7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle
7 Minute Security9 Mars 2020

7MS #403: 7MOOMAMA - Juice Shop Song + Backdoors and Breaches Jingle

Today's slightly off-topic episode kicks off a new tag called 7MOOMAMA. That stands for 7 Minutes of Only Music and Miscellaneous Awesomeness.

To kick things off, I'm super excited to share with you two new security-themed songs for some of my favorite security things! They are:

Enjoy!

Backdoors and Breaches

Backdoors and Breaches
I love the way teaches me to think about security controls
And their proper placement

Backdoors and Breaches
I can’t wait to blow my paycheck just to get myself a game deck and then move
Out of my mother’s basement

Soon I’ll be sittin’ down and playing it with my red and blue teams
Or John and gang at Black Hills Info Security
And when I go to bed tonight I know what’s gonna fill my dreams
Backdoors and Breaches

Juice Shop

VERSE 1
When you want to shop online then you had better be sure
The experience is safe and also secure
Don't want to let no SQLi or cross-site scripting ruin your day
No, you want to break into a joyous song and say:

CHORUS 1
Juice Shop! Juice Shop!
You can order tasty beverages in any quantity
Juice Shop! Juice Shop!
Just don't test the site with Burp Suite or you won't like what you see

VERSE 2
Now if you're feeling kinda sneaky and you're inclined to explore
You might find inside the Juice Shop...a hidden score board
It will point you towards a vuln'rability or maybe two
And when you're done you'll say, "This site should get a code review!"

CHORUS 2
Juice Shop! Juice Shop!
It has got more holes then a warehouse filled with gallons of Swiss cheese
Juice Shop! Juice Shop!

...finish the songs at 7ms.us

Avsnitt(689)

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family’s life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in your household, I’d recommend making sweeping network changes when your family members aren’t around (i.e. changing the wifi password :-)…

29 Mars 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes with a whole slew of companion materials like a pre-assessment test, flashcards and 3 full practice exams.…

22 Mars 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vulnerabilities that Byte (audio) Show notes: RC4 – a risk that we find just about anywhere SSL is used, but in…

15 Mars 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don’t have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS requests to just the ISP servers (or whatever external servers you use). Anytime a firewall rule is changed, perform a vulnerability scan…

8 Mars 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don’t have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for all devices except your mail server(s). If you use a third party mail filter like Postini or Securence, ensure that…

1 Mars 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: There are often two trains of thought in regards to enterprise gear patching (like routers, switches, firewalls). 1. If it ain’t broke, don’t…

22 Feb 20146min

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we’re seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Most organizations have the Microsoft side of the house patched well – but the third party apps (Java/Flash/Reader/etc.)? Not so much…but that’s just…

13 Feb 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The Importance of Logging and Alerting! (audio) Show notes: Public-facing terminal servers without 2FA basically have a sign on their back that…

1 Feb 20147min

Populärt inom Politik & nyheter

svenska-fall
p3-krim
rss-viva-fotboll
rss-krimstad
flashback-forever
fordomspodden
rss-sanning-konsekvens
rss-vad-fan-hande
aftonbladet-daily
olyckan-inifran
svd-dokumentara-berattelser-2
dagens-eko
rss-frandfors-horna
motiv
krimmagasinet
rss-krimreportrarna
blenda-2
svd-nyhetsartiklar
spar
the-power-meeting-podcast