Security Chipmunks

Episode 13 - Winter Hibernation is Over!

Edna Season 3 Episode 13

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 26:42

Send us Fan Mail

Welcome to the Security Chipmunks podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world you need to be resilient, that’s why as Advanced Persistent Chipmunks we keep chipping away at it.


CONNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNS!

News you can use!


Socials

SPEAKER_01

I don't know if people would want to see my ugly mug on video.

SPEAKER_02

Well, I'm not saying we have to put our faces up.

SPEAKER_01

Oh, that's a good call.

SPEAKER_02

We could have fancy slides and stuff and bore them to death with PowerPoint.

SPEAKER_01

Ah, death by PowerPoint.

SPEAKER_03

I like that plan.

SPEAKER_02

We could even do triacne rooms or something.

SPEAKER_01

Ah, that'd be kind of fun. Do like a podcast episode where we... do TryHackMeRoom, and then we fill the chat with expletives because it's not working. No, I really like that. That's a good idea. Yes, I like it. Do you guys do something with the Cybersecurity Club?

SPEAKER_03

Who? You. Oh, yeah. I'm the vice president of it. What? What?

SPEAKER_01

No way.

SPEAKER_03

Yes. Yes.

SPEAKER_02

This is a shocking revelation to

SPEAKER_01

me. Shocking. Shocking revelation. How

SPEAKER_02

could you? Yes, I'm recording. We're

SPEAKER_01

recording. This is good stuff, Edna. We need to fill the gaps. We gotta make up for the lost time. Gotta go fast. Gotta go fast.

SPEAKER_03

Yes, I'm the vice president. I'm actually running for president as well.

SPEAKER_02

Yeah, nice. So, a promotion, basically.

SPEAKER_03

Well, if the students will have me, then yes.

SPEAKER_01

I think you make a excellent president, so I hereby endorse you. I

SPEAKER_03

appreciate that, and I will endorse you in your run for vice president.

SPEAKER_01

Yeah, but I'm only doing it because you want me to do it, so I'm just going to be a secondary vote for you. Oh,

SPEAKER_02

and here I thought it was because I was running for treasurer and you were afraid of me deposing you.

SPEAKER_01

Zero charges of embezzlement so far, okay? Yeah. So we're doing great.

SPEAKER_03

It's a good day. We're all running for office. Elections are coming up in the cyber club. We're going to do it. We're going to win.

SPEAKER_02

Yay, bureaucracy!

SPEAKER_01

Yeah. Then we have to fill out all the forms. arms

SPEAKER_03

yes

SPEAKER_01

all right yeah you guys want to kick it off

SPEAKER_03

yes

SPEAKER_01

all right yeah we'll say insert the music here the

SPEAKER_00

following is from a cooperative project for acquiring skills essential to learning

SPEAKER_03

Welcome to the Security Chipmunks podcast, where we talk about the development of cybersecurity skills. To stay up to date in today's world, you need to be resilient. That's why at Advanced Persistent Chipmunks, we keep chipping away at it. Well, you know what? I went to a meeting for the Harvard Extension Cybersecurity Club this evening.

SPEAKER_01

Oh,

SPEAKER_03

yeah? Yeah, and it had Tara Wheeler. She was speaking. Phenomenal. I love hearing her speak. So she was talking about policy and cybersecurity laws and things like that. It was a really good talk.

SPEAKER_01

That's awesome. Yeah. Did she, did she mention like how they're, they, the laws themselves have actually been like brought to speed within like the past 20 years at all?

SPEAKER_03

Well, she, she had some, some complaints. I mean, she had colorful language about how the laws actually make no sense, particularly the computer fraud and abuse law. And then there was another hate one that she was talking about that is they're trying to get it through but it has some dumb things in it that's not going to be good for you know people who deal with computers so

SPEAKER_02

which is like everybody nowadays so it's bad for everyone yeah

SPEAKER_03

so they're trying to push some things in that law that shouldn't be there

SPEAKER_01

yeah that's that's going to be good no no right right so what else have you guys been up to you We've taken a little hiatus.

SPEAKER_03

We did. We took a break. I started a new job. And yeah, so I'm now working as a SOC analyst too. I'm very excited. I'm working at a great company. Everybody there is so nice. And I just feel like I have really found a great place to work at and has great people to work with. And I'm very happy there.

SPEAKER_01

Oh, nice. Congratulations. I like to hear that.

SPEAKER_02

Well, I've been pretty busy myself. I too have gotten a job. I am a mere SOC analyst one. All my coworkers are super nice and it's a great place to work as well.

