Episode 13 - Winter Hibernation is Over! - Security Chipmunks

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:00):
I don't know if people would want to see my ugly

(00:02):
mug on video.

SPEAKER_02 (00:03):
Well, I'm not saying we have to put our faces up.

SPEAKER_01 (00:06):
Oh, that's a good call.

SPEAKER_02 (00:07):
We could have fancy slides and stuff and bore them
to death with PowerPoint.

SPEAKER_01 (00:13):
Ah, death by PowerPoint.

SPEAKER_03 (00:15):
I like that plan.

SPEAKER_02 (00:18):
We could even do triacne rooms or something.

SPEAKER_01 (00:23):
Ah, that'd be kind of fun.
Do like a podcast episode wherewe...
do TryHackMeRoom, and then wefill the chat with expletives
because it's not working.
No, I really like that.

(00:44):
That's a good idea.
Yes, I like it.
Do you guys do something withthe Cybersecurity Club?

SPEAKER_03 (00:53):
Who?
You.
Oh, yeah.
I'm the vice president of it.
What?
What?

SPEAKER_01 (01:00):
No way.

SPEAKER_03 (01:01):
Yes.
Yes.

SPEAKER_02 (01:03):
This is a shocking revelation to

SPEAKER_01 (01:05):
me.
Shocking.
Shocking revelation.
How

SPEAKER_02 (01:07):
could you?
Yes, I'm recording.
We're

SPEAKER_01 (01:11):
recording.
This is good stuff, Edna.
We need to fill the gaps.
We gotta make up for the losttime.
Gotta go fast.
Gotta go fast.

SPEAKER_03 (01:21):
Yes, I'm the vice president.
I'm actually running forpresident as well.

SPEAKER_02 (01:26):
Yeah, nice.
So, a promotion, basically.

SPEAKER_03 (01:30):
Well, if the students will have me, then yes.

SPEAKER_01 (01:35):
I think you make a excellent president, so I hereby
endorse you.
I

SPEAKER_03 (01:40):
appreciate that, and I will endorse you in your run
for vice president.

SPEAKER_01 (01:47):
Yeah, but I'm only doing it because you want me to
do it, so I'm just going to be asecondary vote for you.
Oh,

SPEAKER_02 (01:58):
and here I thought it was because I was running for
treasurer and you were afraid ofme deposing you.

SPEAKER_01 (02:06):
Zero charges of embezzlement so far, okay?
Yeah.
So we're doing great.

SPEAKER_03 (02:14):
It's a good day.
We're all running for office.
Elections are coming up in thecyber club.
We're going to do it.
We're going to win.

SPEAKER_02 (02:25):
Yay, bureaucracy!

SPEAKER_01 (02:27):
Yeah.
Then we have to fill out all theforms.
arms

SPEAKER_03 (02:33):
yes

SPEAKER_01 (02:36):
all right yeah you guys want to kick it off

SPEAKER_03 (02:38):
yes

SPEAKER_01 (02:39):
all right yeah we'll say insert the music here the

SPEAKER_00 (02:47):
following is from a cooperative project for
acquiring skills essential tolearning

SPEAKER_03 (02:58):
Welcome to the Security Chipmunks podcast,
where we talk about thedevelopment of cybersecurity
skills.
To stay up to date in today'sworld, you need to be resilient.
That's why at AdvancedPersistent Chipmunks, we keep
chipping away at it.
Well, you know what?

(03:22):
I went to a meeting for theHarvard Extension Cybersecurity
Club this evening.

SPEAKER_01 (03:30):
Oh,

SPEAKER_03 (03:31):
yeah?
Yeah, and it had Tara Wheeler.
She was speaking.
Phenomenal.
I love hearing her speak.
So she was talking about policyand cybersecurity laws and
things like that.
It was a really good talk.

SPEAKER_01 (03:47):
That's awesome.
Yeah.
Did she, did she mention likehow they're, they, the laws
themselves have actually beenlike brought to speed within
like the past 20 years at all?

SPEAKER_03 (04:00):
Well, she, she had some, some complaints.
I mean, she had colorfullanguage about how the laws
actually make no sense,particularly the computer fraud
and abuse law.
And then there was another hateone that she was talking about
that is they're trying to get itthrough but it has some dumb

(04:24):
things in it that's not going tobe good for you know people who
deal with computers so

SPEAKER_02 (04:31):
which is like everybody nowadays so it's bad
for everyone yeah

SPEAKER_03 (04:35):
so they're trying to push some things in that law
that shouldn't be there

SPEAKER_01 (04:40):
yeah that's that's going to be good no no right
right so what else have you guysbeen up to you We've taken a
little hiatus.

