This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Ubuntu Security Podcast와 비슷한 콘텐츠
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
A podcast about web design and development.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Episode 213
Manage episode 384249911 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.
Goings on in Ubuntu Security Community
Ubuntu Security team at the Ubuntu Summit (00:48)
- Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
- In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
Andrei publishes The Open Source Fortress (01:41)
- https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
- Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
- He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
- He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
- So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
- Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
- Designed to be worked through in your own time
UbuCTF at the Ubuntu Engineering Sprint (04:15)
- Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
- Organised around a story of cyber crime fighting against a criminal gang in Riga
- 5 days, 26 challenges, 64 players
- Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
- Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
- 457 flags submitted (110 correct), 47 patches submitted
- Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
- Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪
Get in contact
232 에피소드
공유
Manage episode 384249911 series 2423058
Alex Murray and Ubuntu Security Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Alex Murray and Ubuntu Security Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Overview
As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.
Goings on in Ubuntu Security Community
Ubuntu Security team at the Ubuntu Summit (00:48)
- Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
- In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
Andrei publishes The Open Source Fortress (01:41)
- https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
- Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
- He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
- He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
- So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
- Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
- Designed to be worked through in your own time
UbuCTF at the Ubuntu Engineering Sprint (04:15)
- Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
- Organised around a story of cyber crime fighting against a criminal gang in Riga
- 5 days, 26 challenges, 64 players
- Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
- Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
- 457 flags submitted (110 correct), 47 patches submitted
- Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
- Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪
Get in contact
232 에피소드
모든 에피소드
×
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
Ubuntu Security Podcast와 비슷한 콘텐츠
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
A podcast about web design and development.
…
continue reading
The American healthcare system is one of the most innovative in the world. But it’s also riddled with complex challenges, such as access to affordable medications, inefficiency and administrative burdens, and communication barriers between providers. There’s clearly a better way—and at Surescripts, we have a unique sightline into what that may be. In this series, host Melanie Marcus, Chief Marketing Officer of Surescripts, sits down with today’s most inspiring and innovative leaders in healt ...
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
