
11 episodes

The Shellsharks Podcast Shellsharks (@shellsharks)
-
- Technology
-
-
5.0 • 7 Ratings
-
The Shellsharks Podcast - A show about infosec, technology and life.
-
Ransomware as a Podcast (RaaP)
Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!
Show Notes
Main Show
Greg Edwards
CryptoStopper
WannaCry ransomware
Jigsaw ransomware
Colonial Pipeline hack
LambdaLocker
Solarwinds Supply Chain Compromise
18 CIS Critical Security Controls
Ransomware as a Service (RaaS)
Ransomware Payments via Crypto
OST Debate
Shadow Brokers
-
Take a Fika
Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security’s challenging OSWE certification, discuss where we get our inspiration for blogging and more!
Show Notes
Main Show
tpetersonkth.github.io
Offensive Security - OSWE
DEF CON YouTube channel
HackTheBox
Offensive Security - OSCP
Thomas's OSWE Review 2022
Shellsharks Desk setup
eLearnSecurity - PTP
IKEA
OG Shellsharks Look
Shellsharks - Captains Log
Postshow
Swedish Fika
-
Suburban Turtle
Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!
!! Explicit Language Alert !!
Show Notes
Preshow
Check out my monitor setup via my Desk Setup 2021 post
Check out the apps I typically use via my Mac Tools post
Hone your coding skills with Leetcode
Elite "PewPew" map courtesy of FireEye
Main Show
Ukraine Humanitarian Fund
Google (allegedly) un-blurring Russian satellite imagery
Tracking Russian soldiers using stolen iPhones
Destructive Wipers
Named Vulnerabilities List
CrowdStrike APT Adversary Universe
Mandiant APT Naming
Dragos Threat Activity Group Names
What is a Chollima?
Offensive Security Courses
OffSec WEB-300/AWAE/OSWE
Certifications are not like Pokemon Cards
Shellsharks Podcast on Burnout
My Reddit AMA
"Thought Leader"
The CISSP
DoD 8570
Metasploit Default Credential CVE -
Security Friendliness Engineering
Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!
Show Notes
Main Show
Little Man In My Head: https://littlemaninmyhead.wordpress.com
Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
NaCl: Networking and Cryptography library: https://nacl.cr.yp.to
Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto
Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html
Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis
Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
Ron Rivest: https://people.csail.mit.edu/rivest/
Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography
AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/
Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm
Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
DevSecOps: Just one definition - https://www.devsecops.org
OWASP: https://owasp.org
CAPTCHA: https://support.google.com/a/answer/1217728?hl=en
reCAPTCHA: https://www.google.com/recaptcha/about/
Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/
OWASP Top 10: https://owasp.org/www-project-top-ten/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
SAST: https://www.synopsys.com/glossary/what-is-sast.html
Microservices: https://microservices.io
DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
OWASP Zap: https://owasp.org/www-project-zap/
SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html
Inception: https://www.imdb.com/title/tt1375666/
Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/
Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/
NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
TruffleHog: https://trufflesecurity.com/trufflehog
Log4Shell: https://log4shell.com/
CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Heartbleed: https://heartbleed.com
Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf
Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
BurpSuite: https://portswigger.net/burp
Postshow
Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/ -
Analyzing the OWASP Top 10 2021
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.
Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!
Show Notes
Preshow
Simplenote: https://simplenote.com
Notion: https://www.notion.so
Obsidian: https://obsidian.md
Visual Studio Code: https://code.visualstudio.com
Notepad++: https://notepad-plus-plus.org/downloads/
GitHub Pages: https://pages.github.com
Atom: https://atom.io
Main Show
Funny OWASP Top 10 2021 Tweet - https://twitter.com/CubicleApril/status/1437531584119386116?s=20
Infosec Blogs: https://shellsharks.com/infosec-blogs
An Ode to RSS: https://shellsharks.com/an-ode-to-rss
Shortcuts: https://apps.apple.com/us/app/shortcuts/id915249334
Netsparker Article on OWASP Top 10 2021: https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/
OWASP Top 10: https://owasp.org/www-project-top-ten/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
OWASP Top 10 2010: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdf
OWASP Top 10 2013: https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdf
OWASP Top 10 2017: https://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdf
OMIGOD: https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
That’s some Galen Eros level shit: https://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/
ChaosDB: https://chaosdb.wiz.io -
Blogging & WGU
Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!
Show Notes
Preshow
Audio Hijack: https://rogueamoeba.com/audiohijack/
Rogue Amoeba: https://rogueamoeba.com
OmniFocus: https://www.omnigroup.com/omnifocus/
Todoist: https://todoist.com/
Notion: https://www.notion.so
Fantastical: https://flexibits.com/fantastical
Getting Things GNOME!: https://wiki.gnome.org/Apps/GTG
Main Show
Crader Security: https://cradersecurity.com
Why I Blog. You Should Too!: https://shellsharks.com/you-should-blog#title
WGU: https://www.wgu.edu
Shellsharks Captain’s Log: https://shellsharks.com/captains-log
MIT Open Courseware: https://ocw.mit.edu/index.htm
Raspberry Pi: https://ocw.mit.edu/index.htm
AWS Free Tier: https://aws.amazon.com/free/
Pluralsight: https://www.pluralsight.com
GitHub Developer Pack: https://docs.github.com/en
Google Cloud Free Tier: https://cloud.google.com/free
Potent Wisdom: https://potentwisdom.com - Coming Soon!
The Linux Smack: https://linuxsmack.com - Coming Soon!
The Privacy Smack: https://privacysmack.com - Coming Soon!
TryHackMe: https://tryhackme.com
Postshow
Shellsharks Inbox Zero - https://shellsharks.com/inbox-zero#title
Digital Minimalism - https://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515
Customer Reviews
Excellent Show!
Great content! Engaging Conversations! Must listen!
Great show!
👍⭐️⭐️⭐️⭐️⭐️
Great show!
It covers a variety of topics, so there’s always something new to listen to and learn about :)