7MS #172: Infosec News and Links Roundup
After last week's question about whether a itpro.tv subscription was worth it. A few listeners wrote in and some of their comments:
Compare ITPro to Safaribooksonline before making a choice.
Safaribooksonline app keeps you logged in, has good queue functionality, and remembers where you left off in a video. ITPro app seems less functional - short logout times, doesn't remember where you were in a video, and doesn't remember your course progress.
ITPro seems to tempt the "demo gods" and aren't always successful. Safaribooksonline content may be a bit more polished.
ITPro might be geared a bit more towards a younger audience.
SANS is doing a Webinar on the 2016 Security Awareness Report Key Findings on Tuesday, March 29 at 10am CST. Overview:
Learn how to take your security awareness program to the next level as Bob Rudis, Lance Hayden, and Lance Spitzner cover key findings from the 2016 Securing the Human Security Awareness Report. Specifically the top two challenges facing security awareness teams and how organizations are resolving them.
Offensive Security did a live demo (via IRC) of the Kali "ISO of doom thing." I have the transcript if you want it, otherwise keep an eye on http://offsec.me.
Confused about CSRF? Definitely check out Troy Hunt's video editon explanation of this attack.
Tim Tomes is teaching PWAPT in Charleston, April 28-29. Fly to it if you have to - it's a fantastic course!
Hacker explains how he stole all the nudie pics of female celebs using ultra l33t super tight h4x04 sk1llz. Aka phishing. :-)
The Badlock bug is going to pwn all of your Samba on April 12th.
FBI apparently doesn't need Apple's help cracking into that iPhone after all.
Locky ransomware locks up a hospital, triggering an "internal state of emergency."
EC-Council is infecting visitors with ransomware. And don't seem to care.
You can upload and download files quickly from shell using transfer.sh.
A great cheat sheet on using PowerView.
Pentester lab has a nice bootcamp you can attend (virtually) for a "learn it yourself" primer to pentesting.
Pwnwiki offers great sources for "What to do in a pentest after access has been gained."
- On that note, if you've knabbed low-priv permissions on a well-patched Windows box, Netripper might be your new best friend.
This is my favorite tweet about Apple v. FBI when the feds suddenly decided not to go to that hearing.
A poll to name a freakin' huge boat came to a conclusion, with Boaty McBoatface the clear winner.
The BPATTY doc has some updates! And is now linked on homepage!
- Oh, and I'm trying to get BPATTY into Github.