Edna 0:04
Welcome to the security chipmunks podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world, you need to be resilient. That's why as advanced persistent chipmunks, we keep chipping away at it. My name is Mx Edna Jonsson. I'm here with my co host, Neil Smalley. And today, we have a big announcement for you all. We have a new co host on our podcast. We're excited to introduce our new host, Patrick Lowther. Patrick is a Microsoft Security enthusiast, and currently works at binary defense. Say hello to our listeners, Patrick. Hi, everybody. Nice to be here. Perfect. We're so glad to have you. All right. So start us off, I wanted to mention a couple of conferences that are coming up so you can go out and network with people and get some learning on. So the first one is shell con. So if you go to shell con.io, that's their website. And you can go register, find out more about it. And their conference is using the pay what you can model. So if you can pay them $20 or $100. For your ticket, you choose what you can pay. And that's what you pay. This conference is happening Friday, October 8 through Saturday, October 9. The next conference is a new format. So this is the Orlando BSides bytes. This is going to be a new model. It's very exciting. They have great people that are going to be presenting they are a column pro coaches. Some of them are Deviant Ollam, Jose Rodriguez, Hahna Kane Latonick and Ian Coldwater. So very exciting. Tickets are free. And this is happening Saturday, September 18. And they have the best hashtag, the hashtag is hashtag chomp around and find out. So go ahead and check them out. Looks like those are gonna be pretty fun. I know. Right? I'm very excited for them. Yeah, sounds good. Awesome. All right. So something we wanted to talk about, since we have Patrick on board, something that you might know a lot about is Azure. So I was checking out that there were some learning paths, I actually attended a couple of these trainings. So Microsoft offers these learn events where you can attend. And once you've attended that event, they give you a free certification voucher. So you can take the Azure fundamentals, and then you get the az 900 exam. There, that is the Azure fundamentals exam to get certified in Azure fundamentals. And then there are some other ones. So you can take the Azure foundation data as well as our artificial intelligence to look
Neil 3:11
a lot of fun. I actually signed up for I think, the fundamentals, one here in October, so it should be good.
Edna 3:17
Very nice. Yeah. And they have their trainings listed on their website. And they have, they've added a lot more times for Pacific coast and Eastern time. I know this summer, when I was checking it out. There was a lot of times in Europe and in other parts of the countries, and now we have more in these timestamps that work better for us here in the States. So there's a lot of options out there that are available. So you don't have to take a class at 4am.
Neil 3:59
Yeah, it's just gonna take this class, it's a different time zone. Well, you know, I was I got the wrong, I got the days mixed up, but we're just pulling your chain. It was a wonderful class.
Patrick 4:19
I mean, it is good class, and it's worthwhile to sit the exam. I mean, I've said it and I've passed it. So it's a good exam, you know, kind of a good stepping stone towards the new method of certification that Microsoft likes to pursue. So pick up the AZ like fundamentals, and then you can start if you're interested in like the blue team side of things, you can start stepping into the SC level of like, you know, security, and so you'll learn about Azure Sentinel, which is Microsoft's cloud based, SIEM or is it SIEM sim what's What's up? Everybody?
Edna 5:00
It depends who you Ask. This is kind of like SQL in S Q L. It depends who you ask has been my experience.
Neil 5:09
I like SIEM just because it rolls off the tongue.
Patrick 5:13
Yeah, we should do a poll poll the audience, what do you guys think? Absolutely. Let's do a poll. We can do a poll on Twitter. There we go. But yeah, it's, it gets into like the security side of Azure and everything like that. So it's good stuff. And so highly recommend it.
Neil 5:35
You mentioned something about the difference between the new way to do certs and the old way it certs do you want to talk a little bit about that are much too.
Patrick 5:43
Yeah, yeah. So everybody's familiar, or I hope he used to be that there was the one standard of going through the Microsoft stack and getting like your MCSA, which is your Microsoft certified. system administrator or, and then you'd be your MCSE, which is your certified engineer level. And then as the move more into the Azure space, and making like cloud computing and edge computing, the more features to go towards that they're rolling out these new certifications, that they're not good for life anymore, and like they are renewable every year now. So you can pick one up, they've lowered the cost, so the cost has been adjusted. So you don't have to worry about spending like, say 400 $500 on a cert anymore, and then having to pay it again for the next year. So they've adjust the price on that. And it's to ensure that people are are constantly staying up in sync connected to what Azure is and what like the certification requires of that person. So right now I'm studying for the az 500. And I'm just going through making sure that I'm staying up to date on the security side of things, because that's what the cert covers. So yeah, you'll you'll sit it, you'll take it, you'll pass it, you have a year to go ahead and pick up like a another certification and like, basically, it's a recertification test of like, kind of, like what's changed, and what's new within Azure. So it's, I really like it actually made to keep everybody current in so you don't kill what's called the paper, people, paper certification people where you have like people who just go sit a test, do it on paper, and then they can't actually apply that knowledge. You know?