SPEAKER_01

Awesome. I mean, don't let the title throw you. Given my relationship with you and knowing, knowing you for as long as I have now, I feel that you'll quickly accelerate to the higher tiers in no time at all

SPEAKER_02

yes they definitely it does feel like they want you to grow in that company

SPEAKER_03

yes they do seem to encourage that and I'm glad that you got the job so glad to have you working with me it seems like I drag you with me everywhere that I

SPEAKER_02

go yes yes a

SPEAKER_03

little bit like I got a new job let's recommend Neil

SPEAKER_02

well it's just that I have a level of rapport and trust that I know that you're setting me up for success

SPEAKER_03

absolutely I'm very happy for you and I'm glad that you're joining me at this cool company and we actually have a few friends that work there now which is pretty neat so it's great to have friends that work and of

SPEAKER_02

course there's still school so trying to finish out

SPEAKER_03

the

SPEAKER_02

last term or so here and try to complete all the classes. We'll see how that goes. It's definitely always interesting trying to transition between jobs and still do school and everything.

SPEAKER_01

I believe in

SPEAKER_02

you. Keep busy.

SPEAKER_01

You got this. You got it. You'll keep chipping away at it. Exactly. Oh boy.

SPEAKER_02

I'll be graduated before I know it and these will be the good old days.

SPEAKER_01

The good old days. Before you had to start paying on student loans.

SPEAKER_02

Exactly.

SPEAKER_03

Oh, yeah. That's coming, isn't it? Yes. So that just reminded me of my debit card company. So I went to go buy a hacker hoodie. It's the RECA hoodie by the Spearfish General Store. So I go to order it, and my bank, they stopped it. They stopped me from buying my black hacker hoodie from the Spearfish Store. They thought it was hacking or something. I got stopped by the fraud department. That was funny.

SPEAKER_01

I wonder if they flagged that just because of the keyword in the store name. Yes. Right? That would be great. Yes. That fraud analyst is like, man, I'm nailing this job today. Yeah.

SPEAKER_03

Yes. Well, and I tell it when I had to talk to them on the phone. I had to talk with them to get it to go through. I let them know I've purchased from this place twice before already. Every time I get stuck on this fraud thing, but it was just this time it was my hacker hoodie that I was buying. So

SPEAKER_01

in the software, would that be like a benign positive? Yes.

SPEAKER_03

Yes, their filter did what the filter was supposed to do, I guess.

SPEAKER_01

Nice. So, all right. Well, I mean, let's get into the show. So now we know what we've been doing. What's going on in the news?

SPEAKER_03

Well, in the news, we have Kaspersky is recommended you don't use anymore.

SPEAKER_02

Who's recommending that, though?

SPEAKER_03

German. German government.

SPEAKER_02

There's so many advisories anymore. There's like CISA.

SPEAKER_03

Well, yes. If I wanted to compile a list, I could probably compile a pretty large list of who recommends you don't use Kaspersky right now. So good question. Yes, a lot of places are saying don't use Kaspersky. It's developed by the Russians. And Russians are currently waging a war. It's

SPEAKER_01

almost

SPEAKER_02

like they're incentivized to not be helpful right now.

UNKNOWN

Mm-hmm.

SPEAKER_01

Speaking of CISA there, did you guys see that alert that went out earlier in the week? It kind of ties into the whole war in Ukraine, too. The Russian state-sponsored actors exploiting duo authentication protocol and leveraging Print Nightmare and stuff like that to you like pop a bunch of victims. I mean, I shouldn't laugh because, but, um, it's a pretty interesting, um, attack. So how it, how it works is as a duo account falls out of a good active state, it gets unenrolled a lot of the times as like a business process to free up licensing, things like that. And so they're using this to pinpoint accounts to attack and So they'll brute force an account, get the password, and then walk through the enrollment into Duo. They use that to gain control and pivot throughout the environment. It's actually a really interesting attack. So

SPEAKER_02

basically, from what you're saying, it sounds like they use accounts that don't have it enabled anymore to then re-enroll and then use the fact that they now have multi-factor authentication to pivot to stuff that requires it

SPEAKER_01

correct wow

SPEAKER_02

okay

SPEAKER_01

yeah so like one of the best practices that I remember always coming across in some of my previous environments was limit the number of stale accounts within the environment right and so this just kind of helps reiterate that to me of if you have a stale account and you have policies on like third party vendors like dual authentication where you pay for the number of licenses and seats that you have and then that authentication expires or something happens where you start the process of decommissioning an account but you don't decommission it all the way. It can just come back and bite you in the butt. To me, I can think back and look at some of the environments that I've been in and be like, yeah, I can totally see that happening

