Location:
United States
Genres:
Technology Podcasts
Description:
A podcast about infosec, technology and life.
Twitter:
@shellsharks
Language:
English
Contact:
5404247404
Website:
https://shellsharks.com/
Email:
mike@shellsharks.com
Episodes
Mastodon & Cyber-success w/ @rebootkid
12/30/2022
Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management’s role in combatting burnout.
Show Notes
MastodonStars, Boosts & TootsDiasporaInfosec.ExchangeFediverseDefcon.socialActivityPub rocks!Why I Blog. You Should Too!SQL SlammerWhat Certification or Training Should I Take?Interview w/ Security Engineer, Eva GeorgievaMFA Prompt BombingGetting Into Information SecurityAn Ode to RSSCybersecurity burnout is real
Duration:01:16:19
Privacy Chat w/ Dan Frechtling
12/30/2022
Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy!
Show Notes
I Said No to Online Cookies. Websites Tracked Me Anyway.Story of Dan Frechtling & Scott MooreGDPRLGPDCCPACPRASephora Privacy SettlementGlobal Privacy ControlThe American Data Privacy and Protection Act (ADPPA)Advanced Data Protection Control (ADPC)US Privacy StringOSINT Sock PuppetsRuTarget Harvesting Google DataExecutive Order on Protecting Foreign Intel from Surveilling US CitizensIs TikTok safe?Deprecation of third-party cookiesSSO wall of shameGDPR enforcement trackerFuture of Privacy ForumTROPT Defining the Privacy tech Landscape WhitepaperIAPPThree Ways Your Data is Leaking in Advertising and How to Avoid It
Duration:01:02:14
Interview w/ Security Engineer, Eva Georgieva
11/16/2022
Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more!
Note: Had some challenges with audio leveling, I apologize for any audio weirdness!
Show Notes
Uber IncidentEva’s AMA on Reddit#hackintocybersecOLLMOOTryHackMeHack The BoxAcademyTCM Security
Duration:00:59:11
Threat Hunting w/ Shahar Vaknin of Hunters.ai
11/16/2022
Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting!
Show Notes
Hunters.aiLong Tail AnalysisThe DFIR Report2022 CrowdStrike Global Threat ReportRed Canary 2022 Threat Detection ReportTwitter Global CERTs/CSIRTs/ISACs listMISPThreat Hunting w/ PythonThe Cyber Kill ChainshellsharksCIS Critical Security ControlsPractical Threat Hunting TrainingMITRE ATT&CK
Duration:01:21:57
Vuln Research & Exploit Dev w/ VoidSec
11/15/2022
Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!
Show Notes
VoidSecThe Shellcoder's HandbookOffensive Security | EXP-401 | AWE | OSEEGoogle Project ZeroPrintDemonVoidSec CVE-2020-1337ZerodiumImmunefiIDA ProBurp Suite Professional010 EditorGhidraBinaryNinjaThe Art of Software Security AssessmentRET2SYSTEMS TrainingZero Day Initiative (ZDI)TrendMicroCorelanCVE North StarsPwn2Ownsecret clubUpdatedSecurity
Duration:01:06:56
Zero Trust is not 0 or 1
9/2/2022
Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust!
Show Notes
PomeriumLatin meaning of "pomerium"The Enchiridion of Impetus ExemplarJericho ForumThe Open Group Security ForumBeyondCorpNIST SP 800-207: Zero Trust ArchitectureMoving the US Government Toward Zero Trust Cybersecurity PrinciplesQ&A with Zero Trust Architecture Writers from NISTRego Policy LanguageOpen Policy AgentIstio Service MeshOpen Source Pomerium on GitHub2021 Twitter HackOASIS eXtensible Access Control Markup Language (XACML)HashiCorp Sentinel FrameworkAwesome Zero trust
Duration:00:55:14
Hacker Profile: Kevin Borders (NSA Red Team to Software Entrepreneur)
8/22/2022
A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, minware!