Neil 7:38
Good stuff. That's good to know. So I've been studying for some AWS certs as well. It seems like a lot of this stuff kind of carries over a little bit. It's like I got your back your resource groups, your security groups, your load balancers, your virtual machines, and like, the different IP addresses and stuff, we can go in and make all these different changes and modifications to what your setup is. Are there any major differences you've seen at all? Or have you really played with a database at all?
Patrick 8:11
So like, I haven't really like noticed, like too many major differences between the cloud platforms. Because to me, cloud is pretty much just on premise virtualization just in somebody else's data center, right, on a larger scale. And so my background, like I come from, like a system operations background where I was real heavy in VMware, and a little bit of Hyper V. So like the resource groups, and like making sure that groups are dynamic, so they can expand and you have the resources for them. So that whole methodology is I'm very familiar with the one thing that I will say, that is interesting about the cloud is the security point of view is really interesting, because it's everybody's cloud based, it seems now, like all these big companies are cloud based. And so it's really driving the security behind behind the cloud, and like the tooling that we have for it, because no longer do you have just one centralized entry point into your system. It's, you're coming in from everywhere now. So it's really interesting how the security landscape is changing based on that
Neil 9:30
Gotcha speaking of security, you had mentioned something and I remember when I came in was the cosmos DB thing and initially hit you didn't think it was quite a big as deal was the news was making out to be? Yeah, how many more than that are?
Patrick 9:46
Yeah, well, so you have to look at like the companies that are leveraging Cosmos dB. It there's, I mean, there's some big companies using it, you know, I mean, I'm not trying to downplay that. It's, you know, Not a bad thing, but like, not as wide scale like your average mom and pop or like your average office 365. tenant won't be using cosmos, because cosmos is more for doing large scale database operations and like, you know, doing a lot of custom work within Azure on the cloud. So but some of the some of the big players that were affected, I think they named dropped like HP, I think they also said, like GE was on there, and a couple other like, major big players. So I mean, I could understand why that's a concern. But your typical small business, and medium business that's using Office 365, and Azure for their stuff should be fine. But just remember to adhere to best practice, or not even best practice, just good security practice of, you know, make sure you rotate your keys and everything like that. So
Neil 11:03
check for leftover credentials, or maybe some access that is no longer needed or something like that.
Patrick 11:10
Yeah, privilege, least privilege, and all that
Neil 11:14
good stuff. So the neat thing to me about in cloud is a lot of this stuff can be pretty locked down as far as even getting into it with the virtual networks and whatnot.
Patrick 11:26
Yeah, yeah. Like, what am I one of my favorite things like about Microsoft Azure is you can within Azure, so you have what's called an Azure subscription and an Azure subscription. With that, you it's how you tie your money to Azure for like how you do things. And so you can set permissions on that subscription. And you can make it so that it Trumps anything else that you set within, like the tenant, so you can have on your Azure subscription, you can assign a permission and give people read only, and then you get assigned somebody like permission to adjust those permissions, but not on the subscription button like resource groups. So you can kind of delegate that permission and security. So they could like say, read something within a resource group, but you can't read something without within that subscription. Also. So like, if you have access to this one resource group, you can kind of really silo it up really well. So it gives you that least privilege and also, you know, just enough for what you need to do the job or anything like that. So I really enjoy, like that fine grained granularity that you can get into with.
Neil 12:50
Yeah, of course, it can always also cause issues if you accidentally make things like two virtual machines in separate groups, and then try to have them talk to each other to make life a little difficult.
Patrick 13:01
Yeah. Why isn't this working? You know, that old? That old head scratcher, you know,
Neil 13:10
I don't know if either of you have looked at a book called Azure pentesting by Matt burrow from no starch press. Back in 2018 at all, I looked it up, it seemed interesting.
Patrick 13:23
I actually picked it up. It was in a humble bundle earlier this year. So I picked it up ice. I like one chapter into it. So far, so good, man. I really like it.
Neil 13:36
On the AWS side, I know there's I have AWS pentesting, which is pretty good. So yeah, that's the resources out there these days.
Patrick 13:45
Well, the good thing about like Azure, and AWS is like their knowledge, their knowledge base that they put out for their customers and for their users, it's pretty robust. So with like Azure, it's going to be anything to do with that would be like learn dot Microsoft dot COM And you can actually enroll into a learning pathways where they call it and so you can use that and work your way through whatever you're interested in, so like they have things for like data science and like AI and security and everything like that. And so I've started working my way through the security stuff and it's just all good information and knowledge. You know, Sentinel stuff is pretty cool. And like if when you get really into it, Microsoft starting to do this really neat stuff called the ninja training. And so they have become a Azure Sentinel ninja. Then there's also become a the next one that they put out is Azure defender Ninja, I think or I had to look it up. But there there is another ninja course. That they put out for like Microsoft defender and endpoint that's pretty solid talks about, like security practice and things like that. So it's all good. Nice. Okay, sounds good. Yes.
