute force attacks, email analysis,
CyberChef, blockchain smart contracts, malware analysis, memory
forensics, packet analysis, web application hacking, and more!
Everything can be done with a free account from within a browser.
If you want to learn more about cybersecurity, transition your career
into infosec, or just have fun playing with cyber challenges, you can
give it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas
Please note: I am not affiliated with TryHackMe in any way, other
than having been a paying member for many years. Students and others who
have participated in previous year's Advent of Cyber challenges have
told me how much they enjoyed it and learned from it. Even though I have
been an infosec practitioner for more years than I would like to admit,
I also have enjoyed taking part in this challenge.
If this is not for you, I will be sharing another option for a
holiday challenge in my next episode.

To improve the speed of my workflow, I wrote a bash script that uses
the open source programs programs gphoto2,
tesseract, grep and ImageMagick
to digitize my mom's 338 page book. Here is the link to the script:
https://github.com/deltaray/ocr-script

The Oh No! news.
Oh No! News is Good
News.

TAGS: Oh No, News, Threat analysis, InfoSec, Google
Dynamic Search Ads


Threat analysis;
your attack surface.

Source: Former
NHS secretary found guilty of illegally accessing medical
records


A former NHS employee has been found guilty and fined for illegally
accessing the medical records of over 150 people.

Loretta Alborghetti, from Redditch, worked as a medical secretary
within the Ophthalmology department at Worcestershire Acute Hospitals
NHS Trust when she illegally accessed the records.


Supporting Source: Open
Street Map link to Redditch Worcestershire.

Source: NetSupport
RAT Infections on the Rise. Targeting Government and Business
Sectors


While NetSupport Manager started off as a legitimate remote
administration tool for technical assistance and support, malicious
actors have misappropriated the tool to their own advantage, using it as
a beachhead for subsequent attacks.


Source: Beware:
Malicious Google Ads Trick WinSCP Users into Installing
Malware


The threat actors are believed to leverage Google's Dynamic Search
Ads (DSAs), which automatically generates ads based on a site's content
to serve the malicious ads that take the victims to the infected
site.


Source: Trojanized
PyCharm Software Version Delivered via Google Search Ads.


Victims who clicked on the ad were taken to a hacked web page with a
link to download the application, which turned out to install over a
dozen different pieces of malware instead.




InfoSec; the language
of security.

Source: Why
Defenders Should Embrace a Hacker Mindset




Additional Information.

What is a "Data
Breach"? A data breach is a security violation, in which sensitive,
protected or confidential data is copied, transmitted, viewed, stolen,
altered or used by an individual unauthorized to do so.

What is "Malware"?
Malware (a portmanteau for
malicious software) is any software intentionally designed to cause
disruption to a computer, server, client, or computer network, leak
private information, gain unauthorized access to information or systems,
deprive access to information, or which unknowingly interferes with the
user's computer security and privacy.

What is a "Payload"?
In the context of a computer virus or worm, the payload is the portion
of the ma

Holiday
Challenges Series - Ep 1 - Advent of Code
Since some of the information you are about to hear is time specific,
I want to let you know that I am recording this near the end of November
in 2023.
Whichever holidays you celebrate this time of year, life generally
gets busy and stressful.
It could be shopping
or cooking
or cleaning
or school activities
or buying, assembling, wrapping, and delivering gifts
or planning time with family
or dealing with visiting family
or scheduling time off from work
or managing extra work while others have scheduled time off
or a whole plethora of other things.
This time of year can be stressful.
A few years ago, I discovered a fun activity, which challenged my
mind and helped me focus and detach from the stress for a little while
each day, through the month of December. It helped me manage the stress
in an enjoyable way.
Since then, I have found and tried several other similar activities,
so I wanted to share a little about them with you for the next few
episodes so you can see what might work for you.
The first I would like to share is called the Advent of Code
Challenge (https://adventofcode.com/). In HPR episodes 2973 (https://hackerpublicradio.org/eps/hpr2973/index.html)
and 3744 (https://hackerpublicradio.org/eps/hpr3744/index.html),
Daniel Perrson shared some great details about this challenge. I
encourage you to go review his episodes.
But the TLDR (Or maybe the TLDL -- Too Long Didn't Listen?) for
Advent of Code is that it is a 25 day challenge which begins on December
1. Once you register at adventofcode.com, Each day, you will be
presented with a problem to solve and some sample data to use for
verification that your program works. You can choose to use any
programming language or application you desire produce the answer. Last
year, I used this to brush up on my Python skills. Others use Visual
Basic, C (and all its variants), Rust, Go, etc. I have seen people use
Cobol, Fortran, and Pascal, or even Microsoft Excel. It is really up to
you. You are then presented a dataset which is unique to your login, and
against which you run your code. When complete, you submit the answer
came up with on the adventofcode.com web site and they will tell you if
you are correct or not.
If you are competitive (And REALLY GOOD) there is a Global
Leaderboard. If you want to compete with a group of friends, you can
build your own leaderboard and invite others to take part with you.
There are tons of resources online, from youtube channels to reddit
(https://www.reddit.com/r/adventofcode/), to Discord (https://discord.gg/tXJh262)
So, if you are looking for a way to challenge your mind and detach
from holiday stress, Advent of Code may be something you might try.
If this is not your cup of tea, I will be sharing several other
options for holiday challenges in future episodes.

aNONradio: https://anonradio.net
TildeRadio: https://tilderadio.org
Volumio: https://volumio.com/
moOde Audio: https://moodeaudio.org/