Show Notes
TI-85 Graphing CalculatorNumber MunchersDragonRealmsGemstone IIINSA Student ProgramsWeb Tap: detecting covert web trafficUniversity of Michigan PhD in CSEExecutive Order on Improving the Nation's CybersecurityU.S. Cyber CommandChimera: A Declarative Language for Streaming Network Traffic AnalysisNSA SlidesSecuring Network Input via a Trusted Input ProxyTowards Quantification of Network-Based Information Leaks via HTTPSELinuxProject ZeroKevin Borders on QuoraDoes the NSA Have Better Engineers than Facebook or Google?About minwareHalting problemBlackhatDefcon100% PreventionWhat are some computer hacks that hackers know but most people don't?The Most Hated Man on the InternetNSO Group iMessage Zero-Click Exploit, FORCEDENTRYOkta breach 2022NIST SP 800-207: Zero Trust ArchitectureSolarWinds BreachHow to Contribute to Open Source
Duration:01:34:44
”Extra Decentralized” (A discussion on Web3 and SLSA)
7/27/2022
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more!
Show Notes
Preshow
MITRE ATT&CKOWASP Docker Top 10OWASP Kubernetes Top 10 Main Show
SLSAProvenanceSoftware Attestationsin-totoOpenSSF YouTube ChannelSLSA CommunitySLSA Githubslsa.devOWASP Software Component Verification StandardPocketNFTs, explains2021 Gamestop short squeezer/wallstreetbetsGameStop NFT MarketplaceImmortal GameReddit NFT MarketplaceBored Ape Yacht ClubRoaring 20'sCRYPTOCVESNVDMitreMoxie Marlinspike on NFTs and Web3Web3Web5Bitcoin51% attacksPoly Network cryptocurrency hackWeb 3 is going just greatLattice-based cryptography Postshow
Chinese Housewife Wikipedia MisinformationTwitter verification
Duration:01:17:34
Ransomware as a Podcast (RaaP)
6/11/2022
Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!
Show Notes
Main Show
Greg EdwardsCryptoStopperWannaCry ransomwareJigsaw ransomwareColonial Pipeline hackLambdaLockerSolarwinds Supply Chain Compromise18 CIS Critical Security ControlsRansomware as a Service (RaaS)Ransomware Payments via CryptoOST DebateShadow Brokers
Duration:01:02:59
Take a Fika
6/11/2022
Join myself (@shellsharks) and Thomas Peterson as we dive into his experience with Offensive Security’s challenging OSWE certification, discuss where we get our inspiration for blogging and more!
Show Notes
Main Show
tpetersonkth.github.ioOffensive Security - OSWEDEF CON YouTube channelHackTheBoxOffensive Security - OSCPThomas's OSWE Review 2022Shellsharks Desk setupeLearnSecurity - PTPIKEAOG Shellsharks LookCaptains Log Postshow
Swedish Fika
Duration:01:11:37
Suburban Turtle
4/28/2022
Listen in on a fun conversation between myself (@shellsharks) and my friend/guest Kyle as we discuss everything from our monitor setups to OSINT leveraged in the Ukraine-Russia conflict to vendor APT Naming and more!
!! Explicit Language Alert !!
Show Notes
Preshow
Desk Setup 2021 postMac Tools postLeetcodeElite "PewPew" map Main Show
Ukraine Humanitarian FundGoogle (allegedly) un-blurring Russian satellite imageryTracking Russian soldiers using stolen iPhonesDestructive WipersNamed Vulnerabilities ListCrowdStrike APT Adversary UniverseMandiant APT NamingDragos Threat Activity Group NamesChollimaOffensive Security CoursesOffSec WEB-300/AWAE/OSWECertifications are not like Pokemon CardsShellsharks Podcast on BurnoutMy Reddit AMAThought LeaderCISSPDoD 8570Metasploit Default Credential CVE
Duration:01:03:46
Security Friendliness Engineering
12/28/2021
Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!