SPEAKER_02

so

SPEAKER_03

yeah

SPEAKER_02

yep yeah there's it's always like gotta try to stay ahead of the curve there's always something

SPEAKER_01

yeah and it's to me it's kind of interesting with the Ukrainian war going on what it's actually spurring within the cyber security field right so you have this CISA advisory going out that's related to that they have the Conti leaks that are going on now because of the Ukrainian war that's happening it's like spurring all these events and it's almost like we're going into like a information overload because not only are they spurring these events to like you know happen but there's also a whole bunch of interesting projects that are people that are doing with like open source intelligence and pinpointing Russian troop movements based on their posting of TikToks and things like that it's just getting all sorts of crazy you know oh yeah

SPEAKER_02

if you want to talk like oscent in russia um reading the Bellingcat stuff is always interesting I haven't finished it but I had started reading their book earlier this year I think it's like We Are Bellingcat or something but the stuff that the work that Bellingcat does is pretty impressive

SPEAKER_01

well what's interesting about the Bellingcat stuff is from the Conti leaks it seems that there's some kind between the Conti group and the FSB which is like the Russian equivalent of like the like of the NSA or CIA right they the FSB has like has like chat logs reaching out to some of the people at Conti asking them to do research and OSINT and other things like that on some of the people associated with Bellingcat because of the articles that they've have written about like Nodani and a couple of the other people that the US has like extradited for legal actions

SPEAKER_02

very cool

SPEAKER_03

yeah

SPEAKER_02

but yeah there's definitely a lot of stuff you can learn from like their guides and whatnot on how to do OSINT and things like that. I think one of the ones I saw that interested me originally was like They were going through videos or something and locating the different locations in the video. There was multiple locations and they were going through and matching it up to satellite imagery and stuff. That's a rather simplistic example. To

SPEAKER_01

me, it's always really interesting when people are able to do that because they'll take a photo and they'll be able to place it exactly where it was taken based on like a little bit of the metadata that's in there but also like okay here's a whole list of you know a list of photos from that same area like throughout the year and we can kind of correlate this data to tell you that it was taken on this time at this part of the season you know that correlation stuff to me is super interesting like how people draw those similarities and parallels between things

SPEAKER_03

so yeah I've seen people doing these OSINT challenges like a picture of somebody at the beach and they're just like on a balcony and you just see like a beach and water and they're able to be like oh yeah you're on this beach because I see you're eating a burrito that has seaweed and so that's this location and I'm just like wow they figure all this from just a few clues that they were able to put together almost precise location or precise location of where that person is that took the picture enjoying this the view and their seaweed burrito

SPEAKER_02

yeah it's it's pretty wild like

SPEAKER_03

yeah

SPEAKER_02

what like it's kind of makes you wonder like how you can really address that if you're trying to do like operational security or something like that especially when people are like you know reflections and stuff like of things or just like the minute details like what would you have to do to actually disguise a location or whatnot or something you know if you're trying to do something seems like it would be hard

SPEAKER_03

yeah

SPEAKER_02

and then on the flip side well i'll say the flip side but um i think it'd be an interesting application of like uh deep fakes but like for location to make it seem like you're somewhere you're not seems like you could

SPEAKER_01

apply that in a way are you talking like deep fake the photo of or like the movie well

SPEAKER_02

you can do real-time video deep fakes now

SPEAKER_01

yeah yeah i actually just saw one recently. It was some guy doing a deep fake of Tom Cruise. Absolutely hysterical.

SPEAKER_02

I think they've even gotten better than those ones actually. If it's the one I'm thinking of.

SPEAKER_01

It was the kid who was a dishwasher in a restaurant and They deep-faked Tom Cruise's head on there as he's complaining about washing dishes.

SPEAKER_02

Yeah, I mean, if it's even a year old, it's already even better

SPEAKER_01

than that. No, it is this week.

SPEAKER_02

Oh, this

SPEAKER_01

week, okay. Yeah, it's pretty convincing. I'm like, that's pretty good.

SPEAKER_02

Yeah, it's come quite a long way in such a short time. Just to the point where I'm like... So if my CEO hops on a video call with me and tells me to transfer a bunch of money, I'm still not going to do it, right?

