ashar

Go St*lk Yourself: Privacy Through OSINT w/ Mishaal Khan | 1-Hour

It's always scary to Google yourself and see what you find.

In this Anti-Cast, we dive into the eerie reality of personal information exposure on the internet. We'll look at some of the resources stalkers use to get information on their victims. The combination of home address, phone number, email, social media profiles, and even family relatives can be a gold mine for stalkers. Don't miss this opportunity to strengthen your online privacy from the lens of an OSINT expert. You'll learn the best strategies to get your personal information out of the internet and escape the perils of stalking, doxing, swatting, or account hijacking. Your digital safety is at stake - let's be prepared!

Webcast: New Wave of Ransomware Attacks: How did this happen?

This is a special joint webcast from the teams of Black Hills Information Security, Wild West Hackin’ Fest, and Active Countermeasures, presented by John Strand.

In this webcast, we cover the recent wave of attacks we are seeing, and we cover some of the history that got us to where we are.

Consider this to be part 2 of the previous webcast I did on the topic. Available now on YouTube: https://youtu.be/wKAQB4Yp-k4?t=1669

Yep, we are going to talk about management and how to change their attitude on security. Yes, we will be talking about compliance. Of course, we will be talking about some simple actions companies can take to be better prepared.

I think it is important for us to talk through the history and see how we got to where we are in the industry. We have done a lot of tests over the years. We have seen technical and political patterns in “hard” and “easy” targets. We will talk about those as well.

We may even talk about threat intelligence, just a little…

The Secure Developer Podcast - Generative AI, Security, And Predictions For 2024

In this engaging episode, hosts Simon Maple and Guy Podjarny delve into the transformative role of AI in software development and its implications for security practices. The discussion starts with a retrospective look at 2023, highlighting key trends and developments in the tech world. In particular, they discuss how generative AI is reshaping the landscape, altering the traditional roles of developers and necessitating a shift in security paradigms.

Simon and Guy explore AI-generated code challenges and opportunities, emphasizing the need for innovative security strategies to keep pace with this rapidly evolving technology. They dissect the various aspects of AI in development, from data security concerns to integrating AI tools in software creation. The conversation is rich with insights on how companies adapt to these changes, with real-world examples illustrating the growing reliance on AI in the tech industry.

ShmooCon 2023 Videos by Shmoo Group, various presenters

The videos in this collection are from ShmooCon 2023, which occurred on 20 - 22 January 2023, at the Washington Hilton Hotel. For more information about ShmooCon please visit https://www.shmoocon.org.

Please note that each video listed with [** TALK NOT RECORDED** ] next to it was (you guessed it) not recorded - at the request of the presenter.

Friday, January 20, 2023:

• Shmoo Group - Opening Remarks, Rumblings, Ruminations, and Rants
• Aeva Black - Open Source Software — Y U No Secure?
• Paul Syverson - How to Use Sauteed Onion to Get to the Taste of Website You Want
• Nicole Schwartz - Ya Got Trouble (And SLSA May Help)
• Libby Liu - Big Tech Whistleblowers: Transparency, Accountability, and the Power of the Press
• Tom Howard - Social Engineering from the Detective Perspective
• Harley Geiger - Hacker Law for Hackers

Firetalks:

• Firetalks Opening
• Bryson Bort and Tarah Wheeler - AWe’re Going To Hell in a Handbasket (Together)
• mubix “Rob” Fuller - Building a Successful Internal Red Team
• Amit Serper - A 15-minute Crash Course to Building Your Own IoT Hacking Lab at Home
• Brett Thorson - Incident Dress Rehearsal — Creating and Executing Your Own Table Top Exercise
• Tabatha DiDomenico and Tarah Wheeler - A Celebration of (End of) Life
• Nick Ascoli and Aiden Raney - Catching Some Phisherman [** TALK NOT RECORDED** ]
• Jake Williams and Ray [Redacted] - “No! No! I can’t go to bed! Someone is wrong about Infosec!”
• Firetalks Closing

Saturday, January 21, 2023:

• Jason Baird - Mr. Radar: Layer 1 Recon
• Brandon DeVault - Les Miserable Persistence: Hunting Through Scheduled Tasks
• Krassimir Tzvetanov - Media Effects Used in Influence Operations [** TALK NOT RECORDED** ]
• Travis Goodspeed - A Mask ROM Tool in Qt6 and C++
• Jay Beale - Escalating Attack and Defense on Cloud-based Kubernetes — The Difference Between a Container and a Pod is a Pod can Begin an Adventure!
• Kurt Opsahl - The UN Cybercrime Treaty: The One Treaty to Rule All the Hacking Laws
• Tracy Mosley - Dit Dit-Dah-Dit: The Evolution of Cellular Networks
• Jacob Torrey - Putting on a Big Show: Defending by Attacking Attacker Incentives
• Brian Butterly - An Insight into Railway Security
• Adnan Khan, Mason Davis, and Matt Jackoski - Phantom of the Pipeline — Abusing Self-Hosted CI/CD Runners
• Kaitlyn DeValk - Riverside: A Network Security Visualization Tool
• Christopher Forte - The Song Must NOT Go On
• Falcon Darkstar Momot - The Un-parsing Manifesto: Reconnecting our Corpus Callosum
• Christian Paquin - US Covid19 Immunization Credentials + Privacy-friendly QR Codes for Identity
• Carson Zimmerman - How to Save Your SOC from Stagnation
• nobletrout - How I Scanned the Internet for NSA Compromised Firewalls [** TALK NOT RECORDED** ]
• Mao Sui - Catching Chinese Actors — A Game of Cat and Mouse [** TALK NOT RECORDED** ]
• Andrew Logan - The OSINT Game that Reveals Hidden Helicopters of DC
• Christopher Hewitt - Bringing the Curtain Down on Flash Protection in Obscure Microcontrollers through Fault Injection
• Michael Rudden - Parkalot — Using Parking Apps Like Traditional Meters Using License Plate Validation Loopholes
• Jesika McEvoy - You and Me (But Mostly Me)
• Dylan Hoffmann - No, Really, The Gerasimov Doctrine Doesn’t Exist [** TALK NOT RECORDED** ]
• Xeno Kovah - OpenSecurityTraining2: Free Deep-Technical Training
• Space Rogue (C. Thomas) - The Perfect Resume For Entry-Level Infosec
• Amanda Draeger - Textiles and Technology
• Jonathan Fischer - From the Keyboards, Through the Walls, Got Implant Shells for Y’all
• Gabriel Landau and Mark Mager - Hide Your Valuables — Mitigating Physical Credential Dumping Attacks
• Madison Oliver and Jonathan Leitschuh - Congratulations! You Found a Security Vulnerability in an Open Source Project! Now What?
• The Shmoo Group - 0wn the Con
• Joe Oney - I Spy a Spy: Degrading Advanced Phishing Campaigns Against Your Organization and Clients
• Omer Tsarfati - Inglourious Drivers — The Revenge of the Peripheral Devices

Sunday, January 22, 2023:

• Jan Nunez and Jay Smith - Mainframe Hacking for CICS and Giggles
• Scott Young - REveal: Unmasking Malware’s True Identity
• Patricia Bailey - Telegram, Translations, and Twitter: How a Covert Russian Disinformation Effort Is Bypassing Censorship and Targeting Global Audiences
• evm, Joshua Bailey, Robert Barr, Amanda Lee, and Jonah Schimpf - It Must Be Nice to Have Washington on Your Side: Unlinking Binaries on the DARPA Assured Micropatching Program
• Gal Zror - Hacking ISPs with PPPoE
• Kelly Ohlert - Under Pressure: Balancing Privacy Breach Notification with Incident Response
• Kasimir Schulz - Escaping the Tar Pit and Securing the Supply Chain
• Paul Asadoorian - The UEFI Threat — Or How I Can “Permanently” Brick Your Computer
• Jonathan Fuller - Large-Scale Infiltration and Monitoring of C&C Servers
• Mark Manning, Tina Velez, SPAM, and Bruce Potter (moderator) - Closing Plenary: OK, So What IS Working?
• The Shmoo Group - Closing Remarks End of Con — See You Next Year!!

CyberWire Daily Podcast - A credential dump hits the online underground

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us.

BSidesDFW 2023 Schedule

BSidesDFW 2023 Playlist

BSides Berlin 2023 schedule

BSides Berlin 2023 playlist

CyberWire Daily Podcast - A pivotal global menace.

The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine’s Blackhit hits Russia’s M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is ​​Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench.

Join G Mark Hardy in this episode of the CISO Tradecraft podcast where he details how cyber protects revenue. He clarifies how cybersecurity is seen as a cost center by most organizations, but stresses how it can become a protector of business profits. Concepts like Operational Resilience Framework (ORF) Version 2 by the Global Resilience Federation are discussed in depth. Hardy also outlines seven steps from ORF to operational resilience including implementing industry-recognized frameworks, understanding the organization's role in the ecosystem, defining viable service levels, and more.

Link to the ORF - https://www.grf.org/orf

Transcripts - https://docs.google.com/document/d/1ckYj-UKDa-wlOVbalWvXOdEO4OYgjO0i

00:12 Introduction 01:47 Introduction to Operational Resilience Framework 02:38 Understanding Resilience and Antifragility 03:32 Common Cybersecurity Attacks and How to Anticipate Them 06:22 Building Resilience in Cybersecurity 09:43 Operational Resilience Framework: Steps and Principles 17:50 Preserving Datasets and Implementing Recovery Processes 20:18 Evaluating and Testing Your Disaster Recovery Plan 21:11 Recap of Operational Resilience Framework Steps 22:04 CISO Tradecraft Services and Closing Remarks

DARKNET DIARIES EP 141: THE PIG BUTCHER

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world.

FIRSTCON 23 Playlist

FIRSTCON 23 Program

Elbsides light 2023 Program

Elbsides light 2023 playlist

The computer security community from Hamburg and North Germany will meet on November 17th, 2023 at Haus des Sports, Schäferkampsallee 1 in Hamburg, near U-Schlump station.