Show Notes
Main Show
https://littlemaninmyhead.wordpress.comhttps://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.htmlhttps://nacl.cr.yp.tohttps://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-cryptohttps://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.htmlhttps://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysishttps://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdfhttps://people.csail.mit.edu/rivest/https://csrc.nist.gov/projects/post-quantum-cryptographyhttps://www.meetup.com/en-AU/appsec-australia/https://en.wikipedia.org/wiki/Grover%27s_algorithmhttps://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/https://www.devsecops.orghttps://owasp.orghttps://support.google.com/a/answer/1217728?hl=enhttps://www.google.com/recaptcha/about/https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/https://owasp.org/www-project-top-ten/https://owasp.org/www-project-application-security-verification-standard/https://www.synopsys.com/glossary/what-is-sast.htmlhttps://microservices.iohttps://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/https://owasp.org/www-project-zap/https://www.synopsys.com/glossary/what-is-software-composition-analysis.htmlhttps://www.imdb.com/title/tt1375666/https://checkmarx.com/product/codebashing-secure-code-training/https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/https://pages.nist.gov/800-63-3/sp800-63b.htmlhttps://trufflesecurity.com/trufflehoghttps://log4shell.com/https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerabilityhttps://heartbleed.comhttps://nvd.nist.gov/vuln/detail/CVE-2014-6271https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218https://nvd.nist.gov/vuln/detail/CVE-2017-0143https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdfhttps://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoorhttps://portswigger.net/burp Postshow
https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/
Duration:01:12:31
Analyzing the OWASP Top 10 2021
9/28/2021
Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss the new OWASP Top 10 for 2021.
Note on this episode: My audio was incredibly quiet during the recording so when editing I had to pump up the volume which introduced a fair bit of static. I apologize and hope the episode is bearable despite that static!
Show Notes
Preshow
https://simplenote.comhttps://www.notion.sohttps://obsidian.mdhttps://code.visualstudio.comhttps://notepad-plus-plus.org/downloads/https://pages.github.comhttps://atom.io Main Show
https://twitter.com/CubicleApril/status/1437531584119386116?s=20https://shellsharks.com/infosec-blogshttps://shellsharks.com/an-ode-to-rsshttps://apps.apple.com/us/app/shortcuts/id915249334https://www.netsparker.com/blog/web-security/owasp-top-10-2021-not-what-you-think/https://owasp.org/www-project-top-ten/https://owasp.org/www-project-application-security-verification-standard/https://owasp.org/www-pdf-archive/OWASP_Top_10_-_2010.pdfhttps://owasp.org/www-pdf-archive/OWASP_Top_10_-_2013.pdfhttps://owasp.org/www-pdf-archive//OWASP-Top-10-2017-en.pdfhttps://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azurehttps://www.reddit.com/r/cybersecurity/comments/podx9q/omigod_widespread_azure_linux_vulns_in_hidden/https://chaosdb.wiz.io
Duration:01:20:26
Blogging & WGU
7/22/2021
Join myself (@shellsharks) and @cradersec as we discuss blogging, Western Governors University (WGU), home labs and more!
Show Notes
Preshow
https://rogueamoeba.com/audiohijack/https://rogueamoeba.comhttps://www.omnigroup.com/omnifocus/https://todoist.com/https://www.notion.sohttps://flexibits.com/fantasticalhttps://wiki.gnome.org/Apps/GTG Main Show
https://cradersecurity.comhttps://shellsharks.com/you-should-blog#titlehttps://www.wgu.eduhttps://shellsharks.com/captains-loghttps://ocw.mit.edu/index.htmhttps://ocw.mit.edu/index.htmhttps://aws.amazon.com/free/https://www.pluralsight.comhttps://docs.github.com/enhttps://cloud.google.com/freehttps://potentwisdom.comhttps://linuxsmack.comhttps://privacysmack.comhttps://tryhackme.com Postshow
https://shellsharks.com/inbox-zero#titlehttps://www.amazon.com/Digital-Minimalism-Choosing-Focused-Noisy/dp/0525536515
Duration:00:55:46
Burnout & Motivation
7/12/2021
Kyle (@cyberspacekyle) and Masie (@masiehabibi) join me (@shellsharks) once more to chat motivation and burnout in infosec and in life. We also have a fiery fitness challenge throw-down! I hope you enjoy this relatively short but lively episode!
Preshow
https://support.apple.com/en-us/HT207014 Main Show
https://shellsharks.comhttps://www.linkedin.com/https://www.teamblind.com
Duration:00:42:40
Pentesting Chat (and Beer Chat)
6/11/2021
Join myself (@shellsharks) and my guest Sukrit (@sukritdua) as we chat pentesting, training, craft beer and more!