SPEAKER_03 (04:50):
We did.
We took a break.
I started a new job.
And yeah, so I'm now working asa SOC analyst too.
I'm very excited.
I'm working at a great company.
Everybody there is so nice.
And I just feel like I havereally found a great place to

(05:11):
work at and has great people towork with.
And I'm very happy there.

SPEAKER_01 (05:16):
Oh, nice.
Congratulations.
I like to hear that.

SPEAKER_02 (05:21):
Well, I've been pretty busy myself.
I too have gotten a job.
I am a mere SOC analyst one.
All my coworkers are super niceand it's a great place to work
as well.

SPEAKER_01 (05:35):
Awesome.
I mean, don't let the titlethrow you.
Given my relationship with youand knowing, knowing you for as
long as I have now, I feel thatyou'll quickly accelerate to the
higher tiers in no time at all

SPEAKER_02 (05:50):
yes they definitely it does feel like they want you
to grow in that company

SPEAKER_03 (05:58):
yes they do seem to encourage that and I'm glad that
you got the job so glad to haveyou working with me it seems
like I drag you with meeverywhere that I

SPEAKER_02 (06:07):
go yes yes a

SPEAKER_03 (06:10):
little bit like I got a new job let's recommend
Neil

SPEAKER_02 (06:13):
well it's just that I have a level of rapport and
trust that I know that you'resetting me up for success

SPEAKER_03 (06:23):
absolutely I'm very happy for you and I'm glad that
you're joining me at this coolcompany and we actually have a
few friends that work there nowwhich is pretty neat so it's
great to have friends that workand of

SPEAKER_02 (06:41):
course there's still school so trying to finish out

SPEAKER_03 (06:45):
the

SPEAKER_02 (06:46):
last term or so here and try to complete all the
classes.
We'll see how that goes.
It's definitely alwaysinteresting trying to transition
between jobs and still do schooland everything.

SPEAKER_01 (07:02):
I believe in

SPEAKER_02 (07:03):
you.
Keep busy.

SPEAKER_01 (07:04):
You got this.
You got it.
You'll keep chipping away at it.
Exactly.
Oh boy.

SPEAKER_02 (07:17):
I'll be graduated before I know it and these will
be the good old days.

SPEAKER_01 (07:20):
The good old days.
Before you had to start payingon student loans.

SPEAKER_02 (07:26):
Exactly.

SPEAKER_03 (07:28):
Oh, yeah.
That's coming, isn't it?
Yes.
So that just reminded me of mydebit card company.

(07:54):
So I went to go buy a hackerhoodie.
It's the RECA hoodie by theSpearfish General Store.
So I go to order it, and mybank, they stopped it.
They stopped me from buying myblack hacker hoodie from the
Spearfish Store.

(08:16):
They thought it was hacking orsomething.
I got stopped by the frauddepartment.
That was funny.

SPEAKER_01 (08:24):
I wonder if they flagged that just because of the
keyword in the store name.
Yes.
Right?
That would be great.
Yes.
That fraud analyst is like, man,I'm nailing this job today.
Yeah.

SPEAKER_03 (08:46):
Yes.
Well, and I tell it when I hadto talk to them on the phone.
I had to talk with them to getit to go through.
I let them know I've purchasedfrom this place twice before
already.
Every time I get stuck on thisfraud thing, but it was just

(09:06):
this time it was my hackerhoodie that I was buying.
So

SPEAKER_01 (09:12):
in the software, would that be like a benign
positive?
Yes.

SPEAKER_03 (09:22):
Yes, their filter did what the filter was supposed
to do, I guess.

SPEAKER_01 (09:28):
Nice.
So, all right.
Well, I mean, let's get into theshow.
So now we know what we've beendoing.
What's going on in the news?

SPEAKER_03 (09:41):
Well, in the news, we have Kaspersky is recommended
you don't use anymore.

SPEAKER_02 (09:50):
Who's recommending that, though?

SPEAKER_03 (09:54):
German.
German government.

SPEAKER_02 (09:57):
There's so many advisories anymore.
There's like CISA.

SPEAKER_03 (10:03):
Well, yes.
If I wanted to compile a list, Icould probably compile a pretty
large list of who recommends youdon't use Kaspersky right now.
So good question.
Yes, a lot of places are sayingdon't use Kaspersky.
It's developed by the Russians.

