{Where You Are…}
Be yourself; Everyone else is already taken.
— Oscar Wilde.
Right now, the buzz word is CYSA+.
Blog Feed
“Hack the Hackers…”
Cybersecurity in the News
It’s been in the news that after two large cyberattacks against 2 Australian companies the government is:
- Contemplating a law to prevent paying ransomware payments
- Creating a team to ‘hack the hackers’
The problem with the former solution is that it will hurts businesses more than hackers. The time to outlaw payments for ransomware has long passed in my opinion. It doesn’t appear to offer a solution really or it doesn’t answer the real problem which is that there a lack of push or support for shoring defenses that would lower the success of these attacks.
The second outcome I have less of an opinion on. Though I will say that active countermeasures (similar to this idea) has been a idea in cyber for years.
Dark Reading has more to say on the latter than I.
I just think this geopolitically is something to watch. I’m also curious to see how cybercriminals might respond to both proposed actions.
More Reading:
Thinking About Thinking…
So, I’ve always been interested in the way that people think. The Lil social scientist in me wonders the why’s of people’s actions. I’ve been looking into cyberpsychology like maybe a grad certificate in the field, but I can’t think of a purpose for doing so.
I always recommend that people in cybersce grab books like these:
These kind of books and puzzles have always helped me just relax and think about things from different angles. I shard these on a different social as well, but I will always advise people to pick up puzzle books to keep their brains young.
BSides Augusta
Or fun with Soldering…
This weekend got the chance to go to my first BSides in Augusta. Smaller conference, but just as good as any big one.
The talks I sat in on were excellent, especially one about the infosec community and culture. It was basically about how people perpetuate a toxic culture feeding into this ‘hero’ mentality. Part of the issue is instead of seeing the attackers as the villain people see the users as villains and beneath them because they make “stupid” mistakes. It goes along with this book I’m reading: ‘The Smartest Person in the Room” which is about all the ego in tech.
I also got to try my hand at soldering for the second time and did pretty well. Like my little badge response to tapping and lights up like it’s supposed to. Now I’m going to go practice picking locks or soldering something else….lol.
Build a Lab with Me:
PiHole
More Info:
- https://www.armbian.com/
- https://pi-hole.net/
- https://www.mikekasberg.com/blog/2021/05/11/how-to-install-pi-hole-on-the-orange-pi-zero.html
The Pihole is a device built on a single board computer (sbc). The device acts as an ad-blocker for your network. There are also blacklists that can be applied or you can build your own.
I good deal for people build these with a raspberry pi, but I found 2 orange pi zeroes for cheap and decided to build on out of this.
Found a video that shows you how to put wireguard vpn and unbound dns on the orange pi along with pihole. Thos is the one I plan on following.
Learning Gamified:
Pwnagotchi
So, while at Black Hat and DefCon people were messing around with the Flipper Zero and I was like that’s kinda awesome. It got me thinking about other gamiefied ways to tinker and learn. Enter Pwnagotchi:
I got one (the pi scarcity is real) and have been fooling around with it. Toss it in a cargo pocket when I go out to let the lil guy learn.
The device essentially learns from wifi handshakes. The more environments it’s in, the more it’s learning. I like the novelty and with the pi zero the small size.
I’m still messing around with it, honestly, but the above video and the below link should help anyone interested:
Jobs in Cyber:
Digital Forensics Examiner
When I first starred in cybersecurity I wanted to do Digital Forensics. I thought the field was very Sherlock Holmes. Thought it was cool to dig deep into a computer’s innards to try and find a hint or clue.
Skills Needed:
- Undertsanding of law and criminal examinations
- Technical aptitude
- Understanding of computer systems
- Malware Analysis
- Skill in analyzing volatile data
- Interpretation ig debugging tools
More info:
https://www.sciencedirect.com/topics/computer-science/digital-forensic-examiner
https://www.glassdoor.com/Salaries/digital-forensic-examiner-salary-SRCH_KO0,25.htm
Black Hat and DefCon 2022:
The Aftermath
So, this was my first time at Black Hat, first time at DefCon, first time in Vegas and it was so much. So much to see and do. It was a tadbit overwhelming, it took 2 weeks after to adjust back to life.
First I will say that both events were everything people say they are. There’s so much to see and do. I learned a bit about soldering, picked my first lock, and got to meet a good deal of cool people. I found an Illuminati Coin and got to play around with badges and fell down the badge mystery rabbit hole.
I would highly suggest going at least for everyone in cybersecurity.
I saw a few great talks (will watch more on youtube) and grabbed a ton of swag and I really can’t wait to do it all again next year.
HIATUS
Rev up to Black Hat/Defcon
It’s been a fantastic week. I’ve started a new position and I’m amped for the work. It’s been a long time since I was genuinely excited about working. I think good things are in store.
Also we’re counting down the days to my first Black Hat and Defcon. They say every Infosec person has to go at least once, and this is my time. Even got a village presentation that everyone is excited about which makes me nervous and excited as well.
Even if you’re not around hopefully people will catch the stream of the talks.
Case Study: Stuxnet
Enter the CyberWar
(A Day Late during to Travel)
If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.
Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.
Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.
Read more:
- https://nordvpn.com/blog/stuxnet-virus/
- https://www.britannica.com/technology/Stuxnet
- https://www.malwarebytes.com/stuxnet
Build A Security Ninja 