Security Chipmunks

Episode 13 - Winter Hibernation is Over!

Edna Season 3 Episode 13

Share episode

Send us a text

Welcome to the Security Chipmunks podcast where we talk about the development of cybersecurity skills. To stay up to date in today's world you need to be resilient, that’s why as Advanced Persistent Chipmunks we keep chipping away at it.


CONNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNS!

News you can use!


Socials

SPEAKER_01:

I don't know if people would want to see my ugly mug on video.

SPEAKER_02:

Well, I'm not saying we have to put our faces up.

SPEAKER_01:

Oh, that's a good call.

SPEAKER_02:

We could have fancy slides and stuff and bore them to death with PowerPoint.

SPEAKER_01:

Ah, death by PowerPoint.

SPEAKER_03:

I like that plan.

SPEAKER_02:

We could even do triacne rooms or something.

SPEAKER_01:

Ah, that'd be kind of fun. Do like a podcast episode where we... do TryHackMeRoom, and then we fill the chat with expletives because it's not working. No, I really like that. That's a good idea. Yes, I like it. Do you guys do something with the Cybersecurity Club?

SPEAKER_03:

Who? You. Oh, yeah. I'm the vice president of it. What? What?

SPEAKER_01:

No way.

SPEAKER_03:

Yes. Yes.

SPEAKER_02:

This is a shocking revelation to

SPEAKER_01:

me. Shocking. Shocking revelation. How

SPEAKER_02:

could you? Yes, I'm recording. We're

SPEAKER_01:

recording. This is good stuff, Edna. We need to fill the gaps. We gotta make up for the lost time. Gotta go fast. Gotta go fast.

SPEAKER_03:

Yes, I'm the vice president. I'm actually running for president as well.

SPEAKER_02:

Yeah, nice. So, a promotion, basically.

SPEAKER_03:

Well, if the students will have me, then yes.

SPEAKER_01:

I think you make a excellent president, so I hereby endorse you. I

SPEAKER_03:

appreciate that, and I will endorse you in your run for vice president.

SPEAKER_01:

Yeah, but I'm only doing it because you want me to do it, so I'm just going to be a secondary vote for you. Oh,

SPEAKER_02:

and here I thought it was because I was running for treasurer and you were afraid of me deposing you.

SPEAKER_01:

Zero charges of embezzlement so far, okay? Yeah. So we're doing great.

SPEAKER_03:

It's a good day. We're all running for office. Elections are coming up in the cyber club. We're going to do it. We're going to win.

SPEAKER_02:

Yay, bureaucracy!

SPEAKER_01:

Yeah. Then we have to fill out all the forms. arms

SPEAKER_03:

yes

SPEAKER_01:

all right yeah you guys want to kick it off

SPEAKER_03:

yes

SPEAKER_01:

all right yeah we'll say insert the music here the

SPEAKER_00:

following is from a cooperative project for acquiring skills essential to learning

SPEAKER_03:

Welcome to the Security Chipmunks podcast, where we talk about the development of cybersecurity skills. To stay up to date in today's world, you need to be resilient. That's why at Advanced Persistent Chipmunks, we keep chipping away at it. Well, you know what? I went to a meeting for the Harvard Extension Cybersecurity Club this evening.

SPEAKER_01:

Oh,

SPEAKER_03:

yeah? Yeah, and it had Tara Wheeler. She was speaking. Phenomenal. I love hearing her speak. So she was talking about policy and cybersecurity laws and things like that. It was a really good talk.

SPEAKER_01:

That's awesome. Yeah. Did she, did she mention like how they're, they, the laws themselves have actually been like brought to speed within like the past 20 years at all?

SPEAKER_03:

Well, she, she had some, some complaints. I mean, she had colorful language about how the laws actually make no sense, particularly the computer fraud and abuse law. And then there was another hate one that she was talking about that is they're trying to get it through but it has some dumb things in it that's not going to be good for you know people who deal with computers so

SPEAKER_02:

which is like everybody nowadays so it's bad for everyone yeah

SPEAKER_03:

so they're trying to push some things in that law that shouldn't be there

SPEAKER_01:

yeah that's that's going to be good no no right right so what else have you guys been up to you We've taken a little hiatus.

SPEAKER_03:

We did. We took a break. I started a new job. And yeah, so I'm now working as a SOC analyst too. I'm very excited. I'm working at a great company. Everybody there is so nice. And I just feel like I have really found a great place to work at and has great people to work with. And I'm very happy there.

SPEAKER_01:

Oh, nice. Congratulations. I like to hear that.

SPEAKER_02:

Well, I've been pretty busy myself. I too have gotten a job. I am a mere SOC analyst one. All my coworkers are super nice and it's a great place to work as well.

