PLAY PODCASTS
2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1
Season 2021 · Episode 36

2021-036-Tony Robinson, twtich breach, @da_667 lab setup new book edition! -part1

BrakeSec Education Podcast · Tony Robinson, Bryan Brake, and Brian Boettcher

October 14, 202153m 33sExplicit

Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

Tony Robinson (@da_667)

Thought we'd put in a little news to round out the show

https://www.bbc.com/news/world-us-canada-58863678 - nuclear secrets hidden in a peanut butter sandwich

https://www.theregister.com/2018/04/20/rsa_security_conference_insecure_mobile_app/

https://www.vice.com/en/article/jg8w9b/the-twitch-hack-is-worse-for-streamers-than-for-twitch

https://nakedsecurity.sophos.com/2021/10/08/apache-patch-proves-patchy-now-you-need-to-patch-the-patch/

https://www.securityweek.com/fontonlake-linux-malware-used-targeted-attacks

https://securityaffairs.co/wordpress/123182/breaking-news/medtronic-recalled-insulin-pumps-controllers.html

Similar device on ebay: https://www.ebay.com/itm/324762812721

https://www.zdnet.com/article/brewdog-exposed-data-of-200000-shareholders-for-over-a-year/

https://tpetersonkth.github.io/cve/2021/10/02/Analysis-of-CVE-2019-9053.html

https://0xdf.gitlab.io/

www.leanpub.com/avatar2 MSRP = $30 USD

Book changes

What is the end goal?

Upskill?

Independent consultant?

Promotion?

Bug bounties?

Lab setup -

Lab setup types

Cloud based -

Desktop/laptop/NUC -

Server -

Good VMs to

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ - 90 day WIndows machines

What other home lab equipment have would be helpful?Testing IoT/embedded devices?

Car hacking?

Malware analysis? https://bazaar.abuse.ch/

Virus Total Intelligence

Honeypots

@malware_traffic - https://twitter.com/malware_traffic/status/1446627364147023877

Analyzing binaries?

Patch analysis (patch tuesday, print nightmare, etc)?

https://wumb0.in/extracting-and-diffing-ms-patches-in-2020.html

https://www.netresec.com/?page=networkminer

Soldering?

Oscillators for voltage checks?

Wireless?

Old cellphones (mobile apps, don't need cellular)

Personal assistant devices (used IoT devices?)

Accessing data stored on devices

Specific software licenses?

Burp?

If I'm trying to break into infosec, how do I use my lab to sell myself to an employer?

Does the employer care?

How can someone show what they've learned in a way that shows the value?

← All episodes of BrakeSec Education Podcast