(10:23):
And Russians are currentlywaging a war.
It's

SPEAKER_01 (10:27):
almost

SPEAKER_02 (10:29):
like they're incentivized to not be helpful
right now.

UNKNOWN (10:34):
Mm-hmm.

SPEAKER_01 (10:36):
Speaking of CISA there, did you guys see that
alert that went out earlier inthe week?
It kind of ties into the wholewar in Ukraine, too.
The Russian state-sponsoredactors exploiting duo

(10:57):
authentication protocol andleveraging Print Nightmare and
stuff like that to you like popa bunch of victims.
I mean, I shouldn't laughbecause, but, um, it's a pretty
interesting, um, attack.
So how it, how it works is as aduo account falls out of a good

(11:23):
active state, it gets unenrolleda lot of the times as like a
business process to free uplicensing, things like that.
And so they're using this topinpoint accounts to attack and
So they'll brute force anaccount, get the password, and
then walk through the enrollmentinto Duo.
They use that to gain controland pivot throughout the

(11:46):
environment.
It's actually a reallyinteresting attack.
So

SPEAKER_02 (11:54):
basically, from what you're saying, it sounds like
they use accounts that don'thave it enabled anymore to then
re-enroll and then use the factthat they now have multi-factor
authentication to pivot to stuffthat requires it

SPEAKER_01 (12:11):
correct wow

SPEAKER_02 (12:13):
okay

SPEAKER_01 (12:14):
yeah so like one of the best practices that I
remember always coming across insome of my previous environments
was limit the number of staleaccounts within the environment
right and so this just kind ofhelps reiterate that to me of if
you have a stale account and youhave policies on like third

(12:34):
party vendors like dualauthentication where you pay for
the number of licenses and seatsthat you have and then that
authentication expires orsomething happens where you
start the process ofdecommissioning an account but
you don't decommission it allthe way.
It can just come back and biteyou in the butt.

(12:57):
To me, I can think back and lookat some of the environments that
I've been in and be like, yeah,I can totally see that happening

SPEAKER_02 (13:07):
so

SPEAKER_03 (13:08):
yeah

SPEAKER_02 (13:10):
yep yeah there's it's always like gotta try to
stay ahead of the curve there'salways something

SPEAKER_01 (13:19):
yeah and it's to me it's kind of interesting with
the Ukrainian war going on whatit's actually spurring within
the cyber security field rightso you have this CISA advisory
going out that's related to thatthey have the Conti leaks that

(13:41):
are going on now because of theUkrainian war that's happening
it's like spurring all theseevents and it's almost like
we're going into like ainformation overload because not
only are they spurring theseevents to like you know happen

(14:01):
but there's also a whole bunchof interesting projects that are
people that are doing with likeopen source intelligence and
pinpointing Russian troopmovements based on their posting
of TikToks and things like thatit's just getting all sorts of
crazy you know oh yeah

SPEAKER_02 (14:21):
if you want to talk like oscent in russia um reading
the Bellingcat stuff is alwaysinteresting I haven't finished
it but I had started readingtheir book earlier this year I
think it's like We AreBellingcat or something but the

(14:42):
stuff that the work thatBellingcat does is pretty
impressive

SPEAKER_01 (14:47):
well what's interesting about the Bellingcat
stuff is from the Conti leaks itseems that there's some kind
between the Conti group and theFSB which is like the Russian
equivalent of like the like ofthe NSA or CIA right they the

(15:12):
FSB has like has like chat logsreaching out to some of the
people at Conti asking them todo research and OSINT and other
things like that on some of thepeople associated with
Bellingcat because of thearticles that they've have

(15:33):
written about like Nodani and acouple of the other people that
the US has like extradited forlegal actions

SPEAKER_02 (15:46):
very cool

SPEAKER_03 (15:48):
yeah

SPEAKER_02 (15:50):
but yeah there's definitely a lot of stuff you
can learn from like their guidesand whatnot on how to do OSINT
and things like that.
I think one of the ones I sawthat interested me originally
was like They were going throughvideos or something and locating

(16:14):
the different locations in thevideo.
There was multiple locations andthey were going through and
matching it up to satelliteimagery and stuff.
That's a rather simplisticexample.
To

SPEAKER_01 (16:28):
me, it's always really interesting when people
are able to do that becausethey'll take a photo and they'll
be able to place it exactlywhere it was taken based on like
a little bit of the metadatathat's in there but also like
okay here's a whole list of youknow a list of photos from that