Note: I apologize in advance as Sukrit’s audio was a little spotty. Enjoy!
Show Notes
Preshow
https://collectiveartsbrewing.com/us/https://www.coca-colacanada.ca/en/specialtysoda/quebec-maple/https://mywinecanada.com/wine/ice-winehttps://www.ratebeer.com/Ratings/Beer/Beer-Ratings.asp?BeerID=749 Main Show
https://www.kali.orghttps://www.hackerone.comhttps://www.bugcrowd.comhttps://www.sans.org/blog/https://portswigger.net/bloghttps://ine.com/pages/elearnsecurity-pricinghttps://shellsharks.comhttps://shellsharks.com/getting-into-information-securityhttps://www.reddit.com/r/netsecstudents/comments/m0lbst/a_guide_for_those_looking_to_break_into_the/https://elearnsecurity.com/blog/ptpv4-launch/https://www.offensive-security.com/pwk-oscp/https://www.offensive-security.com/offsec/say-try-harder/https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470https://portswigger.net/web-securityhttps://www.hackerone.com/blog/Introducing-Hacker101-CTFhttps://overthewire.org/wargames/https://picoctf.orghttps://holidayhackchallenge.comhttps://www.cybrary.ithttps://www.pentesteracademy.comhttps://pentesterlab.comhttps://elearnsecurity.com/product/ewpt-certification/https://elearnsecurity.com/product/ewptxv2-certification/https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/https://ine.com/pages/planshttps://www.sans.org/work-study-program/https://www.sans.org/cyber-security-summithttps://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/https://www.sans.org/profiles/stephen-sims/https://acloudguru.comhttps://www.pluralsight.comhttps://login.linuxacademy.com Postshow
https://untappd.comhttps://foursquare.comhttp://www.hill-high.comhttps://github.com/WebBreacher/untappdScraperhttps://shellsharks.com/captains-log
Duration:01:00:28
Colonial Pipeline Hack & More!
5/19/2021
This week on The Shellsharks Podcast, @masiehabibi joins me (@shellsharks) to talk Clubhouse, ransomware, the Colonial Pipeline hack, Google I/O, iOS vs Android and more!
Podcast Pre-chat
https://www.joinclubhouse.comhttps://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/https://blog.twitter.com/en_us/topics/product/2021/spaces-is-here.htmlhttps://shellsharks.com Colonial Pipeline Hack & Ransomware Discussion
https://www.wired.com/story/colonial-pipeline-ransomware-attack/https://www.tesla.comhttps://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/https://www.reuters.com/article/us-home-depot-cyber-settlement/home-depot-reaches-17-5-million-settlement-over-2014-data-breach-idUSKBN2842W5https://securityandtechnology.org/ransomwaretaskforce/report/https://csrc.nist.gov/publications/detail/sp/800-207/finalhttps://cloud.google.com/beyondcorp Google I/O vs Apple Events & iOS vs Android
https://events.google.com/io/?lng=enhttps://www.blog.google/technology/ai/lamdahttps://www.apple.com/apple-events/april-2021/?useASL=truehttps://ai.googleblog.com/2018/05/duplex-ai-system-for-natural-conversation.htmlhttps://developer.apple.com/wwdc21/https://en.wikipedia.org/wiki/IOS_jailbreakinghttp://cydia.saurik.com/package/com.fire30.hackingwithfriends/
Duration:01:14:13
Getting Into Infosec (Part I)
5/7/2021
Join myself (@shellsharks), Kyle (@cyberspacekyle) and Masie (@masiehabibi) as we discuss Getting Into Information Security, what industry certifications are best to get for those new to the field and more!
https://www.oldoxbrewery.comhttps://www.beeradvocate.com/beer/profile/215/2512/https://www.comptia.org/certifications/securityhttps://www.sans.orghttps://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/https://acloudguru.comhttps://www.python.orghttps://www.giac.org/certifications/dodd-8570
Duration:01:10:27
Introduction
5/7/2021
Introducing The Shellsharks Podcast! Join me (@shellsharks) in this new show about all things Infosec, Technology and Life-in-general.
For more on Shellsharks, check out the site!
Duration:00:01:05