Wednesday, November 27, 2019

2019-042-CircuitSwan, Gitlabs, Job descriptions that don't suck, layer8con


Diana Initiative

@circuitswan @dianainitiative

https://www.dianainitiative.org/

https://twitter.com/DianaInitiative

 

Conference in Las Vegas (Aug 6-7, 2020) (Thu & Fri)

 

info@dianainitiative.org

 

Topics  

 

  1. Diana initiatives
    1. Past
      1. 2015 - idea at defcon 23
      2. 2016-17-18 growing but got too big!
      3. 2019 got our own space, ~800 tickets
      1. 2020 plans-westin again, 2 speaking tracks and 1 workshop track, solder village, career village, CTF, lock picking
      2. Mentoring both CFP and presenters this year! (expansion from last year)
      3. student scholarship (we want to double the amount of money, target still 10)
      4. Free tickets (expansion over last year)
    2. Present
      1. Slogan contest 2020
      2. I don’t want to think about 2021 yet :)
    3. Future
      1. Mentors
      2. Reviewers
      3. Volunteers
      4. Donations (giving tuesday, scholarships)
    4. Needs/wants

 

 

  • Other topics of interests
  • Career village / resume clinic work in general (spoken on this twice, volunteer at resume clinic)
  • WAN party / Women’s meetup at Defcon with @sylv3on_ @nemessisc and more
  • GitLab security scans (that's me!) 

 

  1. We are responsible for baking Sec into DevOps and hence write the red team software (well integrate in most cases) for your appsec team if your devs are using GitLab. We have a security team that secures GitLab itself but that's not us. We have SAST, DAST, Dependency, Secret Detection and License Compliance baked into our paid tier, and SAST is coming down to the free tier! I’m pitching a talk about tuning to shmoocon because it seems like that's the most common question I got as a result of my devsecops talks at derbycon / shellcon / bsidesdc.
    1. N.Schwartz: Are you ready to leverage DevSecOps? BSidesDC 2019

 

 

 

2019 ShellCon Tuneup Tips for Your CV and Profile, From an Interviewer 

 

SE Village Con - Thu, Feb 20 - Sat, Feb 22 | Hilton Orlando Buena Vista Palace




Layer8conf - https://www.workshopcon.com/events

 

https://layer8conference.com/

 

Regarding diversity scholarships, it's being worked on and the number of available spots will highly depend on the number of Sponsorships the conference secures.

As a side note WorkshopCon will sponsor a number of Layer8 conference tickets if people follow @WorkshopCon on Twitter and tweet to us why they are interested in Social Engineering and OSINT topics with hashtag #sendMeToLayer8. We will select folks from those tweets with the emphasis being on folks coming from underrepresented or minority groups.

In terms of sponsorship information for Layer8, Patrick wants people to send an email to sponsors@layer8conference.com

Please let us know if you have any other questions, and thank you so much for giving us a hand spreading the word!!!

 

Saturday June 6, 2020, RI Convention Center

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!

Wednesday, November 20, 2019

2019-041-circuitswan, diana initiative, diversity initiatives at conferences


Diana Initiative

 

@circuitswan

 

https://www.dianainitiative.org/

https://twitter.com/DianaInitiative

 

Conference in Las Vegas (Aug 6-7, 2020) (Thu & Fri)

 

info@dianainitiative.org

 

Topics  

 

  1. Diana initiatives
    1. Past
      1. 2015 - idea at defcon 23
      2. 2016-17-18 growing but got too big!
      3. 2019 got our own space, ~800 tickets
      1. 2020 plans-westin again, 2 speaking tracks and 1 workshop track, solder village, career village, CTF, lock picking
      2. Mentoring both CFP and presenters this year! (expansion from last year)
      3. student scholarship (we want to double the amount of money, target still 10)
      4. Free tickets (expansion over last year)
    2. Present
      1. Slogan contest 2020
      2. I don’t want to think about 2021 yet :)
    3. Future
      1. Mentors
      2. Reviewers
      3. Volunteers
      4. Donations (giving tuesday, scholarships)
    4. Needs/wants

 

 

  • Other topics of interests
  • Career village / resume clinic work in general (spoken on this twice, volunteer at resume clinic)
  • WAN party / Women’s meetup at Defcon with @sylv3on_ @nemessisc and more
  • GitLab security scans (that's me!) 