(16:50):
same area like throughout theyear and we can kind of
correlate this data to tell youthat it was taken on this time
at this part of the season youknow that correlation stuff to
me is super interesting like howpeople draw those similarities
and parallels between things

SPEAKER_03 (17:11):
so yeah I've seen people doing these OSINT
challenges like a picture ofsomebody at the beach and
they're just like on a balconyand you just see like a beach
and water and they're able to belike oh yeah you're on this
beach because I see you'reeating a burrito that has
seaweed and so that's thislocation and I'm just like wow

(17:34):
they figure all this from just afew clues that they were able to
put together almost preciselocation or precise location of
where that person is that tookthe picture enjoying this the
view and their seaweed burrito

SPEAKER_02 (17:51):
yeah it's it's pretty wild like

SPEAKER_03 (17:54):
yeah

SPEAKER_02 (17:55):
what like it's kind of makes you wonder like how you
can really address that ifyou're trying to do like
operational security orsomething like that especially
when people are like you knowreflections and stuff like of
things or just like the minutedetails like what would you have

(18:17):
to do to actually disguise alocation or whatnot or something
you know if you're trying to dosomething seems like it would be
hard

SPEAKER_03 (18:30):
yeah

SPEAKER_02 (18:31):
and then on the flip side well i'll say the flip side
but um i think it'd be aninteresting application of like
uh deep fakes but like forlocation to make it seem like
you're somewhere you're notseems like you could

SPEAKER_01 (18:46):
apply that in a way are you talking like deep fake
the photo of or like the moviewell

SPEAKER_02 (18:54):
you can do real-time video deep fakes now

SPEAKER_01 (18:59):
yeah yeah i actually just saw one recently.
It was some guy doing a deepfake of Tom Cruise.
Absolutely hysterical.

SPEAKER_02 (19:11):
I think they've even gotten better than those ones
actually.
If it's the one I'm thinking of.

SPEAKER_01 (19:24):
It was the kid who was a dishwasher in a restaurant
and They deep-faked Tom Cruise'shead on there as he's
complaining about washingdishes.

SPEAKER_02 (19:36):
Yeah, I mean, if it's even a year old, it's
already even better

SPEAKER_01 (19:39):
than that.
No, it is this week.

SPEAKER_02 (19:42):
Oh, this

SPEAKER_01 (19:42):
week, okay.
Yeah, it's pretty convincing.
I'm like, that's pretty good.

SPEAKER_02 (19:46):
Yeah, it's come quite a long way in such a short
time.
Just to the point where I'mlike...
So if my CEO hops on a videocall with me and tells me to
transfer a bunch of money, I'mstill not going to do it, right?

SPEAKER_01 (20:05):
And you'll be like, okay, sure, here we go, right?
But yeah,

SPEAKER_02 (20:15):
definitely changes things up.
Of course, I imagine there'sstill some amount of setup or
know-how, but as it becomeseasier for the average person.
I guess it's kind of like, youknow, like with the AirTags
thing, the ease of use is partof why it makes it such a
problem.
Because in terms of like howhard it is to set that up and

(20:37):
like track someone, it's prettynominal if you have an iPhone or
something.
I mean, that's what you need toset up an AirTag, right?
Yeah.
if you compare a bluetooth youknow thing to your phone you can
figure how to use ear tagcompared to like other solutions
that might be a little bit moreinvolved to set up i don't know
maybe that's just speculationbut

SPEAKER_03 (21:15):
Oh, we have the Hippity Haps in security.
What's the Hippity Haps insecurity, Patrick?

SPEAKER_01 (21:23):
The Hippity Haps.
Current events and things thatare coming up to keep you guys
informed.

SPEAKER_03 (21:28):
So we have the B-Sides Tampa that's happening
on April 23rd.
And it's a hybrid event, sothere's going to be in-person
things happening, and thenthere's going to be a remote.
And the remote tickets are only$15.
So, kind

SPEAKER_01 (21:44):
of neat.
Speaking Speaking of eventscoming up, Grimcon has put out
their Call for Papers.
Anybody see that?
I did

SPEAKER_03 (21:53):
not.
I did not either.

SPEAKER_01 (21:55):
Yeah, Call for Papers and Call for
Presentations are out.
And once again, they have thetwo tracks.
One that's specifically forfirst timers.

SPEAKER_03 (22:07):
Nice.

SPEAKER_01 (22:08):
If you're interested in that, you can toss in a
planned presentation And theycan help you find a partner,
like an experienced speaker todo that.
So something worth maybe lookinginto.

