From a27fd8bf11367ff8f4d47934f5b030c612a7ba3e Mon Sep 17 00:00:00 2001 From: Ken Fallon Date: Mon, 20 Nov 2023 20:47:48 +0100 Subject: [PATCH] 2023-11-20_19-47-48Z_Monday database changed --- sql/hpr-db-part-14.sql | 4 ++-- sql/hpr-db-part-15.sql | 3 ++- sql/hpr.sql | 5 +++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sql/hpr-db-part-14.sql b/sql/hpr-db-part-14.sql index ac06a66..0a7ed20 100644 --- a/sql/hpr-db-part-14.sql +++ b/sql/hpr-db-part-14.sql @@ -550,7 +550,8 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3995,'2023-11-24','Creating Your Own Internet Radio Streaming Device',570,'Claudio talks about a couple of streaming radio solutions to make your own internet radio device.','

aNONradio: https://anonradio.net
\nTildeRadio: https://tilderadio.org

\n

Volumio: https://volumio.com/
\nmoOde Audio: https://moodeaudio.org/

\n',152,0,0,'CC-BY-SA','moode,raspberrypi,audio,internetradio,streamingradio,multimedia,volumio,anonradio,tilderadio',0,0,1), (3996,'2023-11-27','Holiday Challenges Series - Ep 1 - Advent of Code',221,'Discussing challenges to help you enjoy the holiday season','

Holiday\nChallenges Series - Ep 1 - Advent of Code

\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

Whichever holidays you celebrate this time of year, life generally\ngets busy and stressful.

\n

It could be shopping
\nor cooking
\nor cleaning
\nor school activities
\nor buying, assembling, wrapping, and delivering gifts
\nor planning time with family
\nor dealing with visiting family
\nor scheduling time off from work
\nor managing extra work while others have scheduled time off
\nor a whole plethora of other things.
\nThis time of year can be stressful.

\n

A few years ago, I discovered a fun activity, which challenged my\nmind and helped me focus and detach from the stress for a little while\neach day, through the month of December. It helped me manage the stress\nin an enjoyable way.

\n

Since then, I have found and tried several other similar activities,\nso I wanted to share a little about them with you for the next few\nepisodes so you can see what might work for you.

\n

The first I would like to share is called the Advent of Code\nChallenge (https://adventofcode.com/). In HPR episodes 2973 (https://hackerpublicradio.org/eps/hpr2973/index.html)\nand 3744 (https://hackerpublicradio.org/eps/hpr3744/index.html),\nDaniel Perrson shared some great details about this challenge. I\nencourage you to go review his episodes.

\n

But the TLDR (Or maybe the TLDL -- Too Long Didn\'t Listen?) for\nAdvent of Code is that it is a 25 day challenge which begins on December\n1. Once you register at adventofcode.com, Each day, you will be\npresented with a problem to solve and some sample data to use for\nverification that your program works. You can choose to use any\nprogramming language or application you desire produce the answer. Last\nyear, I used this to brush up on my Python skills. Others use Visual\nBasic, C (and all its variants), Rust, Go, etc. I have seen people use\nCobol, Fortran, and Pascal, or even Microsoft Excel. It is really up to\nyou. You are then presented a dataset which is unique to your login, and\nagainst which you run your code. When complete, you submit the answer\ncame up with on the adventofcode.com web site and they will tell you if\nyou are correct or not.

\n

If you are competitive (And REALLY GOOD) there is a Global\nLeaderboard. If you want to compete with a group of friends, you can\nbuild your own leaderboard and invite others to take part with you.

\n

There are tons of resources online, from youtube channels to reddit\n(https://www.reddit.com/r/adventofcode/), to Discord (https://discord.gg/tXJh262)

\n

So, if you are looking for a way to challenge your mind and detach\nfrom holiday stress, Advent of Code may be something you might try.

\n

If this is not your cup of tea, I will be sharing several other\noptions for holiday challenges in future episodes.

\n',394,0,0,'CC-BY-SA','Advent of Code, holiday, challenge',0,0,1), (3999,'2023-11-30','Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber Challenge',183,'Discussing the TryHackMe Advent of Cyber challenge to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

I have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.

\n

The TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!

\n

This year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.

\n

Infosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.

\n

You can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!

\n

Everything can be done with a free account from within a browser.

\n

If you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas

\n

Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.

\n

If this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.

\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), -(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0); +(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0), +(3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads
  • \n
\n
\n

Threat analysis;\nyour attack surface.

