Episode 227 - Door 02: Marketing department or selection bias?
Play • 4 min

Josh and Kurt talk about cybersecurity statistics and the value of the data we have.

Cyber Work
Cyber Work
Kubernetes: Vulnerabilities, efficiency and cloud security
Learn all about Kubernetes, its possible misconfigurations and vulnerabilities, and how it applies to cloud security on today’s episode, featuring Michael Foster, a Cloud Native Advocate at StackRox. Michael discusses intrinsic Kubernetes security issues compared with those that come from improper use, the work of a Cloud Security Advocate, his time in the Chicago Cubs and more. 0:00 Intro  2:03 Getting started in tech 4:09 From Cubs to security 8:10 What is Kubernetes? 10:45 Kubernetes issues & CNCF roadmap 14:50 Types of vulnerabilities 19:10 Kubernetes checklist and wishlist 23:30 Role and duties at StackRox 25:30 Cloud security skills & careers 31:30 Future of Kubernetes 33:28 What is StackRox? 35:35 Outro We’re also excited to share the new hands-on Cyber Work training series, Cyber Work Applied. Each week on Cyber Work Applied, expert Infosec instructors teach a new cybersecurity skill and show you how that skill applies to real-world scenarios. Get demos of different cyberattacks, learn how to use common cybersecurity tools, explore how major breaches occurred and more. Check out the link below to start learning, for free! – Learn cybersecurity with our FREE Cyber Work Applied training series: https://www.infosecinstitute.com/learn/  – View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast Michael Foster is a passionate tech enthusiast and open-source advocate with a multidisciplinary background. As a Cloud Native Advocate at StackRox, Michael understands the importance of building an inclusive community. Michael embraces all forms of automation, focusing on Kubernetes security, DevOps, and infrastructure as code. He is continually working to bridge the gap between tech and business and focus on sustainable solutions. *About Infosec* Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.
36 min
The Social-Engineer Podcast
The Social-Engineer Podcast
Social-Engineer, LLC
Ep. 137 – Human Hacking With Chris Hadnagy
In this special episode, Chris Hadnagy joins Maxie Reynolds to talk about the amazing stories and useful lessons contained in Chris’s new book: “Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You”. Listen as Chris delves into the process of making “Human Hacking” and shares the awesome story behind its inception. Maxie and Chris also discuss the importance of empathy especially when it comes to hacking humans. Chris a global security expert and master hacker. He is the founder and CEO of Social-Engineer, LLC, the creator of the popular Social Engineer Podcast, website, and newsletter, and designed “Advanced Practical Social Engineering,” the first hands-on social engineering training course and certification for law enforcement, military, and private sector professionals. 00:09 – Introduction to Maxie Reynolds 02:13 – Introduction to Christopher Hadnagy’s brand-new book: “Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You” 02:51 – Human-hacking is a skill that can be used in everyday life by everyday people 04:19 – What it means to “Leave Them Better Off for Having Met You” 05:50 – “The martial art of the mind” and how a malicious person could use it for harm 07:39 – Empathy and why it is so important when hacking humans 09:21 – Showing empathy while amygdala hijacked 11:40 – Empathy is more than just putting yourself in someone else’s shoes 14:15 – Empathy is often hierarchical 16:33 – The power of “I’m sorry” 18:02 – Why understanding the meaning behind someone’s actions is so important 21:48 – Accuracy of the stories told in the book 24:15 – The process of co-authoring the book with Seth Schulman 26:43 – The amazing story of how the book came to be 31:16 – How to fight the isolation and social awkwardness brought by technology and, more recently, COVID-19. 34:46 – Giving your feedback on the book 36:20 – A distillation of the “Advanced Practical Social Engineering” course, made applicable to everyone 40:50 – Socially engineering the world’s best rock band 43:51 - “Quick Fire Questions”: 44:04 – Chris's favorite story in the book 45:04 – Is there a stage in child development where less empathy is shown? 46:10 – Would the new book have helped teenage Chris? 48:01 – Is it as nicer to feel empathy yourself or receive it from someone else? 49:49 – Balance is required when teaching empathy. 51:19 – How we can all better our communities by learning to “Win Friends, Influence People, and Leave Them Better Off for Having Met You” 53:35 – Chris's book recommendations Without Conscience: The Disturbing World of the Psychopaths Among Us Antifragile: Things That Gain from Disorder The Dictionary of Body Language: A Field Guide to Human Behavior 54:56 – Outro Human Hacking Book Website Human Hacking Book Amazon Maxie on Twitter Chris on Twitter Social-Engineer on Twitter SEVillage: The Human Hacking Conference Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch
58 min
7 Minute Security
7 Minute Security
Brian Johnson
7MS #450: DIY Pentest Dropbox Tips - part 4
