1
Security CPE
293 readers
2 users here now
Video and audio media that count towards your CPE (Continuing Professional Education) requirements for GIAC, CISSP, CISM, CRISC, CCSP, CompTIA certs.
Mostly conference talks and podcasts.
founded 1 year ago
MODERATORS
3
4
Hacking a Satellite for Fun and Profit
Mario Polino @ mhackeroni
A light-hearted and entertaining dive into our victorious adventure at Hack-A-Sat! Our presentation takes you on a ride through the challenges and triumphs of hacking into an orbiting satellite, the Moonlighter. What is a Capture The Flag What is Hack-A-Sat How Qualification works How to Organize a CTF Team The competition The preparation of the team for the competition Same challenge example and solution.
Mario Polino has been a hacker and CTF player since 2008. He has a PhD in Computer Security from Politecnico di Milano. Mario worked as a researcher at Politecnico, publishing scientific papers on binary and malware analysis and ML for cybersecurity.
Mario has been the captain of Politecnico's team, Tower of Hanoi (https://toh.necst.it/about/, winner of ruCTF 2019), and is the captain of the Italian team mhackeroni (https://mhackeroni.it/ 5 times DEF CON CTF Finalist). Mario coaches Team Italy (https://teamitaly.eu/), the national Italian hacking team, and Team Europe (https://teameurope.site/), the hacking team selected among all European nations.
5
Born in 2009, BSides Security Conferences are community-driven events for cybersecurity professionals. They offer a welcoming space for individuals to present research, ideas, and experiences, fostering dialogue and collaboration beyond the limitations of larger conferences.
6
2
The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott
(cdn.player.fm)
The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott
Podcast Redefining CyberSecurity with Sean Martin
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.
Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.
In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.
Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.
The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.
For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.
In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.
7
Learn from leading hardware security researchers & professionals and discuss the latest & most innovative research on attacking and defending hardware. Connect with industry peers. Join us for a bigger, bolder, and better hardwear.io
8
A totally free, english spoken conference dedicated to free software & security. Talks & workshops delivered by experts. High quality talks
2024 edition hosts 21 talks covering 10 Security topics (WebPKI, DFIR & TI, Reverse, Network Detectection etc). Talks are all delivered by experts.
9
10
11
12
13
In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changed everything.
Sources
https://www.ic3.gov/Media/Y2024/PSA240425
https://www.tabnak.ir/fa/news/1225983/کسر-۳-میلیون-تومان-از-حساب-افراد-بابت-بی-حجابی
https://www.independentpersian.com/node/348011/سیاسی-و-اجتماعی/قرار-است-بخشی-از-کسر-بودجه-از-جزای-نقدی-قانون-حجاب-اجباری-تامین-شود#:~:text=قرار%20است%20بخشی%20از%20کسر%20بودجه%20از%20جزای,۱۸%20تا%20۳۶%20میلیون%20تومان»%20تعیین%20شده%20است
https://www.coinspeaker.com/arrest-bitcoin-advocate-ziya-sadr/
Attribution
Darknet Diaries is created by Jack Rhysider.
This episode was researched and written by Fiona Guy.
Assembled by Tristan Ledger.
Episode artwork by odibagas.
Mixing by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
14
14
Error Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations - 28 minutes
(pbcdn1.podbean.com)
Error Code podcast. EP 40: Hacking IoT Surveillance Cameras For Espionage Operations
That camera above your head might not seem like a good foreign target, yet in the Ukraine there’s evidence of Russian-backed hackers passively counting the number of foreign aid workers at the local train stations. Andrew Hural of UnderDefense talks about the need to secure everything around a person, everything around an organization, and everything around a nation because every one can be a target.
15
16
17
18
fwd:cloudsec is a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.
19
21
22
23
24
25
In this episode, Joseph Cox ( https://infosec.exchange/deck/@josephcox)) tells us the story of ANOM. A secure phone made by criminals, for criminals.
This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.
view more: next ›