\n
    \n
  • Source: Former\nNHS secretary found guilty of illegally accessing medical\nrecords
    \n

    \n
      \n
    • A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
      \n
    • \n
    • Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
      \n
    • \n
  • \n
  • Supporting Source: Open\nStreet Map link to Redditch Worcestershire.
    \n

  • \n
  • Source: NetSupport\nRAT Infections on the Rise. Targeting Government and Business\nSectors
    \n

    \n
      \n
    • While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
      \n
    • \n
  • \n
  • Source: Beware:\nMalicious Google Ads Trick WinSCP Users into Installing\nMalware
    \n

    \n
      \n
    • The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
      \n
    • \n
  • \n
  • Source: Trojanized\nPyCharm Software Version Delivered via Google Search Ads.
    \n

    \n
      \n
    • Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
      \n
    • \n
  • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Why\nDefenders Should Embrace a Hacker Mindset
    \n
  • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      \n
    • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      \n
    • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      \n
    • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      \n
    • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
    • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        \n
      • \n
    • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      \n
    • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      \n
    • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      \n
    • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      \n
    • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
    • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      \n
    • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      \n
    • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      \n
    • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      \n
    • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
    • \n
  • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, Threat analysis, InfoSec, Google Dynamic Search Ads',0,0,0); /*!40000 ALTER TABLE `eps` ENABLE KEYS */; UNLOCK TABLES; @@ -997,4 +998,3 @@ DROP TABLE IF EXISTS `licenses`; CREATE TABLE `licenses` ( `id` int(5) NOT NULL AUTO_INCREMENT, `short_name` varchar(11) NOT NULL, - `long_name` varchar(40) NOT NULL, diff --git a/sql/hpr-db-part-15.sql b/sql/hpr-db-part-15.sql index 78ab677..c3a3b62 100644 --- a/sql/hpr-db-part-15.sql +++ b/sql/hpr-db-part-15.sql @@ -1,3 +1,4 @@ + `long_name` varchar(40) NOT NULL, `url` varchar(80) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=8 DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci; @@ -474,4 +475,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-20 19:33:41 +-- Dump completed on 2023-11-20 19:46:37 diff --git a/sql/hpr.sql b/sql/hpr.sql index 5282020..88012b1 100644 --- a/sql/hpr.sql +++ b/sql/hpr.sql @@ -20550,7 +20550,8 @@ INSERT INTO `eps` (`id`, `date`, `title`, `duration`, `summary`, `notes`, `hosti (3995,'2023-11-24','Creating Your Own Internet Radio Streaming Device',570,'Claudio talks about a couple of streaming radio solutions to make your own internet radio device.','

aNONradio: https://anonradio.net
\nTildeRadio: https://tilderadio.org

\n

Volumio: https://volumio.com/
\nmoOde Audio: https://moodeaudio.org/

\n',152,0,0,'CC-BY-SA','moode,raspberrypi,audio,internetradio,streamingradio,multimedia,volumio,anonradio,tilderadio',0,0,1), (3996,'2023-11-27','Holiday Challenges Series - Ep 1 - Advent of Code',221,'Discussing challenges to help you enjoy the holiday season','

Holiday\nChallenges Series - Ep 1 - Advent of Code

\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

Whichever holidays you celebrate this time of year, life generally\ngets busy and stressful.

\n

It could be shopping
\nor cooking
\nor cleaning
\nor school activities
\nor buying, assembling, wrapping, and delivering gifts
\nor planning time with family
\nor dealing with visiting family
\nor scheduling time off from work
\nor managing extra work while others have scheduled time off
\nor a whole plethora of other things.
\nThis time of year can be stressful.

\n

A few years ago, I discovered a fun activity, which challenged my\nmind and helped me focus and detach from the stress for a little while\neach day, through the month of December. It helped me manage the stress\nin an enjoyable way.

\n

Since then, I have found and tried several other similar activities,\nso I wanted to share a little about them with you for the next few\nepisodes so you can see what might work for you.

\n

The first I would like to share is called the Advent of Code\nChallenge (https://adventofcode.com/). In HPR episodes 2973 (https://hackerpublicradio.org/eps/hpr2973/index.html)\nand 3744 (https://hackerpublicradio.org/eps/hpr3744/index.html),\nDaniel Perrson shared some great details about this challenge. I\nencourage you to go review his episodes.

\n

But the TLDR (Or maybe the TLDL -- Too Long Didn\'t Listen?) for\nAdvent of Code is that it is a 25 day challenge which begins on December\n1. Once you register at adventofcode.com, Each day, you will be\npresented with a problem to solve and some sample data to use for\nverification that your program works. You can choose to use any\nprogramming language or application you desire produce the answer. Last\nyear, I used this to brush up on my Python skills. Others use Visual\nBasic, C (and all its variants), Rust, Go, etc. I have seen people use\nCobol, Fortran, and Pascal, or even Microsoft Excel. It is really up to\nyou. You are then presented a dataset which is unique to your login, and\nagainst which you run your code. When complete, you submit the answer\ncame up with on the adventofcode.com web site and they will tell you if\nyou are correct or not.

