Ever wondered how hackers work?
On this episode we brought back Information Security (InfoSec) professional and Certified Ethical Hacker, Frank Trezza, to tell us.
He helps illuminate where various data vulnerabilities are and how to shield yourself from them.
Information Security is the practice of protecting information from unauthorized access, theft and other inappropriate uses without the consent of the data owners.
Rather than becoming a victim, take precautions to protect yourself with some simple steps anyone can do.
After listening to this episode you will learn:
- What is Red, Blue and Purple Teaming
- Who are some Authorities and Certifying Bodies in InfoSec and Cybersecurity
- How digital isn’t the only way to break into places hacking-wise
- About the code of the street in lock picking communities
- A story of one hacker who broke into the wrong bank and what happened
- How there are specific rules of engagement with Pen Testing
- A variety of vulnerabilities and what the attack vector was
- How to protect yourself from hackers with these simple techniques
Subscribe to ETM
Hackers Show Notes
- Red Team
- Blue Team
- Purple Team
- Managed Security Service Provider (MSSP)
- David Kennedy
- Deviant Ollum
- PHYSEC
- Burp Suite
- Port 443
- The Open Organisation of Lockpicking (TOOOL)
- Chris Hadnagy Human Hacker
- Deus Ex
- What’s the Difference Between Phishing, Smishing and Vishing?
- What Is a Whaling or Whale Phishing Attack Online?
- PenTest Execution Standard
- Cloud Security Alliance (CSA)
- Information Systems Security Association (ISSA)
- The Open Web Application Security Project (OWASP)
- SANS
- ISO 27001
- NIST Cybersecurity Framework
- MITRE ATT&CK®
- Offensive Security Certified Professional (OSCP)
- EC council – Certified Ethical Hacker (CEH)
- Binary Defense Systems
- TrustedSec
- Would the RESTRICT Act criminalize the use of VPNs?
- Hikvision [Camera] Backdoor Confirmed
- Android app from China executed 0-day exploit on millions of devices [ars Technica]
- Electronic Frontier Foundation (EFF)
- The WIRED Guide to Net Neutrality
- Internet of Things (IoT)
- Supervisory Control and Data Acquisition (SCADA)
- DNS Sinkhole
- Great Firewall of China [Make Use Of]
- Internet Corporation for Assigned Names and Numbers (ICANN)
- Google Confirms Android Smartphone Security Backdoor [Forbes]
- Software Bill of Materials (SBOM)
- US finds Huawei has backdoor access to mobile networks globally, report says [cnet]
- Firmware
- Rust Programming Language
- Log4j
- Red Balloon Security
- SummerCon
- Zero Day Marketplace Zerodium
- Exploit db
- Shodan
- Tax Prep Site eFile.com Delivered Malware to Users for Weeks
- Magecart attack: What it is, how it works, and how to prevent it
- Malvertising
- Malwarebytes
- Brave
- LastPass
- NordPass
- KeePass
- Okta
- Google Authenticator
- Exposing Weakness Before It’s Exploited with Jayson E. Street [Easy Prey Podcast]
- It’s time to stop using SMS for anything.
- Oracle Virtual Box
- Proxmox
- Frank Trezza Twitter | LinkedIn
Action Items for Protection from Hackers
- Ensure you have a reputable Anti-Virus software up to date
- For malware protection, look into Malwarebytes
- Use a secure web browser like Brave
- Research Virtual Private Networks (VPNs) and use a reputable one
- Do not use the same passwords, ever
- Use a password manager to help with this if desired
- Do not use texts or SMS for account/identity verification (they are extremely vulnerable to hacks)
- Instead, enable 2-factor Authentication with Google Authenticator or Authy (Research them and see what you like)
- Learn how to use them and segment your activity with Virtual Machines (VMs) so that you don’t expose your host machine to the Web (particularly for sensitive activities like banking)
- To do this, look into software for virtualization called hypervisors like Virtual Box, VMware Workstation, ESXi, and Proxmox
- Be vigilant especially with emails or links sent to you
- Follow your gut instinct and do not take any chances if something feels off. Double check with the alleged sender if a friend/family or company and report to email providers when appropriate.
Further Reading
- ETM Show #0: Introducing Ourselves and Your Emerging Tech Journey
- Emerging Technology 101
- ETM Show #5: What is Information Security, Penetration Testing and Ethical Hacking? (The previous show we did with Frank)