SPEAKER_01:

Awesome. I mean, don't let the title throw you. Given my relationship with you and knowing, knowing you for as long as I have now, I feel that you'll quickly accelerate to the higher tiers in no time at all

SPEAKER_02:

yes they definitely it does feel like they want you to grow in that company

SPEAKER_03:

yes they do seem to encourage that and I'm glad that you got the job so glad to have you working with me it seems like I drag you with me everywhere that I

SPEAKER_02:

go yes yes a

SPEAKER_03:

little bit like I got a new job let's recommend Neil

SPEAKER_02:

well it's just that I have a level of rapport and trust that I know that you're setting me up for success

SPEAKER_03:

absolutely I'm very happy for you and I'm glad that you're joining me at this cool company and we actually have a few friends that work there now which is pretty neat so it's great to have friends that work and of

SPEAKER_02:

course there's still school so trying to finish out

SPEAKER_03:

the

SPEAKER_02:

last term or so here and try to complete all the classes. We'll see how that goes. It's definitely always interesting trying to transition between jobs and still do school and everything.

SPEAKER_01:

I believe in

SPEAKER_02:

you. Keep busy.

SPEAKER_01:

You got this. You got it. You'll keep chipping away at it. Exactly. Oh boy.

SPEAKER_02:

I'll be graduated before I know it and these will be the good old days.

SPEAKER_01:

The good old days. Before you had to start paying on student loans.

SPEAKER_02:

Exactly.

SPEAKER_03:

Oh, yeah. That's coming, isn't it? Yes. So that just reminded me of my debit card company. So I went to go buy a hacker hoodie. It's the RECA hoodie by the Spearfish General Store. So I go to order it, and my bank, they stopped it. They stopped me from buying my black hacker hoodie from the Spearfish Store. They thought it was hacking or something. I got stopped by the fraud department. That was funny.

SPEAKER_01:

I wonder if they flagged that just because of the keyword in the store name. Yes. Right? That would be great. Yes. That fraud analyst is like, man, I'm nailing this job today. Yeah.

SPEAKER_03:

Yes. Well, and I tell it when I had to talk to them on the phone. I had to talk with them to get it to go through. I let them know I've purchased from this place twice before already. Every time I get stuck on this fraud thing, but it was just this time it was my hacker hoodie that I was buying. So

SPEAKER_01:

in the software, would that be like a benign positive? Yes.

SPEAKER_03:

Yes, their filter did what the filter was supposed to do, I guess.

SPEAKER_01:

Nice. So, all right. Well, I mean, let's get into the show. So now we know what we've been doing. What's going on in the news?

SPEAKER_03:

Well, in the news, we have Kaspersky is recommended you don't use anymore.

SPEAKER_02:

Who's recommending that, though?

SPEAKER_03:

German. German government.

SPEAKER_02:

There's so many advisories anymore. There's like CISA.

SPEAKER_03:

Well, yes. If I wanted to compile a list, I could probably compile a pretty large list of who recommends you don't use Kaspersky right now. So good question. Yes, a lot of places are saying don't use Kaspersky. It's developed by the Russians. And Russians are currently waging a war. It's

SPEAKER_01:

almost

SPEAKER_02:

like they're incentivized to not be helpful right now.

UNKNOWN:

Mm-hmm.

SPEAKER_01:

Speaking of CISA there, did you guys see that alert that went out earlier in the week? It kind of ties into the whole war in Ukraine, too. The Russian state-sponsored actors exploiting duo authentication protocol and leveraging Print Nightmare and stuff like that to you like pop a bunch of victims. I mean, I shouldn't laugh because, but, um, it's a pretty interesting, um, attack. So how it, how it works is as a duo account falls out of a good active state, it gets unenrolled a lot of the times as like a business process to free up licensing, things like that. And so they're using this to pinpoint accounts to attack and So they'll brute force an account, get the password, and then walk through the enrollment into Duo. They use that to gain control and pivot throughout the environment. It's actually a really interesting attack. So

SPEAKER_02:

basically, from what you're saying, it sounds like they use accounts that don't have it enabled anymore to then re-enroll and then use the fact that they now have multi-factor authentication to pivot to stuff that requires it

SPEAKER_01:

correct wow

SPEAKER_02:

okay

SPEAKER_01:

yeah so like one of the best practices that I remember always coming across in some of my previous environments was limit the number of stale accounts within the environment right and so this just kind of helps reiterate that to me of if you have a stale account and you have policies on like third party vendors like dual authentication where you pay for the number of licenses and seats that you have and then that authentication expires or something happens where you start the process of decommissioning an account but you don't decommission it all the way. It can just come back and bite you in the butt. To me, I can think back and look at some of the environments that I've been in and be like, yeah, I can totally see that happening

