Zoogs Deux! Zoogs has been busy this past year. Graduating university, new job, still trash (his words) and 2 cats. We have a great candid conversation about Certs, the Tech job market, the Voldemort of Text editors, comfort zones and our favorite Arizona Tall boy flavors.
https://www.youtube.com/@theo6580
Today's episode is a little different. We have the opportunity to speak to the host of ITPodcast.Club, available on major podcasting platforms and who is in their last year of university. This episode is a bit longer around 30 minutes, but Alwin and I talk about a few topics including, paid and free learning resources, how we learn, entry level work, certifications and lastly why Backups are essential.
Alwin email - alwin@itpodcast.club
IG - @itpodcast.club
Link Alwin’s podcast - ITpodcast.Club https://open.spotify.com/show/2qjTo5KX5lDoEgGymvx4mU?si=Dc46RQssQn2PBKZALuuXwA
Link CFTE server - https://discord.gg/uWPvAR6HTR
Hello and welcome back to USB our Guest, Cyber Security tips.
I’m Theo, here to help you break down cyber security news and hacks and how they affect you. However, today I am interviewing Anyaacii a Linux in HPC Administrator.
We recorded the interview in an open discord voice channel with video while monitoring chat with Text-to-speech developed by Security_Live.
Anya was kind enough to go through my questions in advance and answer them at length. https://github.com/theo2612/NewObsidian/blob/main/Podcast/USB%20our%20guest/Ep%2046%20-%20ANYAscii.md
A collab 3 years in the making! Anyascii and my schedule line up to finally sit down and chat. I've been a fan of Anya for long time, ever since we learned that we both cut our teeth on linux at the same time on the same learning platform! I'm a huge fan of her learning on stream style.
[https://www.twitch.tv/b7h30](https://www.twitch.tv/b7h30)
[https://linktr.ee/b7h30](https://linktr.ee/b7h30)
Music by Chillhop Music: [https://chillhop.ffm.to/creatorcred](https://chillhop.ffm.to/creatorcred)
Help support the stream by using my Affiliate links - [https://theo2612.github.io/7h30-amazon-affiliate-links/](https://theo2612.github.io/7h30-amazon-affiliate-links/)
Another interview! Yup! Today I am interviewing Tech Penguin who is a Senior Penetration Tester in the Netherlands.
We recorded the interview in an open discord voice channel with video while monitoring chat with Text-to-speech developed by Security_Live.
The Tech Penguin has 5 years experience as a penetration tester and a different entry to the Cyber Security industry. We are very excited to talk to him!
As usual I send people I interview a list of questions to answer, and the Tech Penguin did that, offering well-thought and honest answers. Find the document linked on the episode page, on my Github. This is a little longer than my normal format so feel free to speed it up. Thank you for listening and enjoy.
Today I am interviewing The MonoSpace Mentor, CEO and CTO of their own managed web hosting business.
We recorded the interview in an open discord voice channel with video while monitoring chat with Text-to-speech developed by Security_Live.
The MonoSpace mentor has a wealth of life experience that I will attempt to draw on. From early beginnings, growth and accomplishment, I am very excited to talk to him.
Also, I send people I interview a list of questions to answer, and the MonoSpace Mentor did that, offering well thought and candid answers. Find the document linked on the episode page on my Github. This is a little longer than my normal format so feel free to speed it up. Thank you for listening and enjoy.
Music by Chillhop Music: https://chillhop.ffm.to/creatorcred
Help support the stream by using my Affiliate links - https://theo2612.github.io/7h30-amazon-affiliate-links/
Today I am interviewing Tegora, an L3 System Administrator & Senior Technical Leader with technical responsibilities for Networking/Linux/HPC.
We recorded the interview in an open discord voice channel with video while monitoring chat with Text-to-speech developed by Security_Live. While this time I had his volume level closer to mine, the music wasn't low enough in some parts. I make sure it is lower on future recordings
Tegora became fascinated with computers at an early age, funded his education enlisting in the Army, pursued and obtained multiple degrees, taught and then pivoting into a career in IT. He has an excellent point of view regarding work effort, stepping out of your comfort zone and shares excellent tips on getting started on your path and interviewing. Also, I send people I interview a list of questions to answer, and Tegora did that, offering well thought and candid answers. Find the document linked on the episode page on my Github. This is a little longer than my normal format so feel free to speed it up. Thank you for listening and enjoy.
