The Shellsharks Podcast

The Shellsharks Podcast is back! Season 2 begins now.

The Show has also moved! You will (likely) need to re-subscribe via the direct RSS link. Theres a chance your feed will auto migrate to the updated link but I am not counting on it. Thanks!

- The Last Episode: [Mastodon & Cyber-success w/ @rebootkid](https://podcast.shellsharks.com/cp-admin/podcasts/2/episodes/74)
- The show is now available to follow on the Fediverse [@ShellsharksPodcast@podcast.shellsharks.com](https://podcast.shellsharks.com/@ShellsharksPodcast)
- The Shellsharks Podcast [direct RSS link](https://podcast.shellsharks.com/@ShellsharksPodcast/feed.xml)
- [Shellsharks.com](https://shellsharks.com)
- Follow me [@shellsharks@shellsharks.social](https://shellsharks.social/@shellsharks)

Positivity abounds in this edition of The Shellsharks Podcast! @rebootkid (Nate) joins me to discuss the great Infosec Mastodon migration, getting into infosec, mentorship, cybersecurity as a practice and management’s role in combatting burnout.

Show Notes

• Mastodon
• Stars, Boosts & Toots
• Diaspora
• Infosec.Exchange
• Fediverse
• Defcon.social
• ActivityPub rocks!
• Why I Blog. You Should Too!
• SQL Slammer
• What Certification or Training Should I Take?
• Interview w/ Security Engineer, Eva Georgieva
• MFA Prompt Bombing
• Getting Into Information Security
• An Ode to RSS
• Cybersecurity burnout is real

Boltive CEO and privacy advocate, Dan Frechtling joins me to discuss all things in the world of Internet privacy!

Show Notes

• I Said No to Online Cookies. Websites Tracked Me Anyway. | Consumer Reports
• Story of Dan Frechtling & Scott Moore
• Privacy Regulations - GDPR, LGPD, CCPA, CPRA
• Sephora Privacy Settlement
• Global Privacy Control
• The American Data Privacy and Protection Act (ADPPA)
• Advanced Data Protection Control (ADPC)
• US Privacy String
• OSINT Sock Puppets
• RuTarget Harvesting Google Data
• Executive Order on Protecting Foreign Intel from Surveilling US Citizens
• Is TikTok safe?
• Deprecation of third-party cookies
• SSO wall of shame
• GDPR enforcement tracker
• Future of Privacy Forum
• TROPT Defining the Privacy tech Landscape Whitepaper
• IAPP
• Three Ways Your Data is Leaking in Advertising and How to Avoid It

Join myself (@shellsharks) and Eva Georgieva, security engineer and founder of #hackintocybersec as we discuss getting into infosec, cybersecurity education, women in cyber and more!

Note: Had some challenges with audio leveling, I apologize for any audio weirdness!

Show Notes

• Uber Incident
• Eva’s AMA on Reddit
• #hackintocybersec
• OLLMOO
• TryHackMe
• Hack The Box (Academy)
• TCM Security

Join myself (@shellsharks) and Shahar Vaknin, Axon Team Lead at Hunters.ai as we discuss the world of Threat Hunting!

Show Notes

• Hunters.ai
• Long Tail Analysis
• The DFIR Report
• 2022 CrowdStrike Global Threat Report
• Red Canary 2022 Threat Detection Report
• Twitter Global CERTs/CSIRTs/ISACs list (Twitter is sort of defunct now though)
• MISP
• Threat Hunting w/ Python (Dragos)
• The Cyber Kill Chain (Lockheed Martin) - shellsharks
• CIS Critical Security Controls
• Practical Threat Hunting Training (Chris Sanders)
• MITRE ATT&CK

Join myself (@shellsharks) and VoidSec as we discuss Exploit Development and Vulnerability Research!