SPEAKER_02:

so

SPEAKER_03:

yeah

SPEAKER_02:

yep yeah there's it's always like gotta try to stay ahead of the curve there's always something

SPEAKER_01:

yeah and it's to me it's kind of interesting with the Ukrainian war going on what it's actually spurring within the cyber security field right so you have this CISA advisory going out that's related to that they have the Conti leaks that are going on now because of the Ukrainian war that's happening it's like spurring all these events and it's almost like we're going into like a information overload because not only are they spurring these events to like you know happen but there's also a whole bunch of interesting projects that are people that are doing with like open source intelligence and pinpointing Russian troop movements based on their posting of TikToks and things like that it's just getting all sorts of crazy you know oh yeah

SPEAKER_02:

if you want to talk like oscent in russia um reading the Bellingcat stuff is always interesting I haven't finished it but I had started reading their book earlier this year I think it's like We Are Bellingcat or something but the stuff that the work that Bellingcat does is pretty impressive

SPEAKER_01:

well what's interesting about the Bellingcat stuff is from the Conti leaks it seems that there's some kind between the Conti group and the FSB which is like the Russian equivalent of like the like of the NSA or CIA right they the FSB has like has like chat logs reaching out to some of the people at Conti asking them to do research and OSINT and other things like that on some of the people associated with Bellingcat because of the articles that they've have written about like Nodani and a couple of the other people that the US has like extradited for legal actions

SPEAKER_02:

very cool

SPEAKER_03:

yeah

SPEAKER_02:

but yeah there's definitely a lot of stuff you can learn from like their guides and whatnot on how to do OSINT and things like that. I think one of the ones I saw that interested me originally was like They were going through videos or something and locating the different locations in the video. There was multiple locations and they were going through and matching it up to satellite imagery and stuff. That's a rather simplistic example. To

SPEAKER_01:

me, it's always really interesting when people are able to do that because they'll take a photo and they'll be able to place it exactly where it was taken based on like a little bit of the metadata that's in there but also like okay here's a whole list of you know a list of photos from that same area like throughout the year and we can kind of correlate this data to tell you that it was taken on this time at this part of the season you know that correlation stuff to me is super interesting like how people draw those similarities and parallels between things

SPEAKER_03:

so yeah I've seen people doing these OSINT challenges like a picture of somebody at the beach and they're just like on a balcony and you just see like a beach and water and they're able to be like oh yeah you're on this beach because I see you're eating a burrito that has seaweed and so that's this location and I'm just like wow they figure all this from just a few clues that they were able to put together almost precise location or precise location of where that person is that took the picture enjoying this the view and their seaweed burrito

SPEAKER_02:

yeah it's it's pretty wild like

SPEAKER_03:

yeah

SPEAKER_02:

what like it's kind of makes you wonder like how you can really address that if you're trying to do like operational security or something like that especially when people are like you know reflections and stuff like of things or just like the minute details like what would you have to do to actually disguise a location or whatnot or something you know if you're trying to do something seems like it would be hard

SPEAKER_03:

yeah

SPEAKER_02:

and then on the flip side well i'll say the flip side but um i think it'd be an interesting application of like uh deep fakes but like for location to make it seem like you're somewhere you're not seems like you could

SPEAKER_01:

apply that in a way are you talking like deep fake the photo of or like the movie well

SPEAKER_02:

you can do real-time video deep fakes now

SPEAKER_01:

yeah yeah i actually just saw one recently. It was some guy doing a deep fake of Tom Cruise. Absolutely hysterical.

SPEAKER_02:

I think they've even gotten better than those ones actually. If it's the one I'm thinking of.

SPEAKER_01:

It was the kid who was a dishwasher in a restaurant and They deep-faked Tom Cruise's head on there as he's complaining about washing dishes.

SPEAKER_02:

Yeah, I mean, if it's even a year old, it's already even better

SPEAKER_01:

than that. No, it is this week.

SPEAKER_02:

Oh, this

SPEAKER_01:

week, okay. Yeah, it's pretty convincing. I'm like, that's pretty good.

SPEAKER_02:

Yeah, it's come quite a long way in such a short time. Just to the point where I'm like... So if my CEO hops on a video call with me and tells me to transfer a bunch of money, I'm still not going to do it, right?