SPEAKER_01

And you'll be like, okay, sure, here we go, right? But yeah,

SPEAKER_02

definitely changes things up. Of course, I imagine there's still some amount of setup or know-how, but as it becomes easier for the average person. I guess it's kind of like, you know, like with the AirTags thing, the ease of use is part of why it makes it such a problem. Because in terms of like how hard it is to set that up and like track someone, it's pretty nominal if you have an iPhone or something. I mean, that's what you need to set up an AirTag, right? Yeah. if you compare a bluetooth you know thing to your phone you can figure how to use ear tag compared to like other solutions that might be a little bit more involved to set up i don't know maybe that's just speculation but

SPEAKER_03

Oh, we have the Hippity Haps in security. What's the Hippity Haps in security, Patrick?

SPEAKER_01

The Hippity Haps. Current events and things that are coming up to keep you guys informed.

SPEAKER_03

So we have the B-Sides Tampa that's happening on April 23rd. And it's a hybrid event, so there's going to be in-person things happening, and then there's going to be a remote. And the remote tickets are only$15. So, kind

SPEAKER_01

of neat. Speaking Speaking of events coming up, Grimcon has put out their Call for Papers. Anybody see that? I did

SPEAKER_03

not. I did not either.

SPEAKER_01

Yeah, Call for Papers and Call for Presentations are out. And once again, they have the two tracks. One that's specifically for first timers.

SPEAKER_03

Nice.

SPEAKER_01

If you're interested in that, you can toss in a planned presentation And they can help you find a partner, like an experienced speaker to do that. So something worth maybe looking into.

SPEAKER_03

Nice.

SPEAKER_02

Well,

SPEAKER_03

that sounds fun.

SPEAKER_02

I mean, you can't beat the cute logo either.

SPEAKER_03

Isn't that the guy with the unicorn thing too?

SPEAKER_02

I think that's Scythe you're thinking of. This is Grimm, so it's a Grimm Reaper.

SPEAKER_03

Didn't you have something about the Wild West Hackington Oh,

SPEAKER_01

yeah. That's going on in May, isn't it?

SPEAKER_02

Yes. It's a bit more spendy with the virtual con coming in at$150 and the in-person being$350. Way

SPEAKER_03

west. Very nice. That sounds fun.

SPEAKER_02

If you register before April 23rd, you can get the swag back. So you know what really grinds my gears?

SPEAKER_03

What grinds your gears?

SPEAKER_02

Ads.

SPEAKER_03

All right. I'll buy it.

SPEAKER_02

It turns out microsoft is testing ads in windows 11 file explorer apparently somebody in the um what is it called the insider program took a screenshot of a new feature of ads in file explorer of all things um of course they've been pushing ads for other stuff like edge and the start menu and whatnot um but yeah i i can't say i'm too happy with the idea of ads in my file explorer for crying out loud microsoft of course says that this is experimental and not actually intended to be published externally but uh yeah that uh is not instill confidence. I have a hard enough time with ads in my browser, let alone having to deal with ads in my computer. But maybe I'm alone in that.

SPEAKER_01

So do you think if you ran something like PyHole or DNS blacklisting for ad servers, that that would break things? I would

SPEAKER_02

hope.

SPEAKER_01

Well, I mean, not just break the display of the ads, but if that would break functionality within the file explorer itself.

SPEAKER_02

That would be pretty interesting. I think they'd have to fix that

SPEAKER_01

post-haste.

SPEAKER_02

It would be pretty funny

SPEAKER_01

though. It's one of those things that I'd be interested in digging into just to see how badly it's been messed up. I

SPEAKER_02

guess I think the real takeaway here is that Microsoft loves Linux so much they want to push you into using Linux, whatever way possible. Well, I think that's about all the time we have for today. Don't forget to like and subscribe. And now a word from our sponsors.

SPEAKER_01

No, we're sponsored by Magic Unicorn. No, Magic Spoon. Ah, I screwed it up, guys. We're never going to get that sponsorship. Anywho, alright, cool. That was fun. Good job, guys.

SPEAKER_03

Yeah, good job.

SPEAKER_01

Yeah, it was nice catching up, chit-chatting with you.

SPEAKER_03

Always.

SPEAKER_01

Yeah. Maybe we'll have a little bit more structure next time. I don't think so. I like winging it. Yay.

SPEAKER_03

That was fun.

SPEAKER_01

Nice. Yeah, so we're going to have a TriHackMe session. We'll pop that in the old events. In the meantime, join us on Discord.

SPEAKER_03

Yes, go to securitytipmunks.com where you will find a link to our Discord server.

SPEAKER_01

All right, thanks.

SPEAKER_03

Thanks. I think

SPEAKER_01

we nailed it, guys. Yes. We

SPEAKER_00

nailed it. We nailed it. Right where you are, you're sitting in an electrical matrix of energy beyond belief or most human conception. You'd be surprised to know how much knowledge and communication can be carried on its way.