InfoSec news and articles

• NSA hacking tools supposedly leaked back in 2013

  • Could have just been a jump box, which rival groups commonly attack from each other
  • Snowden thinks Russia hacked the NSA and is announcing this as part of the DNC debate

• Flip Feng Shui attack

  • Change private keys of victim VM from attacker VM (SSH/GPG)

• Linux TCP flaw leaves 80% of Android phones open to spying

  • Encryption and VPNs are a solution

• Beware of videojacking

• Duo releases study that says phishing works so well because companies don’t update browsers and operating systems

• POS malware attack at Starwood, Marriott, Hyatt, and Intercontinental hotels

• NIST launches draft of Digital Authentication Guidelines

• Apple launches bug bounty program and did a talk on internal IOS security

Technology news and articles

• Apollo product raises a shield that commands unauthorized drones to turn around and go home
• Twitter is introducing a quality filter to clean up your timeline
• Facebook building its own Steam style gaming platform

Apple news and articles

• Tim Cook says AI and augmented reality are core technologies for Apple’s future
• Apple hiring lyrics curation team
• NASA launched AppleTV app that includes real-time view of the earth

Miscellaneous news and articles

• NASA launched AppleTV app that includes real-time view of the earth

Exploring ideas

• Red team blue team presentation with Ryan O’Horo at IOAsis

• Five attributes of a successful red team

  • Organizational independence
  • Defensive coordination
  • Continuous operation
  • Adversary emulation
  • Efficacy measurement

• Public cloud considered more secure than corporate data centers

  • It’s not about what COULD be more secure; it’s about what is

• Unsubscribe spear phishing

InfoSec tools

• DNmap: Distributed Nmap
• Serpico: Report Writing and Collaboration Tool
• Metapacket tool monitors outbound traffic for signs of malicious behavior

InfoSec projects

InfoSec papers

InfoSec reports

InfoSec talks

• Blackhat 2016 Videos: https://www.youtube.com/user/BlackHatOfficialYT

InfoSec initiatives

Announcements

• Close to finishing my book, like 95%
• Launched our Advisory Services practice at IOActive: the basic concept for the initial offering is measuring risk based on the adversary instead of compliance
• Writing a bunch of cool code that I should be able to tell you about soon

Summary and recommendations

• If people start throwing red team blue team terms around, be prepared to call them on it

Recommended content

• Web design in 4 minutes: http://jgthms.com/web-design-in-4-minutes/

Inspiration

Fin

• Ok, that’s it for this episode
• Thank you for listening
• If you like the show, please recommend it to your friends and share it, blog about it, share it on social media, and leave a review on iTunes
• See you next time

Show notes

• https://www.vusec.net/projects/flip-feng-shui/

Notes

1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.