 

  1. We are responsible for baking Sec into DevOps and hence write the red team software (well integrate in most cases) for your appsec team if your devs are using GitLab. We have a security team that secures GitLab itself but that's not us. We have SAST, DAST, Dependency, Secret Detection and License Compliance baked into our paid tier, and SAST is coming down to the free tier! I’m pitching a talk about tuning to shmoocon because it seems like that's the most common question I got as a result of my devsecops talks at derbycon / shellcon / bsidesdc.
    1. N.Schwartz: Are you ready to leverage DevSecOps? BSidesDC 2019

 

 

 

2019 ShellCon Tuneup Tips for Your CV and Profile, From an Interviewer 

 

SE Village Con - Thu, Feb 20 - Sat, Feb 22 | Hilton Orlando Buena Vista Palace




Layer8conf - https://www.workshopcon.com/events

 

https://layer8conference.com/

 

Regarding diversity scholarships, it's being worked on and the number of available spots will highly depend on the number of Sponsorships the conference secures.

As a side note WorkshopCon will sponsor a number of Layer8 conference tickets if people follow @WorkshopCon on Twitter and tweet to us why they are interested in Social Engineering and OSINT topics with hashtag #sendMeToLayer8. We will select folks from those tweets with the emphasis being on folks coming from underrepresented or minority groups.

In terms of sponsorship information for Layer8, Patrick wants people to send an email to sponsors@layer8conference.com

Please let us know if you have any other questions, and thank you so much for giving us a hand spreading the word!!!

 

Saturday June 6, 2020, RI Convention Center

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!

Sunday, November 3, 2019

2019-039-bluekeep_weaponized-npm_security_cracks-grrcon_report


Grrcon update

 

2019-039-  bluekeep Weaponized… and more

 

Bluekeep weaponized

https://www.bleepingcomputer.com/news/security/bluekeep-remote-code-execution-bug-in-rdp-exploited-en-masse/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

https://www.microsoft.com/security/blog/2019/08/08/protect-against-bluekeep/ 

 

https://www.wired.com/story/bluekeep-hacking-cryptocurrency-mining

 

NordVPN hacked: https://arstechnica.com/information-technology/2019/11/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks/

 

Null sessions and how to avoid them:
https://www.dummies.com/programming/networking/null-session-attacks-and-how-to-avoid-them/

https://social.technet.microsoft.com/Forums/en-US/2acdfb53-edee-444e-9ffa-25dcebcd9181/smb-null-sessions

 

Linux has a marketing problem:

https://hackaday.com/2019/10/31/linuxs-marketing-problem/

 

20 accounts could pwn majority of NPM

 

https://www.zdnet.com/article/hacking-20-high-profile-dev-accounts-could-compromise-half-of-the-npm-ecosystem/ 

 

Chrome 0day

 

https://thehackernews.com/2019/11/chrome-zero-day-update.html

 

India Nuclear plant is hacked

https://arstechnica.com/information-technology/2019/10/indian-nuclear-power-company-confirms-north-korean-malware-attack/

 

High Tea Security Podcast: 

https://www.podcasts.com/high-tea-security-190182dc8

 

https://TAGNW.org - Bryan

Panel and talking about networking

 

Securewv.org - Training - https://www.eventbrite.com/e/security-dd-tickets-79219348203 

Bsides Fredericton - https://www.eventbrite.ca/e/security-bsides-fredericton-2019-tickets-59449704667 

 

 

Check out our Store on Teepub! https://brakesec.com/store

Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com

#Brakesec Store!:https://www.teepublic.com/user/bdspodcast

#Spotifyhttps://brakesec.com/spotifyBDS

#RSShttps://brakesec.com/BrakesecRSS

#Youtube Channel:  http://www.youtube.com/c/BDSPodcast

#iTunes Store Link: https://brakesec.com/BDSiTunes

#Google Play Store: https://brakesec.com/BDS-GooglePlay

Our main site:  https://brakesec.com/bdswebsite

#iHeartRadio App:  https://brakesec.com/iHeartBrakesec

#SoundCloudhttps://brakesec.com/SoundcloudBrakesec

Comments, Questions, Feedback: bds.podcast@gmail.com

Support Brakeing Down Security Podcast by using our #Paypalhttps://brakesec.com/PaypalBDS OR our #Patreon

https://brakesec.com/BDSPatreon

#Twitter@brakesec @boettcherpwned @bryanbrake @infosystir

#Player.FM : https://brakesec.com/BDS-PlayerFM

#Stitcher Network: https://brakesec.com/BrakeSecStitcher

#TuneIn Radio App: https://brakesec.com/TuneInBrakesec


Download here!