45 min listen
2021-037-Tony Robinson, leveraging your home lab for job success - Part2
2021-037-Tony Robinson, leveraging your home lab for job success - Part2
ratings:
Length:
58 minutes
Released:
Oct 17, 2021
Format:
Podcast episode
Description
Tony Robinson (@da_667) Thought we’d put in a little news to round out the show https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/ https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/ https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html Similar device on ebay: https://www.ebay.com/itm/324762812721 https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year/ https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html https://0xdf.gitlab.io/ www.leanpub.com/avatar2 MSRP = $30 USD Book changes What is the end goal? Upskill? Independent consultant? Promotion? Bug bounties? Lab setup - Lab setup types Cloud based - Desktop/laptop/NUC - Server - Good VMs to https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ - 90 day WIndows machines What other home lab equipment have would be helpful?Testing IoT/embedded devices? Car hacking? Malware analysis? https://bazaar.abuse.ch/ Virus Total Intelligence Honeypots @malware_traffic - https://twitter.com/malware_traffic/status/1446627364147023877 Analyzing binaries? Patch analysis (patch tuesday, print nightmare, etc)? https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html https://www.netresec.com/?page=networkminer Soldering? Oscillators for voltage checks? Wireless? Old cellphones (mobile apps, don’t need cellular) Personal assistant devices (used IoT devices?) Accessing data stored on devices Specific software licenses? Burp? If I’m trying to break into infosec, how do I use my lab to sell myself to an employer? Does the employer care? How can someone show what they’ve learned in a way that shows the value?
Released:
Oct 17, 2021
Format:
Podcast episode
Titles in the series (100)
2020-018- Masha Sedova, bespoke security training, useful metrics to tailor training: Masha Sedova - Founder, Elevate Security Inability to measure human security behaviors leads to increased risk in our computing environments. For too long, we’ve accepted training completion and mock phishing data as a sufficient way to measure this... by BrakeSec Education Podcast