podcast udemy VHL TED

December Check-in

A synopsis of interesting

Posted by Asa Hess-Matsumoto on Sunday, December 27, 2020

Preamble

This month there is a variety of interesting cyber subjects that caught my eyes and ears:

  1. You’ll See This Message When It’s Too Late
    I started listening to this audiobook by Josephine Wolff this month. The book describes a series of significant cybersecurity incidents from 2005 to 2015, outlining the underlying motives as well as how their targets reacted. Wolff argues early on that there are a multitude of agents that can - in a limited fashion - contribute to a target’s defense: politicians/CEOs are responsible for enacting policy, ISPs are responsible for trafficking information between networks, network engineers are responsible for crafting robust networks, developers are responsible for creating/updating secure products, and of course users are responsible for their own individual behavior. However, when an incident occurs the most common course of action is to assign blame in order to mitigate losses; this does not necessarily result in strengthening the target from further cyber attack.
  2. Solar Winds attack
    There is so much information coming forward about the massive supply chain compromise of the Solar Winds Orion platform; the number of victims are still being reported, but they include assorted government agencies, DoD contractors, and other companies (such as Microsoft and FireEye).
  3. What is a weapon in the Information Age?
    This TED talk by Sharon Weinberger had me wondering how much more expansive the scope of cyber attacks may extend. She proposes that the surveillance state is being accelerated globally by the propagation of big data companies. Said argument contends that while conventional weaponry is heavily regulated world-wide, there are fewer restrictions on companies that leverage the availability of Big Data to assemble AI-driven tracking/targeting systems. This leads to the sale of said systems to nation states with questionable intent, such as Saudi Arabia and China.
  4. C Programming For Beginners
    Next semester I’m taking a graduate course on Operating Systems; the class will heavily involve the use of the C programming language - a language I haven’t dabbled in for some years. In order to prepare for the class, I’m using some of my time this Winter refreshing myself with this Udemy class by Tim Buchalka. I’m hoping that between this and the course I’ll have a better understanding of some of the Kernel exploits I’ve been using in studying for the OSCP.
  5. Virtual Hacking Labs
    This online penetration testing educational aide has been outstanding for refining my attack methodology ahead of the OSCP. I was able to attain both the VHL Certification (achieved by compromising at least 20 targets) as well as the VHL Advanced+ Certification (achieved by compromising at least 10 of their most difficult targets manually). A subscription to the lab comes with a multi-hundred page PDF and almost 50 targets to attack. I would place its overall level of difficulty below the PWK course offered by Offensive Security but above the eJPT prep material.
FEATURED TAGS
aws badusb bandit book books box c ceh certification chisel cloud coding crto cryptography ctf cyber dante ejpt exploitation gradschool hack hacking hackthebox htb javascript leetcode md5 nmap oscp overthewire pentesteracademy pentesting pico picoctf pivot pivoting programming pwk python reading reverse-engineering reversing riceteacatpanda suidcheck synack the vhl writeup
FRIENDS