Hello friend 👋
I hope you're all well. I spent last week in Ayr on the West coast of Scotland. It was great fun with my almost two-year-old girl running around on the beach and a welcome break from all things cyber-security.
Even though I've been away, I've kept my eye on things late at night when everyone is fast asleep and there have certainly been some interesting developments.
Let's get started!
Back in 2016, Uber got hacked, the hackers stole loads of customer data, and the CISO paid the hackers $100k through the bug bounty program and made them sign non-disclosure agreements. Not exactly what bug bounty programmes are for. The kicker is that the CISO didn't reveal the full extent of this incident to upper management. However, as of this week, that CISO is facing 8 years in jail 🤯 I think it's important to note, it's not because he paid the hackers. It's because he interfered with a Federal investigation. The lesson? Have ethics. Tell the truth. You'll be fine.
You may recall from last weeks newsletter, the two Microsoft zero-days in their Exchange system. Since its announcement, Microsoft has provided three 'fixes' for the bugs. And every time a fix has been released, hackers have gotten around it within hours. I always find this game of cat and mouse interesting. Microsoft is one of the wealthiest companies in the world. Why not pay these top-tier hackers a million dollars per year to work there? We'll have to keep watching out for a lasting patch in the near future. The lesson here is that you can't trust any of these companies to make you unhackable. It's all about layers/defence in depth and good people to monitor for bad things happening on your network.
I'm working on version 2 of my SWITCHFIRE course and it won't be aimed at just military folk. I'm expanding the scope to include...well:
Version 1 of the course was a great success and I'm super excited to share Version 2 with you in the coming months. Watch this space!
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Fun Things This Week
📽 My New Video
Kali Linux Overview of Beginners: This is a simple video for people who are totally new to Kali Linux. This thumbnail was great fun to make and a little fiddly too! Looking forward to getting better at building these
The latest episode of Darknet Diaries is on Jeremiah Roe, a seasoned penetration tester. In this episode, he tells us about a time when he had to break into a building to prove it wasn’t as secure as the company thought. It was a thrilling episode and if you're interested in breaking into companies as a profession...this one is right up your street!
👾 Cool Tools
- Wireshark got updated to version 4.0! A whole bunch of visual and quality of life improvements. I'll be testing this one out during the week. If you're keen to intercept and analyse network traffic, Wireshark is for you.
- Arsenal is a simple Bash script used to install the most important hacker recon tools for your environment. I wrote something similar a few years back but this one is more advanced. It's worth picking apart the Bash script yourself to see how slightly more advanced scripting works.
P.S. Some of the links in this newsletter are affiliate links and help support my content. Thank you for your support! ✌️