\n

If you are competitive (And REALLY GOOD) there is a Global\nLeaderboard. If you want to compete with a group of friends, you can\nbuild your own leaderboard and invite others to take part with you.

\n

There are tons of resources online, from youtube channels to reddit\n(https://www.reddit.com/r/adventofcode/), to Discord (https://discord.gg/tXJh262)

\n

So, if you are looking for a way to challenge your mind and detach\nfrom holiday stress, Advent of Code may be something you might try.

\n

If this is not your cup of tea, I will be sharing several other\noptions for holiday challenges in future episodes.

\n',394,0,0,'CC-BY-SA','Advent of Code, holiday, challenge',0,0,1), (3999,'2023-11-30','Holiday Challenges Series Ep 02 TryHackMe Advent of Cyber Challenge',183,'Discussing the TryHackMe Advent of Cyber challenge to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 2 - TryHackMe Advent of Cyber Challenge\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

I have been using TryHackMe for several years, and I recommend it to\nall of my students. It is a great environment where people can get hands\non experience with technology that relates to cyber security, all from\nthe comfort of their browser and free year-round.

\n

The TryHackMe Advent of Cyber challenge is a free gamified\nenvironment which focuses on penetration testing, security\noperations/engineering, forensics/incident response, malware analysis,\nmachine learning, and more!

\n

This year\'s challenge opens on December 1, 2023 (Which is the reason\nwhy I am posting twice this week). Typically, the Advent of Cyber\nchallenge includes daily beginner-friendly exercises for people new to\ncybersecurity. These can consist of walkthroughs, video tutorials, and\nchallenges. There are also prizes available based on random drawings and\non participant success.

\n

Infosec personalities like John Hammond, Gerald Auger, InsiderPHD,\nand InfoSec Pat are featured in this year\'s challenge.

\n

You can play with last year\'s Advent of Cyber challenge by visiting\nhttps://tryhackme.com/room/adventofcyber4. It outlines\nthe overall story and shows all of the tasks last year\'s participants\nexperienced, including both offensive and defensive topics like: log\nanalysis, OSINT, scanning, brute force attacks, email analysis,\nCyberChef, blockchain smart contracts, malware analysis, memory\nforensics, packet analysis, web application hacking, and more!

\n

Everything can be done with a free account from within a browser.

\n

If you want to learn more about cybersecurity, transition your career\ninto infosec, or just have fun playing with cyber challenges, you can\ngive it a try by visiting tryhackme.com or https://tryhackme.com/r/christmas

\n

Please note: I am not affiliated with TryHackMe in any way, other\nthan having been a paying member for many years. Students and others who\nhave participated in previous year\'s Advent of Cyber challenges have\ntold me how much they enjoyed it and learned from it. Even though I have\nbeen an infosec practitioner for more years than I would like to admit,\nI also have enjoyed taking part in this challenge.

\n

If this is not for you, I will be sharing another option for a\nholiday challenge in my next episode.

\n',394,0,0,'CC-BY-SA','Advent of Cyber, TryHackMe, Hands on, cyber, cybersecurity, infosec, holiday, challenge',0,0,1), -(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0); +(4006,'2023-12-11','Holiday Challenges Ep 3 SANS Holiday Hack Challenge & KringleCon',160,'Discussing the SANS Holiday Hack Challenge & KringleCon to help you enjoy the holiday season','Holiday\nChallenges Series - Ep 3 - SANS Holiday Hack Challenge with\nKringleCon\n

Since some of the information you are about to hear is time specific,\nI want to let you know that I am recording this near the end of November\nin 2023.

\n

If you missed the first episode, which introduces this series, you\ncan go back and listen to HPR3996

\n

The SANS Holiday Hack Challenge is an interactive online technology\nand hacking game combined with a virtual security conference, beginning\nin the second week of December. By the time this episode drops, it may\nalready be live. You can tour the North Pole conference facilities,\nmeeting people, interactive non-player characters (NPC), and maybe even\nsome villains from Holiday Hack Challenges past, as you solve problems\nand gather clues which you use to help save Christmas.

\n

Everything can be done from within the browser, and did I mention\nthere is a virtual security conference, called KringleCon? Some of the\nbiggest rock stars (and most humble and brilliant people) in\nCyberSecurity speak each year at KringleCon. Many of their talks also\nprovide clues to solving game challenges.