Music by Chillhop Music: https://chillhop.ffm.to/creatorcred
Help support the stream by using my Affiliate links - https://theo2612.github.io/7h30-amazon-affiliate-links/
Hello and welcome back to USB our Guest, Cyber Security tips. I’m Theo, here to help you break down cyber security news and hacks and how they affect you. However, today I am interviewing Zoogs. He has been in the industry for a bit now and I wanted to pick his brain on a variety of topics. We decided to record this live on twitch with chat using text to speech, while in Minecraft and recording audio in discord. So If you want to watch the VOD it is available on twitch or YouTube. We talk about his prior experience, current role, their expectations and what it took for him to get into that role. We also talk about Certificates, different learning techniques, the importance of stepping outside of your comfort zone, and advice that he wish he knew when he started on his path in cybersecurity. I include some sleeper questions that really don't have anything to do with cyber security And zoogs triggers himself @ 44:45!!
In this video Episode of USB our Guest, I Phish myself Repeatedly.
Today I wanted to do something a little different and something I've wanted to do for a while. I'm getting phished, repeatedly. I'm going to show you multiple legitimate login screens next to spoofed login screens that actually steal credentials. We're gonna talk about when and where the attack happens, where the username and password gets pulled and how to avoid. I want to send a special thank you to Casper0x413 for all the hard work they put in on PhishNet. I still can't get over how legit the phishing login screens look. Thank you Saint!
Never click on links in emails, DMs, texts to login to apps. Always go directly the app on your phone or type the web address in the browser yourself
If you have a topic you would like me to cover drop me a line at anchor.fm/usbog, email me at usbourguest@gmail.com or visit me on twitch at twitch.tv/b7h30. If I've helped you in any way please consider telling friends or family about the podcast. Or rate and review the podcast on whatever platform you use to listen. Thank you for listening, stop reusing passwords and have a great day.
Music in the episode provided by Chillhop -- artist less.people - Eternal now https://chll.to/dd19c5f6
This episode cover the LastPass breach that occurred in August. Links to the LastPass blog and articles referenced in the show are below. You can also find me on twitch at https://www.twitch.tv/b7h30.
[LastPass - Notice of Recent Security Incident](https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/)
[Explore how LastPass keeps you safe during a security event or potential hack](https://www.lastpass.com/security/what-if-lastpass-gets-hacked)
[LastPass - Zero knowledge ](https://www.lastpass.com/security/zero-knowledge-security)
[Forbes - LastPass Hacked: Password Manager With 25 Million Users Confirms Breach](https://www.forbes.com/sites/daveywinder/2022/08/25/lastpass-hacked-password-manager-with-25-million-users-confirms-breach/?sh=4c25e8b87d5a)
[Dark Reading - LastPass Suffers Data breach, Source Code Stolen](https://www.darkreading.com/cloud/lastpass-data-breach-source-code-stolen)
[Bleeping Computer - LastPass says hackers had internal access for four days](https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/)
I sit down with Stefan from the Tech Hatters Discord for a discussion on the Russia / Ukraine Cyber War. Stefan is a University student working in the industry. Please see all the links for all the articles we discussed below. Feel free to run all the links provided below through VirusTotal to ensure safe to click. I do not suggest using the 1920.in app.
Tracking Cyber Operations and actors in the Russian-Ukraine War
Anonymous broadcasts infamous ‘troll face’ on Russian military radio
WhisperGate Malware Corrupts Computers in Ukraine
Second Data Wiper attack hits Ukraine computer networks
White House.gov- FACT SHEET: Act Now to Protect Against Potential Cyberattacks
Snapchat turns off public ‘heatmap’ for Ukraine
Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode.
TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar
The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/
Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/
Apache logging services https://logging.apache.org/
The Apache Software Foundation https://www.apache.org/
USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface
Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html
JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender
Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html
What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc
Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html
W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html
Amazon Affiliate link - https://amzn.to/3rpF5KI
Today's episode covers the recent Twitch hack. yikes.
The entirety of Twitch has reportedly been leaked
https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/
A Devastating Twitch Hack Sends Streamers Reeling -
https://www.wired.com/story/devastating-twitch-hack-sends-streamers-reeling/
Twitch confirms it was hacked after its source code and secrets leak out
https://www.theverge.com/2021/10/6/22712365/twitch-data-leak-breach-security-confirmation-comments
Twitch’s twitter posts
https://twitter.com/Twitch/status/1445770441176469512
https://twitter.com/Twitch/status/1445985601174392835
Twitch’s blog - Update on the Twitch Security incident
FB Update about the October 4th outage
https://engineering.fb.com/2021/10/04/networking-traffic/outage/
This episode is about the recent EA/Electronic Arts hack that occurred on June 6th.
