Unsupervised Learning: Episode 41

August 18, 2016

[ Subscribe to the Podcast: iTunes | Android ]

InfoSec news and articles

  • NSA hacking tools supposedly leaked back in 2013

    • Could have just been a jump box, which rival groups commonly attack from each other

    • Snowden thinks Russia hacked the NSA and is announcing this as part of the DNC debate

  • Flip Feng Shui attack

    • Change private keys of victim VM from attacker VM (SSH/GPG)

  • Linux TCP flaw leaves 80% of Android phones open to spying

    • Encryption and VPNs are a solution

  • Beware of videojacking

  • Duo releases study that says phishing works so well because companies don’t update browsers and operating systems

  • POS malware attack at Starwood, Marriott, Hyatt, and Intercontinental hotels

  • NIST launches draft of Digital Authentication Guidelines

  • Apple launches bug bounty program and did a talk on internal IOS security

Technology news and articles

  • Apollo product raises a shield that commands unauthorized drones to turn around and go home

  • Twitter is introducing a quality filter to clean up your timeline

  • Facebook building its own Steam style gaming platform

Apple news and articles

  • Tim Cook says AI and augmented reality are core technologies for Apple’s future

  • Apple hiring lyrics curation team

  • NASA launched AppleTV app that includes real-time view of the earth

Miscellaneous news and articles

  • NASA launched AppleTV app that includes real-time view of the earth

Exploring ideas

  • Red team blue team presentation with Ryan O’Horo at IOAsis

  • Five attributes of a successful red team

    • Organizational independence

    • Defensive coordination

    • Continuous operation

    • Adversary emulation

    • Efficacy measurement

  • Public cloud considered more secure than corporate data centers

    • It’s not about what COULD be more secure; it’s about what is

  • Unsubscribe spear phishing

InfoSec tools

  • DNmap: Distributed Nmap

  • Serpico: Report Writing and Collaboration Tool

  • Metapacket tool monitors outbound traffic for signs of malicious behavior

InfoSec projects

    InfoSec papers

      InfoSec reports

        InfoSec talks

        • Blackhat 2016 Videos: https://www.youtube.com/user/BlackHatOfficialYT

        InfoSec initiatives

          Announcements

          • Close to finishing my book, like 95%

          • Launched our Advisory Services practice at IOActive: the basic concept for the initial offering is measuring risk based on the adversary instead of compliance

          • Writing a bunch of cool code that I should be able to tell you about soon

          Summary and recommendations

          • If people start throwing red team blue team terms around, be prepared to call them on it

          Recommended content

          • Web design in 4 minutes: http://jgthms.com/web-design-in-4-minutes/

          Inspiration

            Fin

            • Ok, that’s it for this episode

            • Thank you for listening

            • If you like the show, please recommend it to your friends and share it, blog about it, share it on social media, and leave a review on iTunes

            • See you next time

            Show notes

            • https://www.vusec.net/projects/flip-feng-shui/

            [ Subscribe to the Podcast: iTunes | Android ]

            Notes

            1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

            No related posts.