\n

Ed Skoudis and his team (The same people who build SANS NetWars) work\ntirelessly year after year to create the most amazing experience,\ncomplete with custom music! This has become one of my favorite holiday\ntraditions each year. You can learn more about the 2023 challenge by\nwatching Ed\'s Inside SANS Holiday Hack Challenge 2023 YouTube video at\nhttps://www.youtube.com/watch?v=X9Gmdr_CxzQ

\n

You can access this year\'s challenge by visiting sans.org/holidayhack\nor https://www.sans.org/mlp/holiday-hack-challenge-2023/

\n

There, you will learn more about all things Holiday Hack before the\ngame opens in the second week of December. If you want to play now, or\njust get a feel for it, you can access three of the previous years\'\nchallenges right now at the same site.

\n

I am not associated with SANS or the Holiday Hack Challenge in any\nway, other than to have participated for several years now, and I have\nwatched other people learn and grow by taking part in it.

\n

I hope that you have enjoyed this short series. If there are other\nonline challenges you find interesting or informative, I encourage you\nto record a show about them.

\n

Have a wonderful day.

\n',394,0,0,'CC-BY-SA','SANS, KringleCon, holiday, challenge',0,0,0), +(3997,'2023-11-28','The Oh No! News.',875,'Sgoti talks about Malware distributed via Google\'s Dynamic Ads and more.','

The Oh No! news.

\n

Oh No! News is Good\nNews.

\n
    \n
  • TAGS: Oh No, News, Threat analysis, InfoSec, Google\nDynamic Search Ads
  • \n
\n
\n

Threat analysis;\nyour attack surface.

\n
    \n
  • Source: Former\nNHS secretary found guilty of illegally accessing medical\nrecords
    \n

    \n
      \n
    • A former NHS employee has been found guilty and fined for illegally\naccessing the medical records of over 150 people.
      \n
    • \n
    • Loretta Alborghetti, from Redditch, worked as a medical secretary\nwithin the Ophthalmology department at Worcestershire Acute Hospitals\nNHS Trust when she illegally accessed the records.
      \n
    • \n
  • \n
  • Supporting Source: Open\nStreet Map link to Redditch Worcestershire.
    \n

  • \n
  • Source: NetSupport\nRAT Infections on the Rise. Targeting Government and Business\nSectors
    \n

    \n
      \n
    • While NetSupport Manager started off as a legitimate remote\nadministration tool for technical assistance and support, malicious\nactors have misappropriated the tool to their own advantage, using it as\na beachhead for subsequent attacks.
      \n
    • \n
  • \n
  • Source: Beware:\nMalicious Google Ads Trick WinSCP Users into Installing\nMalware
    \n

    \n
      \n
    • The threat actors are believed to leverage Google\'s Dynamic Search\nAds (DSAs), which automatically generates ads based on a site\'s content\nto serve the malicious ads that take the victims to the infected\nsite.
      \n
    • \n
  • \n
  • Source: Trojanized\nPyCharm Software Version Delivered via Google Search Ads.
    \n

    \n
      \n
    • Victims who clicked on the ad were taken to a hacked web page with a\nlink to download the application, which turned out to install over a\ndozen different pieces of malware instead.
      \n
    • \n
  • \n
\n
\n

InfoSec; the language\nof security.