Hey friends! We're continuing our series on pentest dropbox building - specifically playing off last week's episode where we started talking about automating the OS builds that go on our dropboxes. Today we'll zoom in a little closer and talk about some of the specific scripting we do to get a Windows 2019 Active Directory Domain Controller installed and updated so that it's ready to electronically punch in the face with some of your mad pentesting skills! Specifically, we talk about these awesome commands: tzutil /s "Central Standard Time" - this is handy to set the time zone of your server build powercfg.exe -change -standby-timeout-ac 0 will stop your VM from falling asleep Invoke-WebRequest "https://somesite/somefile.file" -OutFile "c:\some\path\somefile.file" is awesome for quickly downloading files you need. Couple it with Expand-Archive "C:\some\path\some.zip" "c:\path\to\where\you\want\to\extract\the\zip" to make auto-provisioning your toolkit even faster! Don't like it that Server Manager loves to rear its dumb head upon every login? Kill the task for it with Get-ScheduledTask -TaskName ServerManager | Disable-ScheduledTask -Verbose. Byeeeeee!!!! I love Chrome more than I love IE/Edge, so I auto install it with: $Path = $env:TEMP; $Installer = "chrome_installer.exe"; Invoke-WebRequest "http://dl.google.com/chrome/install/375.126/chrome_installer.exe" -OutFile $Path\$Installer; Start-Process -FilePath $Path\$Installer -Args "/silent /install" -Verb RunAs -Wait; Remove-Item $Path\$Installer Now get all the Windows updates! Install-PackageProvider -name nuget -force Install-Module PSWindowsUpdate -force Import-Module PSWindowsUpdate Get-WindowsUpdate Install-WindowsUpdate -AcceptAll -IgnoreReboot Then rename your machine: Write-Host "Picking a new name for this machine...you'll need to provide your admin pw to do so" Rename-Computer -LocalCredential administrator -PassThru Write-Host "New name accepted!" When you're ready to install Active Directory, you can grab the RSAT tools: Write-Host "Lets install the RSAT tooleeeage!" add-windowsfeature -name rsat-adds And then the AD domain services themselves: Write-Host "Now lets install the AD domain services!" add-windowsfeature ad-domain-services Then install the new forest: install-addsforest -domainname your.domain -installdns -DomainNetbiosName yourdomain
56 min
Allan Jude
385: Wireguard VPN mesh
Description: History of FreeBSD: Early Days of FreeBSD, mesh VPN using OpenBSD and WireGuard, FreeBSD Foundation Sponsors LLDB Improvements, Host your Cryptpad web office suite with OpenBSD, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) Headlines History of FreeBSD - Part 3: Early Days of FreeBSD (https://klarasystems.com/articles/history-of-freebsd-part-3-early-days-of-freebsd/?utm_source=bsdnow) In this third part of our series on the history of FreeBSD, we start tracing the early days of FreeBSD and the events that would eventually shape the project and the future of open source software. A mesh VPN using OpenBSD and WireGuard (https://www.tumfatig.net/20201202/a-mesh-vpn-using-openbsd-and-wireguard/?utm_source=bsdnow) WireGuard is a new coming to OpenBSD 6.8 and it looks like a simple and efficient way to connect computers. I own a few VPS (hello Vultr, hello OpenBSD.amsterdam) that tend to be connected through filtered public services and/or SSH tunnels. And that’s neither efficient nor easy to manage. Here comes the wg(4) era where all those peers will communicate with a bit more privacy and ease of management. News Roundup Foundation Sponsors FreeBSD LLDB Improvements (https://freebsdfoundation.org/blog/guest-blog-foundation-sponsors-freebsd-lldb-improvements/?utm_source=bsdnow) With FreeBSD Foundation grant, Moritz Systems improved LLDB support for FreeBSD The LLDB project builds on libraries provided by LLVM and Clang to provide a great modern debugger. It uses the Clang ASTs and the expression parser, LLVM JIT, LLVM disassembler, etc so that it provides an experience that “just works”. It is also blazing fast and more permissively licensed than GDB, the GNU Debugger. LLDB is the default debugger in Xcode on macOS and supports debugging C, Objective-C, and C++ on the desktop and iOS devices and the simulator. Host your Cryptpad web office suite with OpenBSD (https://dataswamp.org/~solene/2020-12-14-cryptpad-openbsd.html) In this article I will explain how to deploy your own Cryptpad instance with OpenBSD. Cryptpad is a web office suite featuring easy real time collaboration on documents. Cryptpad is written in JavaScript and the daemon acts as a web server. Beastie Bits OPNsense 20.7.7 Released (https://opnsense.org/opnsense-20-7-7-released/?utm_source=bsdnow) Introducing OpenZFS 2.0 Webinar - Jan 20th @ noon Eastern / 17:00 UTC. (https://klarasystems.com/learning/webinars/webinar-introducing-openzfs-2-0/?utm_source=bsdnow) BSD In Die Hard (https://www.reddit.com/r/BSD/comments/kk3c6y/merry_xmas/) Managing jails with Ansible: a showcase for building a container infrastructure on FreeBSD (https://papers.freebsd.org/2019/bsdcan/dengg-managing_jails_with_ansible/) BSD Hardware (https://bsd-hardware.info) New WINE chapter in FreeBSD handbook (https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/wine.html) *** Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. *** Feedback/Questions scott- zfs question (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/scott-%20zfs%20question) Bruce - copy paste on esxi (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/Bruce%20-%20copy%20paste%20on%20esxi) Julian - an apology for Allan (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/385/feedback/Julian%20-%20an%20apology%20for%20Allan) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv)
34 min
Clear search
Close search
Google apps
Main menu