Presented by Redeployable
Redepoyable is on a mission to get 5,000 UK military service leavers into tech careers over the next 5 years. We’re fiercely loyal, to the veterans we serve and the customers who invite them into their teams. Once you’re in our community, we will always consider you one of our own. We'll match your profile to roles across tech, defence, space, telco and energy so that you can see which employers value your skills, experiences and education. Sign up for Redeployable for free today.
Hello friend 👋
This week I had the chance to do something a little different. I interviewed 5pider, the high-school-going author of a powerful offensive security framework. It's called Havoc and it's been making the headlines lately as an open-source competitor to Cobalt Strike as it's been seen being used by threat actors in real attacks. After seeing these attacks in the wild, I reached out to 5pider on Twitter to hear his side of the story and we had a nice chat over email. If you're looking for a project to help get you started in cybersecurity, I'd suggest you read the interview. 5pider's story is that of dedication and applying his knowledge.
Also this week:
The hacking of LastPass continues
LastPass has been battling hackers since August last year, and now it appears that those hackers targeted a LastPass DevOps engineer’s personal computer and exploited a vulnerability in third-party media player software. This allowed them to install a keylogger that captured the employee’s keystrokes. This enabled the hacker to capture the employee’s master password as it was typed in and gain access to the engineer’s corporate LastPass vault. Read more.
The National Cybersecurity Strategy
The U.S. government published its new National Cybersecurity Strategy, forcing regulation on critical infrastructure vendors and giving the go-ahead for a more aggressive ‘hack-back’ approach when combating threat actors. The strategy has five pillars:
- Defend Critical Infrastructure
- Disrupt and Dismantle Threat Actors
- Shape Market Forces to Drive Security and Resilience
- Invest in a Resilient Future
- Forge International Partnerships to Pursue Shared Goals
You can read the full document on the White House's website.
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Gary ✌️
Fun Things This Week
📽️ Gear
I've been torn on an Apple Studio Display or another ultrawide display to increase the real estate in my setup. I finally pulled the trigger and settled on the larger version of the LG monitor that I currently use. This one is the LG 34" 1440p Ultrawide. It's a pleasant upgrade from my 1080p one and is 5" larger. If you're in the market for an ultrawide, I honestly can't fault this one so far! I did have to buy a new mounting arm for all this, so I picked up this super cheap, but surprisingly well-made one from Amazon.
🎙️ Podcasts
On Smashing Security this week they discussed why TikTok's influence is being targeted, how your voice might not be the best tool to protect your bank account anymore and a whole lot more! Listen on: Spotify or Apple Podcasts.
👾 Cool Tools
Drone-ID Receiver for DJI OcuSync 2.0 is a Python-based tool that can pinpoint a DJI drone pilot's exact location. This is an interesting problem when these drones are being used in war zones.
Havoc is the open-source alternative to Cobalt Strike developed by 5pider. An incredible feat of self-taught coding by a person with "zero cybersecurity experience".
Whenever you’re ready, there are a few ways I can help you:
1. If you'd like to get daily cyber news updates, follow Tearline on LinkedIn or join the Telegram channel.
2. If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.
3. If you want to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.
4. If you'd like to promote yourself or your business and help keep this newsletter free to its readers, you can sponsor it by dropping me an email.
.svg){kind=small}
.svg){kind=small}