\n
    \n
  • Source: Why\nDefenders Should Embrace a Hacker Mindset
    \n
  • \n
\n
\n
    \n
  • Additional Information.\n
      \n
    • What is a \"Data\nBreach\"? A data breach is a security violation, in which sensitive,\nprotected or confidential data is copied, transmitted, viewed, stolen,\naltered or used by an individual unauthorized to do so.
      \n
    • \n
    • What is \"Malware\"?\nMalware (a portmanteau for\nmalicious software) is any software intentionally designed to cause\ndisruption to a computer, server, client, or computer network, leak\nprivate information, gain unauthorized access to information or systems,\ndeprive access to information, or which unknowingly interferes with the\nuser\'s computer security and privacy.
      \n
    • \n
    • What is a \"Payload\"?\nIn the context of a computer virus or worm, the payload is the portion\nof the malware which performs malicious action; deleting data, sending\nspam or encrypting data. In addition to the payload, such malware also\ntypically has overhead code aimed at simply spreading itself, or\navoiding detection.
      \n
    • \n
    • What is \"Phishing\"?\nPhishing is a form of social engineering\nwhere attackers deceive people into revealing sensitive information or\ninstalling malware such as ransomware. Phishing\nattacks have become increasingly sophisticated and often transparently\nmirror the site being targeted, allowing the attacker to observe\neverything while the victim is navigating the site, and transverse any\nadditional security boundaries with the victim.
      \n
    • \n
    • Social\nengineering (security) In the context of information security,\nsocial engineering is the psychological\nmanipulation of people into performing actions or divulging\nconfidential information. A type of confidence trick for the purpose of\ninformation gathering, fraud, or system access, it differs from a\ntraditional \"con\" in that it is often one of many steps in a more\ncomplex fraud scheme.
      \n
    • \n
    • What is \"Information\nSecurity\" (InfoSec)? Information security, sometimes shortened to\nInfoSec, is the practice of protecting information by mitigating information risks. It\nis part of information risk\nmanagement.\n
        \n
      • Information Security Attributes: Confidentiality, Integrity and Availability (C.I.A.).\nInformation Systems are composed in three main portions, hardware,\nsoftware and communications with the purpose to help identify and apply\ninformation security industry standards, as mechanisms of protection and\nprevention, at three levels or layers: physical, personal and\norganizational. Essentially, procedures or policies are implemented to\ntell administrators, users and operators how to use products to ensure\ninformation security within the organizations.
        \n
      • \n
    • \n
    • What is \"Risk\nmanagement\"? Risk management is the identification, evaluation, and\nprioritization of risks followed by coordinated and economical\napplication of resources to minimize, monitor, and control the\nprobability or impact of unfortunate events or to maximize the\nrealization of opportunities.
      \n
    • \n
    • What is a \"Vulnerability\"\n(computing)? Vulnerabilities are flaws in a computer system that\nweaken the overall security of the device/system. Vulnerabilities can be\nweaknesses in either the hardware itself, or the software that runs on\nthe hardware.
      \n
    • \n
    • What is an \"Attack\nSurface\"? The attack surface of a software environment is the sum of\nthe different points (for \"attack vectors\") where an unauthorized user\n(the \"attacker\") can try to enter data to or extract data from an\nenvironment. Keeping the attack surface as small as possible is a basic\nsecurity measure.
      \n
    • \n
    • What is an \"Attack\nVector\"? In computer security, an attack vector is a specific path,\nmethod, or scenario that can be exploited to break into an IT system,\nthus compromising its security. The term was derived from the\ncorresponding notion of vector in biology. An attack vector may be\nexploited manually, automatically, or through a combination of manual\nand automatic activity.
      \n
    • \n
    • What is\n\"Standardization\"? Standardization is the process of implementing\nand developing technical standards based on the consensus of different\nparties that include firms, users, interest groups, standards\norganizations and governments. Standardization can help maximize\ncompatibility, interoperability, safety, repeatability, or quality. It\ncan also facilitate a normalization of formerly custom processes.\n
    • \n
    • What is a \"Replay\nattack\"? A replay attack is a form of network attack in which valid\ndata transmission is maliciously or fraudulently repeated or delayed.\nAnother way of describing such an attack is: \"an attack on a security\nprotocol using a replay of messages from a different context into the\nintended (or original and expected) context, thereby fooling the honest\nparticipant(s) into thinking they have successfully completed the\nprotocol run.\"
      \n
    • \n
    • What is a\n\"Man-in-the-middle attack\"? In cryptography and computer security, a\nman-in-the-middle, ..., attack is a cyberattack where the attacker\nsecretly relays and possibly alters the communications between two\nparties who believe that they are directly communicating with each\nother, as the attacker has inserted themselves between the two\nparties.
      \n
    • \n
    • What is \"Transport Layer\nSecurity\" (TLS)? Transport Layer Security (TLS) is a cryptographic\nprotocol designed to provide communications security over a computer\nnetwork. The protocol is widely used in applications such as email,\ninstant messaging, and voice over IP, but its use in securing HTTPS\nremains the most publicly visible.
      \n
    • \n
    • What is a \"Handshake\"\n(computing)?. In computing, a handshake is a signal between two\ndevices or programs, used to, e.g., authenticate, coordinate. An example\nis the handshaking between a hypervisor and an application in a guest\nvirtual machine.
      \n
    • \n
    • What is Security\ntheater? The practice of taking security measures that are\nconsidered to provide the feeling of improved security while doing\nlittle or nothing to achieve it.
      \n
    • \n
  • \n
\n
\n\n',391,74,0,'CC-BY-SA','Oh No News, Threat analysis, InfoSec, Google Dynamic Search Ads',0,0,0); /*!40000 ALTER TABLE `eps` ENABLE KEYS */; UNLOCK TABLES; @@ -21474,4 +21475,4 @@ UNLOCK TABLES; /*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2023-11-20 19:33:41 +-- Dump completed on 2023-11-20 19:46:37