11 episodes

The Shellsharks Podcast - A show about infosec, technology and life.

The Shellsharks Podcast Shellsharks (@shellsharks)

    • Technology
    • 5.0 • 7 Ratings

The Shellsharks Podcast - A show about infosec, technology and life.

    Ransomware as a Podcast (RaaP)

    Ransomware as a Podcast (RaaP)

    Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!

     

    Show Notes

    Main Show

    Greg Edwards
    CryptoStopper
    WannaCry ransomware
    Jigsaw ransomware
    Colonial Pipeline hack
    LambdaLocker
    Solarwinds Supply Chain Compromise
    18 CIS Critical Security Controls
    Ransomware as a Service (RaaS)
    Ransomware Payments via Crypto
    OST Debate
    Shadow Brokers

     

    • 1 hr 3 min
    Take a Fika

    Take a Fika

    Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security’s challenging OSWE certification, discuss where we get our inspiration for blogging and more!

     

    Show Notes

    Main Show

    tpetersonkth.github.io
    Offensive Security - OSWE
    DEF CON YouTube channel
    HackTheBox
    Offensive Security - OSCP
    Thomas's OSWE Review 2022
    Shellsharks Desk setup
    eLearnSecurity - PTP
    IKEA
    OG Shellsharks Look
    Shellsharks - Captains Log

    Postshow

    Swedish Fika

     

    • 1 hr 18 min
    Suburban Turtle

    Suburban Turtle

    Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!

    !! Explicit Language Alert !!

     

    Show Notes

    Preshow

    Check out my monitor setup via my Desk Setup 2021 post
    Check out the apps I typically use via my Mac Tools post
    Hone your coding skills with Leetcode
    Elite "PewPew" map courtesy of FireEye

    Main Show

    Ukraine Humanitarian Fund
    Google (allegedly) un-blurring Russian satellite imagery
    Tracking Russian soldiers using stolen iPhones
    Destructive Wipers
    Named Vulnerabilities List
    CrowdStrike APT Adversary Universe
    Mandiant APT Naming
    Dragos Threat Activity Group Names
    What is a Chollima?
    Offensive Security Courses
    OffSec WEB-300/AWAE/OSWE
    Certifications are not like Pokemon Cards
    Shellsharks Podcast on Burnout
    My Reddit AMA
    "Thought Leader"
    The CISSP
    DoD 8570
    Metasploit Default Credential CVE

    • 1 hr 3 min
    Security Friendliness Engineering

    Security Friendliness Engineering

    Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!


    Show Notes


    Main Show


    Little Man In My Head: https://littlemaninmyhead.wordpress.com

    Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html

    NaCl: Networking and Cryptography library: https://nacl.cr.yp.to

    Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto

    Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html

    Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis

    Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf

    Ron Rivest: https://people.csail.mit.edu/rivest/

    Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography

    AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/

    Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm

    Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

    DevSecOps: Just one definition - https://www.devsecops.org

    OWASP: https://owasp.org

    CAPTCHA: https://support.google.com/a/answer/1217728?hl=en

    reCAPTCHA: https://www.google.com/recaptcha/about/

    Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/

    OWASP Top 10: https://owasp.org/www-project-top-ten/

    OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/

    SAST: https://www.synopsys.com/glossary/what-is-sast.html

    Microservices: https://microservices.io

    DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/

    OWASP Zap: https://owasp.org/www-project-zap/

    SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html

    Inception: https://www.imdb.com/title/tt1375666/

    Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/

    Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/

    NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html

    TruffleHog: https://trufflesecurity.com/trufflehog

    Log4Shell: https://log4shell.com/

    CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability

    Heartbleed: https://heartbleed.com

    Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271

    The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218

    ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143

    WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf

    Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor

    BurpSuite: https://portswigger.net/burp


        Postshow


    Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/

    • 1 hr 12 min
    Analyzing the OWASP Top 10 2021

    Analyzing the OWASP Top 10 2021

    Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.


    Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!


     


    Show Notes


        Preshow


    Simplenote: https://simplenote.com

    Notion: https://www.notion.so

    Obsidian: https://obsidian.md

    Visual Studio Code: https://code.visualstudio.com

    Notepad++: https://notepad-plus-plus.org/downloads/

    GitHub Pages: https://pages.github.com

    Atom: https://atom.io


    Main Show


    Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20

    Infosec Blogs: https://shellsharks.com/infosec-blogs

    An Ode to RSS: https://shellsharks.com/an-ode-to-rss

    Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334

    Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/

    OWASP Top 10: https://owasp.org/www-project-top-ten/

    OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/

    OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf

    OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf

    OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf

    OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure

    That’s some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/

    ChaosDB: https://chaosdb.wiz.io

    • 1 hr 20 min
    Blogging & WGU

    Blogging & WGU

    Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!


    Show Notes


        Preshow


    Audio Hijack: https://rogueamoeba.com/audiohijack/

    Rogue Amoeba: https://rogueamoeba.com

    OmniFocus: https://www.omnigroup.com/omnifocus/

    Todoist: https://todoist.com/

    Notion: https://www.notion.so

    Fantastical: https://flexibits.com/fantastical

    Getting Things GNOME!: https://wiki.gnome.org/Apps/GTG


    Main Show


    Crader Security: https://cradersecurity.com

    Why I Blog. You Should Too!: https://shellsharks.com/you-should-blog#title

    WGU: https://www.wgu.edu

    Shellsharks Captain’s Log: https://shellsharks.com/captains-log

    MIT Open Courseware: https://ocw.mit.edu/index.htm

    Raspberry Pi: https://ocw.mit.edu/index.htm

    AWS Free Tier: https://aws.amazon.com/free/

    Pluralsight: https://www.pluralsight.com

    GitHub Developer Pack: https://docs.github.com/en

    Google Cloud Free Tier: https://cloud.google.com/free

    Potent Wisdom: https://potentwisdom.com - Coming Soon!

    The Linux Smack: https://linuxsmack.com - Coming Soon!

    The Privacy Smack: https://privacysmack.com - Coming Soon!

    TryHackMe: https://tryhackme.com


        Postshow


    Shellsharks Inbox Zero - https://shellsharks.com/inbox-zero#title

    Digital Minimalism - https://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515

    • 55 min

Customer Reviews

5.0 out of 5
7 Ratings

7 Ratings

ErmaTheLurker ,

Excellent Show!

Great content! Engaging Conversations! Must listen!

radioestes ,

Great show!

👍⭐️⭐️⭐️⭐️⭐️

malloryck ,

Great show!

It covers a variety of topics, so there’s always something new to listen to and learn about :)

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
PJ Vogt
Gimlet