Neil 15:12
So, I don't know, if y'all Did either of you see the matrix trailer that dropped.
Edna 15:19
Um, I have not seen it yet. But I've been hearing about it today, and I'm really getting excited about it.
Patrick 15:27
I've seen it, it's, it's pretty good. Um, what I'm more impressed about is the website they released with it, where it will, depending on so it'll give you two different interactions, or actually multiple different interactions with it, based on which pill you choose, and then does some neat JavaScript and like, on the back end, so has the voice actors, read the time that you're watching it on, on your computer and stuff like that. So like, simple things like that, I think are just so cool. And so neat, like the thought gone into it. So it's, it's, I like it. So I'm getting hyped.
Neil 16:14
Yeah, sounds great. And I don't know if y'all remember the original matrix when Trinity's hacking in and she's using Nmap. So that actually brings us to our next subject here, which is Nmap. I think you've been digging into nmap more Edna?
Edna 16:35
Yes, I was sitting for the pen test plus. And so I was learning about nmap and doing a lot of scans. So doing a lot of labs with it. Yeah. What's your favorite switch for unmap? That's a good question. I'm, I mean, I like dash, or tack, SV and t zero, do real slow, not know,
Patrick 17:08
your know what mine is, tack help, or tack H, for help. I can't remember half half the switches myself.
Neil 17:21
And forget about knowing all the different user scripts that can work with. So yeah, there's so many scripts out there, like
Patrick 17:30
there. Yeah. nmap is quite the tool. I mean, especially for you know, Port scanning and everything like that it is my like one of my first go to Tools.
Patrick 17:43
Even on the blue team, side, so there's a ton of stuff you can do with it.
Neil 17:48
Like, I can't remember where I put that Raspberry Pi on my network, let me go scan my subnet. There it is.
Patrick 18:01
Or, actually, I use a lot when I was in like my previous positions, to do SSL TLS, hardening and strengthening on like, load balancers and web servers and things like that. Because there's some scripts built into it that will tell you like, what it's reporting back when it sees what the server is returning for, like, what ciphers and everything like that, that are being, you know, during that SSL TLS handshake. So there's a ton of functionality in this in this little tool. So
Neil 18:38
that's pretty handy. Because like, a lot of times, I would just use like one of those online, SSL checkers, which aren't necessarily the most convenient. or trying to troubleshoot something.
Edna 18:49
Yeah. Yeah. All right, you know, something else that I was doing when I was studying for the pen test. Plus, as they're getting on to the try hack me platform. So I started that a couple of weeks ago, and I found it's very addicting. So found some labs and I've been going through them, and it's been a lot of fun. They kind of gamify the process. So when you answer a question, you get like a green checkmark, and then whoo. If every time we do one, like on a new day you get started a new or streak, or keep your streak or start a streak. So yeah, it's I think it's a great platform, and he has ever used tryhack me before.
Neil 19:31
Yeah, so it's been a little bit since I've done any rooms, but stuff I was going through before is pretty neat. And so you know, it's like anything where you have to enter a form. And you know, like some sort of a regex or something that do pattern matching is a little bit frustrating sometimes, but I definitely learned stuff every time I do it. So, yeah,
Patrick 19:52
yeah, I've been through it. I'm actually I have an active subscription to it just because it's Like he said, like it's a good little game to hop in. There's some new stuff that we keep adding. Like the added one is it the Holo and like the Active Directory stuff on there for like, simulation of like pentesting, and like attacking things like that. So that's, that's interesting to me. What else they also had like a neat little giveaway this summer of like, where if you did the pre security path on there, every time you completed a room on that path, you got like little scratchers almost have, like, you know, you can get some stickers you can get, you know, some free months of try hack me, they're given out all sorts of like, swag prizes and stuff like that. And that was, that was a pretty fun thing to do. So I thought that was pretty neat. That's awesome. Yeah, one of the great things I like about tryhackme is because you know, as we know, there's like multiple websites out in multiple platforms similar to them, that they try to, you know, develop skills, and I think try hack me is probably the best at being targeted to people who are actually just starting to get into like, the field of security, or, you know, the whole cybersecurity thing. Because they have a lot of like, walkthroughs and like entry level, like, Hey, you know, here's like a, they have like, the comp, Tia, pen test plus rooms on there, they also have something like, here's windows fundamentals, and like the pre security, things like that on there. So that stuff will help you, you know, building blocks, you know, kind of crawl before you can just hop in and get running. Right? Yeah. So I really like that approach to it. So,
Edna 21:57
for sure, absolutely. All right. We have a discord for our fellow security chipmunks. Make sure you go to security chipmunks.com and join the server. We have a great community of chipmunks in there already, and can't wait to have you join us. See you next time. Thanks for listening to the security chipmunks. And remember if it seems overwhelming, just keep chipping away at it.
Transcribed by https://otter.ai