Show Notes

• VoidSec
• The Shellcoder's Handbook
• Offensive Security | EXP-401 | AWE | OSEE
• Google Project Zero
• PrintDemon (Alex Ionescu & Yarden Shafir)
• VoidSec CVE-2020-1337
• Zerodium
• Immunefi - Web3 has huge bounty payouts
• IDA Pro
• Burp Suite Professional
• 010 Editor
• Ghidra
• BinaryNinja
• The Art of Software Security Assessment
• RET2SYSTEMS Training
• Zero Day Initiative (ZDI)
• TrendMicro
• Corelan
• CVE North Stars
• Pwn2Own
• secret club
• UpdatedSecurity - Security Forum

Join myself (@shellsharks) and Bobby DeSimone, Founder & CEO of Pomerium as we discuss the Pomerium platform, context-aware access control and all things Zero Trust!

Show Notes

• Pomerium
• Latin meaning of "pomerium"
• Some fun with Latin on Shellsharks - The Enchiridion of Impetus Exemplar
• Jericho Forum, now The Open Group Security Forum
• BeyondCorp
• NIST SP 800-207: Zero Trust Architecture
• M-22-09: Moving the US Government Toward Zero Trust Cybersecurity Principles
• Q&A with Zero Trust Architecture Writers from NIST
• Rego Policy Language
• Open Policy Agent
• Istio Service Mesh
• Open Source Pomerium on GitHub
• 2021 Twitter Hack
• OASIS eXtensible Access Control Markup Language (XACML)
• HashiCorp Sentinel Framework
• Awesome Zero trust

A fascinating interview with Kevin Borders, where we discuss his origin story, time spent working on the NSA Red Team, growing a successful online collage business and his current venture, minware!

Show Notes

• TI-85 Graphing Calculator
• Number Munchers
• DragonRealms, Gemstone III 
• (current) NSA Student Programs
• Web Tap:  detecting covert web traffic
• University of Michigan PhD in CSE
• Executive Order on Improving the Nation's Cybersecurity
• U.S. Cyber Command
• Kevin's Usenix Security Publications - 
  • Chimera: A Declarative Language for Streaming Network Traffic Analysis + NSA Slides
  • Securing Network Input via a Trusted Input Proxy
  • Towards Quantification of Network-Based Information Leaks via HTTP
• SELinux
• Project Zero
• Kevin Borders on Quora
  • Does the NSA Have Better Engineers than Facebook or Google?
• About minware
• Halting problem
• Blackhat / Defcon
• 100% Prevention - LOL!
• What are some computer hacks that hackers know but most people don't?
• The Most Hated Man on the Internet
• NSO Group iMessage Zero-Click Exploit, FORCEDENTRY
• Okta breach 2022
• NIST SP 800-207: Zero Trust Architecture
• SolarWinds Breach
• How to Contribute to Open Source

Join myself (@shellsharks) and my good friend Mike (@QWORDsmith) as we discuss supply chain security via the SLSA framework, Web3 and more!

Show Notes

Preshow

• MITRE ATT&CK
• OWASP Docker Top 10
• OWASP Kubernetes Top 10

Main Show

• SLSA - Supply Chain Framework
• Software Artifact Provenance
• Software Attestations
• in-toto - Supply Chain Framework
• OpenSSF YouTube Channel
• SLSA Community
• SLSA Github
• slsa.dev
• OWASP Software Component Verification Standard
• Pocket
• NFTs, explains (The Verge)
• 2021 Gamestop short squeeze
• r/wallstreetbets
• GameStop NFT Marketplace
• Immortal Game
• Reddit NFT Marketplace
• Bored Ape Yacht Club + Roaring 20's
• CRYPTOCVES
• NVD + Mitre
• Moxie Marlinspike on NFTs and Web3
• Web3
• Web5 (lol)
• Bitcoin
• 51% attacks
• Poly Network cryptocurrency hack
• Web 3 is going just great
• Lattice-based cryptography

Postshow

• Chinese Housewife Wikipedia Misinformation
• Twitter verification

Join myself (@shellsharks) and Greg Edwards, CEO of CryptoStopper, as we discuss ransomware, existential cyber threats, the OST debate and more!

Show Notes

Main Show

• Greg Edwards
• CryptoStopper
• WannaCry ransomware
• Jigsaw ransomware
• Colonial Pipeline hack
• LambdaLocker
• Solarwinds Supply Chain Compromise
• 18 CIS Critical Security Controls
• Ransomware as a Service (RaaS)
• Ransomware Payments via Crypto
• OST Debate
• Shadow Brokers