The Shellsharks Podcast Shellsharks (@shellsharks)

Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!

 

Show Notes

Main Show

Greg Edwards
CryptoStopper
WannaCry ransomware
Jigsaw ransomware
Colonial Pipeline hack
LambdaLocker
Solarwinds Supply Chain Compromise
18 CIS Critical Security Controls
Ransomware as a Service (RaaS)
Ransomware Payments via Crypto
OST Debate
Shadow Brokers

 

Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security’s challenging OSWE certification, discuss where we get our inspiration for blogging and more!

 

Show Notes

Main Show

tpetersonkth.github.io
Offensive Security - OSWE
DEF CON YouTube channel
HackTheBox
Offensive Security - OSCP
Thomas's OSWE Review 2022
Shellsharks Desk setup
eLearnSecurity - PTP
IKEA
OG Shellsharks Look
Shellsharks - Captains Log

Postshow

Swedish Fika

 

Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!

!! Explicit Language Alert !!

 

Show Notes

Preshow

Check out my monitor setup via my Desk Setup 2021 post
Check out the apps I typically use via my Mac Tools post
Hone your coding skills with Leetcode
Elite "PewPew" map courtesy of FireEye

Main Show

Ukraine Humanitarian Fund
Google (allegedly) un-blurring Russian satellite imagery
Tracking Russian soldiers using stolen iPhones
Destructive Wipers
Named Vulnerabilities List
CrowdStrike APT Adversary Universe
Mandiant APT Naming
Dragos Threat Activity Group Names
What is a Chollima?
Offensive Security Courses
OffSec WEB-300/AWAE/OSWE
Certifications are not like Pokemon Cards
Shellsharks Podcast on Burnout
My Reddit AMA
"Thought Leader"
The CISSP
DoD 8570
Metasploit Default Credential CVE

Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!


Show Notes


Main Show


Little Man In My Head: https://littlemaninmyhead.wordpress.com

Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html

NaCl: Networking and Cryptography library: https://nacl.cr.yp.to

Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto

Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html

Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis

Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf

Ron Rivest: https://people.csail.mit.edu/rivest/

Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography

AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/

Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm

Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

DevSecOps: Just one definition - https://www.devsecops.org

OWASP: https://owasp.org

CAPTCHA: https://support.google.com/a/answer/1217728?hl=en

reCAPTCHA: https://www.google.com/recaptcha/about/

Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/

OWASP Top 10: https://owasp.org/www-project-top-ten/

OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/

SAST: https://www.synopsys.com/glossary/what-is-sast.html

Microservices: https://microservices.io

DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/

OWASP Zap: https://owasp.org/www-project-zap/

SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html

Inception: https://www.imdb.com/title/tt1375666/

Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/

Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/

NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html

TruffleHog: https://trufflesecurity.com/trufflehog

Log4Shell: https://log4shell.com/

CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability

Heartbleed: https://heartbleed.com

Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218

ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143

WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf

Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor

BurpSuite: https://portswigger.net/burp


    Postshow


Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/

Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.


Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!


 


Show Notes


    Preshow


Simplenote: https://simplenote.com

Notion: https://www.notion.so

Obsidian: https://obsidian.md

Visual Studio Code: https://code.visualstudio.com

Notepad++: https://notepad-plus-plus.org/downloads/

GitHub Pages: https://pages.github.com

Atom: https://atom.io


Main Show


Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20

Infosec Blogs: https://shellsharks.com/infosec-blogs

An Ode to RSS: https://shellsharks.com/an-ode-to-rss

Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334

Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/

OWASP Top 10: https://owasp.org/www-project-top-ten/

OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/

OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf

OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf

OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf

OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure

That’s some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/

ChaosDB: https://chaosdb.wiz.io

Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!


Show Notes


    Preshow


Audio Hijack: https://rogueamoeba.com/audiohijack/

Rogue Amoeba: https://rogueamoeba.com

OmniFocus: https://www.omnigroup.com/omnifocus/

Todoist: https://todoist.com/

Notion: https://www.notion.so

Fantastical: https://flexibits.com/fantastical

Getting Things GNOME!: https://wiki.gnome.org/Apps/GTG


Main Show


Crader Security: https://cradersecurity.com

Why I Blog. You Should Too!: https://shellsharks.com/you-should-blog#title

WGU: https://www.wgu.edu

Shellsharks Captain’s Log: https://shellsharks.com/captains-log

MIT Open Courseware: https://ocw.mit.edu/index.htm

Raspberry Pi: https://ocw.mit.edu/index.htm

AWS Free Tier: https://aws.amazon.com/free/

Pluralsight: https://www.pluralsight.com

GitHub Developer Pack: https://docs.github.com/en

Google Cloud Free Tier: https://cloud.google.com/free

Potent Wisdom: https://potentwisdom.com - Coming Soon!

The Linux Smack: https://linuxsmack.com - Coming Soon!

The Privacy Smack: https://privacysmack.com - Coming Soon!

TryHackMe: https://tryhackme.com


    Postshow


Shellsharks Inbox Zero - https://shellsharks.com/inbox-zero#title

Digital Minimalism - https://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515