TL:DR/L - only download from Legit game retailers.
Hackers Steal Wealth of Data from Game Giant EA - https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code
Hackers leak full EA data after failed extortion attempt - https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/
How Hackers Used Slack to Break into EA Games - https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
EA ignored domain vulnerabilities for months despite warnings and breaches - https://www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/
Hackers selling access to FIFA matchmaking servers and other games after EA attack - https://www.zdnet.com/article/hackers-selling-access-to-fifa-matchmaking-servers-and-other-games-after-ea-attack/
How Hackers Used Slack to Break into EA Games - https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
Today’s episode is about the Ransomware attack that occurred on May 7th that forced Colonial Pipeline to shut down its operations.
A Closer Look at the DarkSide Ransomware Gang - https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/#more-55529
Colonial Pipeline attack: Everything you need to know- https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/
Colonial Pipeline ransomware attack linked to a single VPN login -https://www.engadget.com/pipeline-ransomware-010631984.html
Hackers Breached Colonial Pipeline Using Compromised Password - https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password?sref=10lNAhZ9
USBOG - Ransomware - https://anchor.fm/usbog/episodes/What-is-Ransomware-ejikem
USBOG - Passwords - https://anchor.fm/usbog/episodes/Password-Best-Practices-e52ank
Today’s episode covers the FBI’s Unprecedented helpful remote hacking of Hafnium infected servers.
The FBI is remotely hacking hundreds of computers to protect them from Hafnium- https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack
The FBI got a court order to delete backdoors from hacked Exchange servers- https://www.engadget.com/fbi-hafnium-exchange-server-060721872.html
USB our Guest - Microsoft Server Exchange Hack - https://anchor.fm/usbog/episodes/Microsoft-Server-Exchange-Hack-ets89n
Today's episode is about cheaters or modders getting infected with RAT’s or a Remote Access Trojans.
Tech Republic - Malicious attack now targeting video gamers and modders https://www.techrepublic.com/article/malicious-attack-now-targeting-video-gamers-and-modders/
Cisco Talos - Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html
USBOG Episode 31- RAT's or Remote Access Trojans and Stop Clicking Links from your Moms https://anchor.fm/usbog/episodes/RATs-or-Remote-Access-Trojans-and-Stop-Clicking-Links-from-your-Moms-ev3dht
Today’s episode covers RATs or Remote Access Trojans. There is a great article on DarkReading that gives an overview of what RATs do and I’ll include it in the show notes. In This episode we will cover What are RATs, how do they find their way on your computer, what they do when they find themselves on there and what you can do to protect your device from them.
Dark Reading - RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes...
Today’s episode covers the Microsoft Server Exchange Hack. So disclaimer here, this is a fairly technical hack. The purpose of this episode is to give you a high level overview of the hack, a timeline, who is responsible and what to do?
Krebs on Security - At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software - https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
ZD Net - Everything you need to know about the Microsoft Exchange Server hack - https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/
Microsoft’s Github with tools for mitigation - https://github.com/microsoft/CSS-Exchange/tree/main/Security
ZD Net
Microsoft blog with patch update - https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/
Krebs on Security - A Basic Timeline of the Exchange Mass Hack https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
USB our Guest - Software Updates
Silver Sparrow as discovered by Red Canary
RedCanary's silver sparrow discovery - https://redcanary.com/blog/clipping-silver-sparrows-wings/
Computer world - https://www.computerworld.com/article/3609611/30k-macs-infected-with-silver-sparrow-virus-m1-mac-ssd-health.html
MITRE|ATT&CK - LaunchAgents - https://attack.mitre.org/techniques/T1543/001/
CyberWire- Silver Sparrow targets Macs - https://thecyberwire.com/newsletters/week-that-was/5/8
USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
Hello and welcome back to USB our Guest Cyber Security tips. Today's episode is about CD Projekt Red's CyberPunk2077 Breach. Spoiler, they tell hackers 'no thank you' to ransom demands and restore from backup.
Wired article https://www.wired.com/story/cd-projekt-red-ransomware-hack-cyberpunk-2077-source-code/
USB our Guest - Backups https://anchor.fm/usbog/episodes/Backups-eju9r7