- Unsupervised Learning
- Posts
- Unsupervised Learning: Episode 37
Unsupervised Learning: Episode 37
InfoSec news
Feds paid over 1M to get into San Bernardino iPhone
Continued fallout from Panama papers
3.2 million servers vulnerable to JBoss attack which is being used in SamSam ransomware attacks
MIT launches internal bug bounty platform | https://threatpost.com/mit-launches-experimental-bug-bounty-program/117618/
NSA recommends out-of-band taps for logging | http://www.securityweek.com/out-band-taps-are-nsa-nightmare | doesn’t realize that people good enough to do this are often good enough to do other things as well?
New MIT static analysis scanner finds web flaws in like a minute? | https://threatpost.com/new-mit-scanner-finds-web-app-flaws-in-a-minute/117482/
9/11 commissioner urging release of report’s 28 secret pages; I’m guessing they’re about Saudi Arabia
Congress tells US spy chief to reveal how many Americans were caught by PRISM
China continuing to stop using western IT services in wake of Snowden fallout
SecureWorks has an IPO
Bug hunter hacks Facebook and finds evidence of someone already there | http://www.theregister.co.uk/2016/04/22/i_hacked_facebook_and_found_someone_had_beaten_me_to_it/
Personal data of 93 million Mexicans exposed on AWS | http://www.databreaches.net/personal-info-of-93-4-million-mexicans-exposed-on-amazon/
InfoSec articles
Building a home lab for becoming a malware hunter | Building a Home Lab to Become a Malware Hunter – A Beginner’s Guide
Forrester malware analysis report analysis | https://danielmiessler.com/blog/security-report-analysis-forrester-automated-malware-analysis-q2-2016/
ISIS Encryption | https://medium.com/@thegrugq/just-the-facts-isis-encryption-c70f258c0f7#.4bkee3x9h
Technology news and articles
Microsoft is killing off Xbox 360 production after 10 years
24 cool facts about IoT | http://blog.calysto.com/iot/24-cool-iot-facts-to-celebrate-internet-of-things-day
For a device to be labeled as IoT, according to The Internet of Things Global Standards (IoT-GSI) it must have seven design features: sensors, internet connectivity, processors, energy efficiency, cost effectiveness, quality and reliability, and security.
According to CB Insights, the top two most active investors in the IoT space are corporate: Intel Capital and Qualcomm Ventures.
Programmable Blockchains in Context | https://medium.com/@ConsenSys/programmable-blockchains-in-context-ethereum-s-future-cd8451eb421e#.dx0m66ic1
Site that tells you when to buy and when not to buy Apple stuff | http://buyersguide.macrumors.com/#Mac
Netflix has twice the subscribers of Comcast
Bitcasa pulls out of consumer cloud storage | Bitcasa pulls out of consumer cloud storage
In other news
US suicide rate jumps 24% from 1999 to 2014 | http://www.nytimes.com/2016/04/22/health/us-suicide-rate-surges-to-a-30-year-high.html?_r=0
Injection of a protein into mice cures Alzheimers in one week
Young people paying for college by being escorts and more | http://www.independent.co.uk/life-style/love-sex/student-sex-work-and-the-rise-of-sugar-babies-10394672.html
Exploring ideas
Ethereum as a Public Interaction Platform | https://danielmiessler.com/blog/ethereum-as-a-validated-interaction-platform/
Threat hunting is the new big trend in enterprise security
Real vs. Fake Work | http://bengarvey.com/2016/04/24/real-work/
InfoSec Tools
EyeWitness — Take screenshots of websites | https://github.com/ChrisTruncer/EyeWitness
Data bricks — Complete solution for data scientists and engineers | https://databricks.com
Machinae — Security Intelligence Collector | https://github.com/HurricaneLabs/machinae
Inveigh — PowerShell MiTM tool | https://github.com/Kevin-Robertson/Inveigh
Bettercap — MiTM framework | https://danielmiessler.com/study/bettercap/
Responder — Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication | https://github.com/SpiderLabs/Responder
Carbonator — automated Burp scope, spider, and scan from the command line | https://github.com/davevs/carbonator
ALTDNS — Finding permutations of subdomains | https://github.com/infosec-au/altdns
Gladius — Automated credentials from Responder | https://n0where.net/from-responder-to-credentials-gladius/
Projects
PASTA threat modeling | https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf
SecurityTools project to list all tools under each category? | https://github.com/danielmiessler/SecurityTools
Talks and papers
TROOPERS CON — Attacking and Protecting Big Data Environments | http://www.securitytube.net/video/15800?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityTube+%28SecurityTube.Net%29
– TROOPERSCON – RAPID RADIO REVERSING | http://www.securitytube.net/video/15798?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SecurityTube+%28SecurityTube.Net%29
Initiatives
Unsupervised Learning — Security, Tech, and AI in 10 minutes…
Get a weekly breakdown of what's happening in security and tech—and why it matters.
NRC CIP (North American Electric Reliability Corporation: Critical Infrastructure Protection) | http://www.nerc.com/pa/Stand/Pages/CIPStandards.aspx
Essays
Announcements
Presenting at BlackHat Arsenal in Vegas this year
Speaking at SOURCE Boston on the KARMA risk rating methodology
Writing a book!
Art and Inspiration
If you’re not reading, you’re dying
Summary and Recommendations
Don’t forget to read
Mix in some fiction with your non-fiction
Fin
Thank you for listening, see you next time
And if you like the show, please recommend it to your friends and share it, blog about it, and share it on social media
Thanks!
Notes
The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.
Please let me know what you think of the new show concept.
No related posts.