SPEAKER_01:

And you'll be like, okay, sure, here we go, right? But yeah,

SPEAKER_02:

definitely changes things up. Of course, I imagine there's still some amount of setup or know-how, but as it becomes easier for the average person. I guess it's kind of like, you know, like with the AirTags thing, the ease of use is part of why it makes it such a problem. Because in terms of like how hard it is to set that up and like track someone, it's pretty nominal if you have an iPhone or something. I mean, that's what you need to set up an AirTag, right? Yeah. if you compare a bluetooth you know thing to your phone you can figure how to use ear tag compared to like other solutions that might be a little bit more involved to set up i don't know maybe that's just speculation but

SPEAKER_03:

Oh, we have the Hippity Haps in security. What's the Hippity Haps in security, Patrick?

SPEAKER_01:

The Hippity Haps. Current events and things that are coming up to keep you guys informed.

SPEAKER_03:

So we have the B-Sides Tampa that's happening on April 23rd. And it's a hybrid event, so there's going to be in-person things happening, and then there's going to be a remote. And the remote tickets are only$15. So, kind

SPEAKER_01:

of neat. Speaking Speaking of events coming up, Grimcon has put out their Call for Papers. Anybody see that? I did

SPEAKER_03:

not. I did not either.

SPEAKER_01:

Yeah, Call for Papers and Call for Presentations are out. And once again, they have the two tracks. One that's specifically for first timers.

SPEAKER_03:

Nice.

SPEAKER_01:

If you're interested in that, you can toss in a planned presentation And they can help you find a partner, like an experienced speaker to do that. So something worth maybe looking into.

SPEAKER_03:

Nice.

SPEAKER_02:

Well,

SPEAKER_03:

that sounds fun.

SPEAKER_02:

I mean, you can't beat the cute logo either.

SPEAKER_03:

Isn't that the guy with the unicorn thing too?

SPEAKER_02:

I think that's Scythe you're thinking of. This is Grimm, so it's a Grimm Reaper.

SPEAKER_03:

Didn't you have something about the Wild West Hackington Oh,

SPEAKER_01:

yeah. That's going on in May, isn't it?

SPEAKER_02:

Yes. It's a bit more spendy with the virtual con coming in at$150 and the in-person being$350. Way

SPEAKER_03:

west. Very nice. That sounds fun.

SPEAKER_02:

If you register before April 23rd, you can get the swag back. So you know what really grinds my gears?

SPEAKER_03:

What grinds your gears?

SPEAKER_02:

Ads.

SPEAKER_03:

All right. I'll buy it.

SPEAKER_02:

It turns out microsoft is testing ads in windows 11 file explorer apparently somebody in the um what is it called the insider program took a screenshot of a new feature of ads in file explorer of all things um of course they've been pushing ads for other stuff like edge and the start menu and whatnot um but yeah i i can't say i'm too happy with the idea of ads in my file explorer for crying out loud microsoft of course says that this is experimental and not actually intended to be published externally but uh yeah that uh is not instill confidence. I have a hard enough time with ads in my browser, let alone having to deal with ads in my computer. But maybe I'm alone in that.

SPEAKER_01:

So do you think if you ran something like PyHole or DNS blacklisting for ad servers, that that would break things? I would

SPEAKER_02:

hope.

SPEAKER_01:

Well, I mean, not just break the display of the ads, but if that would break functionality within the file explorer itself.

SPEAKER_02:

That would be pretty interesting. I think they'd have to fix that

SPEAKER_01:

post-haste.

SPEAKER_02:

It would be pretty funny

SPEAKER_01:

though. It's one of those things that I'd be interested in digging into just to see how badly it's been messed up. I

SPEAKER_02:

guess I think the real takeaway here is that Microsoft loves Linux so much they want to push you into using Linux, whatever way possible. Well, I think that's about all the time we have for today. Don't forget to like and subscribe. And now a word from our sponsors.

SPEAKER_01:

No, we're sponsored by Magic Unicorn. No, Magic Spoon. Ah, I screwed it up, guys. We're never going to get that sponsorship. Anywho, alright, cool. That was fun. Good job, guys.

SPEAKER_03:

Yeah, good job.

SPEAKER_01:

Yeah, it was nice catching up, chit-chatting with you.

SPEAKER_03:

Always.

SPEAKER_01:

Yeah. Maybe we'll have a little bit more structure next time. I don't think so. I like winging it. Yay.

SPEAKER_03:

That was fun.

SPEAKER_01:

Nice. Yeah, so we're going to have a TriHackMe session. We'll pop that in the old events. In the meantime, join us on Discord.

SPEAKER_03:

Yes, go to securitytipmunks.com where you will find a link to our Discord server.

SPEAKER_01:

All right, thanks.

SPEAKER_03:

Thanks. I think

SPEAKER_01:

we nailed it, guys. Yes. We

SPEAKER_00:

nailed it. We nailed it. Right where you are, you're sitting in an electrical matrix of energy beyond belief or most human conception. You'd be surprised to know how much knowledge and communication can be carried on its way.