Category: Informational

Posted in Current Events, Informational, Research

“Hack the Hackers…”

Posted on by Steph

Cybersecurity in the News

It’s been in the news that after two large cyberattacks against 2 Australian companies the government is:

  • Contemplating a law to prevent paying ransomware payments
  • Creating a team to ‘hack the hackers’
Computer screen filled with orange, red, white, and green ‘code’

The problem with the former solution is that it will hurts businesses more than hackers. The time to outlaw payments for ransomware has long passed in my opinion. It doesn’t appear to offer a solution really or it doesn’t answer the real problem which is that there a lack of push or support for shoring defenses that would lower the success of these attacks.

The second outcome I have less of an opinion on. Though I will say that active countermeasures (similar to this idea) has been a idea in cyber for years.

Dark Reading has more to say on the latter than I.

I just think this geopolitically is something to watch. I’m also curious to see how cybercriminals might respond to both proposed actions.

More Reading:

Posted in Informational, Research, Using

Thinking About Thinking…

Posted on by Steph

So, I’ve always been interested in the way that people think. The Lil social scientist in me wonders the why’s of people’s actions. I’ve been looking into cyberpsychology like maybe a grad certificate in the field, but I can’t think of a purpose for doing so.

I always recommend that people in cybersce grab books like these:

These kind of books and puzzles have always helped me just relax and think about things from different angles. I shard these on a different social as well, but I will always advise people to pick up puzzle books to keep their brains young.

Posted in Goals, Informational, Labs, Research, Using, Walk-Throughs

Build a Lab with Me:

Posted on by Steph

PiHole

More Info:

The Pihole is a device built on a single board computer (sbc). The device acts as an ad-blocker for your network. There are also blacklists that can be applied or you can build your own.

I good deal for people build these with a raspberry pi, but I found 2 orange pi zeroes for cheap and decided to build on out of this.

Found a video that shows you how to put wireguard vpn and unbound dns on the orange pi along with pihole. Thos is the one I plan on following.

Posted in Informational, Using

Learning Gamified:

Posted on by Steph

Pwnagotchi

So, while at Black Hat and DefCon people were messing around with the Flipper Zero and I was like that’s kinda awesome. It got me thinking about other gamiefied ways to tinker and learn. Enter Pwnagotchi:

I got one (the pi scarcity is real) and have been fooling around with it. Toss it in a cargo pocket when I go out to let the lil guy learn.

The device essentially learns from wifi handshakes. The more environments it’s in, the more it’s learning. I like the novelty and with the pi zero the small size.

I’m still messing around with it, honestly, but the above video and the below link should help anyone interested:

https://pwnagotchi.ai/intro/

Posted in Informational, Profiles

Jobs in Cyber:

Posted on by Steph

Digital Forensics Examiner

When I first starred in cybersecurity I wanted to do Digital Forensics.  I thought the field was very Sherlock Holmes.  Thought it was cool to dig deep into a computer’s innards to try and find a hint or clue.

Skills Needed:

  • Undertsanding of law and criminal examinations
  • Technical aptitude
  • Understanding of computer systems
  • Malware Analysis
  • Skill in analyzing volatile data
  • Interpretation ig debugging tools

More info:

https://www.sciencedirect.com/topics/computer-science/digital-forensic-examiner

https://www.glassdoor.com/Salaries/digital-forensic-examiner-salary-SRCH_KO0,25.htm

Posted in Informational, Research, Topic, Vulnerabilities

Case Study: Stuxnet

Posted on by Steph

Enter the CyberWar

(A Day Late during to Travel)

If you’re paying attention to the War in Ukraine you’ve probably heard people talk about the ensuing cyber dimension of the conflict. This is just the latest skirmish–though some say it’ s the beginning of the new Era of Cyberwarfare–of cyberwarfare.

Stuxnet, wasn’t the first cyber operation nor was it the first virus, but it’s notable because it was one of the first that destroy hardware and an operation linked specifically to the U.S.

Stuxnet was a virus developed to target Iran’s nuclear capabilities. Basically, it targeted automated controls in industrial control systems causing the hardware to break. It did this by exploiting zero-days in Microsoft and Siemens software. The bad part is that Stuxnet worked to well and ended up spreading globally.

Read more:

Posted in Cons, Goals, Informational, Research

Cyber Presentations

Posted on by Steph

So, one of my goals as I wrote before was to get better at public speaking. I worked on thos by applying for talks…even though it frankly terrifies me to think of being in front of a room full of people with all eyes on me. Luckily for my anxiety I got chosen to speak but both were to be pre-recorded.

Which is great because it still gets me speaking, but also doesn’t make me have to deal with the anxiety of the moment. It’s an important step and even an confidence boost to have my presentations be accepted. And even just being accepted and being able to add, Presenter @ so and so conference to my CV/Resume and speak on it in interviews has been helpful.

So, my advise this Saturday for someone trying to expand their cyber presence:

  • Make an effort to attend some conferences
  • If your interested apply to call for papers, you never know when something that seems interesting to you might be interesting to others
  • Its’s ok to have fears, we sll have them, but we cant let them control what we accomplish in life

Posted in CTF, Informational, Profiles, Simple Malware Analysis, Vulnerabilities

Jobs in Cyber: Vulnerability Researcher

Posted on by Steph
Hand with black nail polish holding a magnifying glass – Pexel

Stumbled on this job during a recent job search. This had never been on my radar as a possible field of interest, but after interviewing and learning about the position I was intrigued.

A vulnerability researcher basically investigate, identify, and study vulnerabilities and exploits in software and/or systems. Sometimes this can be independently, but often it is part of an enterprise or in conjunction with continuous monitoring services.

Possible Skills Needed:

  • Scripting knowledge
  • Decompiler knowledge
  • Malware Analysis
  • Communication (verbal and written)
  • Methodical approach to research
  • Analytical mind
  • Scanners such as Nessus
Posted in Informational

Sick

Posted on by Steph

I’m currently sick. My throat is raw, but I’m working on my presentation for Blacks in Cybersecurity Village @ Defcon. Hopefully with enough tea, honey, and ginger I’ll be able to record this video without my voice breaking like a pubescent teen boy.

Posted in Current Events, Informational, Research, Topic

Privacy in the Digital Age:

Posted on by Steph

Roe v. Wade

Again, had a post planned and instead news caused a different post.

Even before the Supreme Court officially struck down the Roe v. Wade decision and sent reproductive health issues back to the states there were stirrings questioning how incoming changes might effect health apps and data collection.

Living in today’s world people might not worry about how much of their information is readily collected or available. Perhaps, they’ve resigned themselves to the fact that they can’t stop their data being collected. There has been very little headway made in crafting some type of national privacy law, so it makes one feel like this is just inevitable, online privacy is your own concern.

For months before today reading through Twitter brought calls for women to remove period tracking apps and be more cognizant of how their data might be collected and in the future possibly subpoenaed as proof of some ‘reproductive crime’..

“Democrat lawmakers along with privacy advocates are now growing worried prosecutors in these anti-abortion states will use subpoenas to demand tech companies help them identify which users have visited an abortion provider.” -Michael Kan, PCMag.

I would definitely consider myself a privacy advocate. I think the majority of infosec people are concerned about privacy to some degree. It’s concerning that it really took something so dramatic to bring this conversation about data collection back to the foreground.

It can be proposed that perhaps we all just became too complacent in many ways…

How all this unfolds and develops is something to keep a definite eye on.