SPEAKER_03 (22:28):
Nice.

SPEAKER_02 (22:29):
Well,

SPEAKER_03 (22:30):
that sounds fun.

SPEAKER_02 (22:31):
I mean, you can't beat the cute logo either.

SPEAKER_03 (22:33):
Isn't that the guy with the unicorn thing too?

SPEAKER_02 (22:38):
I think that's Scythe you're thinking of.
This is Grimm, so it's a GrimmReaper.

SPEAKER_03 (22:43):
Didn't you have something about the Wild West
Hackington Oh,

SPEAKER_01 (22:47):
yeah.
That's going on in May, isn'tit?

SPEAKER_02 (22:49):
Yes.
It's a bit more spendy with thevirtual con coming in at$150 and
the in-person being$350.
Way

SPEAKER_03 (22:58):
west.
Very nice.
That sounds fun.

SPEAKER_02 (23:02):
If you register before April 23rd, you can get
the swag back.
So you know what really grindsmy gears?

SPEAKER_03 (23:09):
What grinds your gears?

SPEAKER_02 (23:12):
Ads.

SPEAKER_03 (23:13):
All right.
I'll buy it.

SPEAKER_02 (23:15):
It turns out microsoft is testing ads in
windows 11 file explorerapparently somebody in the um
what is it called the insiderprogram took a screenshot of a
new feature of ads in fileexplorer of all things um of

(23:37):
course they've been pushing adsfor other stuff like edge and
the start menu and whatnot umbut yeah i i can't say i'm too
happy with the idea of ads in myfile explorer for crying out
loud microsoft of course saysthat this is experimental and
not actually intended to bepublished externally but uh yeah

(23:58):
that uh is not instillconfidence.
I have a hard enough time withads in my browser, let alone
having to deal with ads in mycomputer.
But maybe I'm alone in that.

SPEAKER_01 (24:12):
So do you think if you ran something like PyHole or
DNS blacklisting for ad servers,that that would break things?
I would

SPEAKER_02 (24:22):
hope.

SPEAKER_01 (24:23):
Well, I mean, not just break the display of the
ads, but if that would breakfunctionality within the file
explorer itself.

SPEAKER_02 (24:34):
That would be pretty interesting.
I think they'd have to fix that

SPEAKER_01 (24:37):
post-haste.

SPEAKER_02 (24:38):
It would be pretty funny

SPEAKER_01 (24:39):
though.
It's one of those things thatI'd be interested in digging
into just to see how badly it'sbeen messed up.
I

SPEAKER_02 (24:48):
guess I think the real takeaway here is that
Microsoft loves Linux so muchthey want to push you into using
Linux, whatever way possible.

(25:12):
Well, I think that's about allthe time we have for today.
Don't forget to like andsubscribe.
And now a word from oursponsors.

SPEAKER_01 (25:25):
No, we're sponsored by Magic Unicorn.
No, Magic Spoon.
Ah, I screwed it up, guys.
We're never going to get thatsponsorship.
Anywho, alright, cool.
That was fun.
Good job, guys.

SPEAKER_03 (25:45):
Yeah, good job.

SPEAKER_01 (25:46):
Yeah, it was nice catching up, chit-chatting with
you.

SPEAKER_03 (25:49):
Always.

SPEAKER_01 (25:50):
Yeah.
Maybe we'll have a little bitmore structure next time.
I don't think so.
I like winging it.
Yay.

SPEAKER_03 (25:57):
That was fun.

SPEAKER_01 (25:59):
Nice.
Yeah, so we're going to have aTriHackMe session.
We'll pop that in the oldevents.
In the meantime, join us onDiscord.

SPEAKER_03 (26:12):
Yes, go to securitytipmunks.com where you
will find a link to our Discordserver.

SPEAKER_01 (26:20):
All right, thanks.

SPEAKER_03 (26:23):
Thanks.
I think

SPEAKER_01 (26:24):
we nailed it, guys.
Yes.
We

SPEAKER_00 (26:26):
nailed it.
We nailed it.
Right where you are, you'resitting in an electrical matrix
of energy beyond belief or mosthuman conception.
You'd be surprised to know howmuch knowledge and communication
can be carried on its way.

All Episodes

Episode 13 - Winter Hibernation is Over!

Episode Transcript

Popular Podcasts

On Purpose with Jay Shetty

Stuff You Should Know

The Joe Rogan Experience

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Episode 13 - Winter Hibernation is Over!