Episode 213

Ubuntu Security Podcast

محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

8M ago 9:09

MP3•خانه قسمت

Overview

As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.

Goings on in Ubuntu Security Community

Ubuntu Security team at the Ubuntu Summit (00:48)

Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
- https://youtu.be/XIGxKyekvBQ?list=PL-qBHd6_LXWZqbxr3542fZs_IMn0gAb2B&t=20272

Andrei publishes The Open Source Fortress (01:41)

https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
Designed to be worked through in your own time

UbuCTF at the Ubuntu Engineering Sprint (04:15)

Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
Organised around a story of cyber crime fighting against a criminal gang in Riga
5 days, 26 challenges, 64 players
Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
457 flags submitted (110 correct), 47 patches submitted
Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪

Get in contact

237 قسمت

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Episode 213

Ubuntu Security Podcast

143 subscribers

published 8M ago

اشتراک گذاری

MP3•خانه قسمت

Overview

As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.

Goings on in Ubuntu Security Community

Ubuntu Security team at the Ubuntu Summit (00:48)

Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
- https://youtu.be/XIGxKyekvBQ?list=PL-qBHd6_LXWZqbxr3542fZs_IMn0gAb2B&t=20272

Andrei publishes The Open Source Fortress (01:41)

https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
Designed to be worked through in your own time

UbuCTF at the Ubuntu Engineering Sprint (04:15)

Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
Organised around a story of cyber crime fighting against a criminal gang in Riga
5 days, 26 challenges, 64 players
Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
457 flags submitted (110 correct), 47 patches submitted
Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪

Get in contact

237 قسمت

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

همه قسمت ها

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

مشابه Ubuntu Security Podcast

پادکست هایی که ارزش شنیدن دارند

Ubuntu Security Podcast « » Episode 213

Overview

Goings on in Ubuntu Security Community

Ubuntu Security team at the Ubuntu Summit (00:48)

Andrei publishes The Open Source Fortress (01:41)

UbuCTF at the Ubuntu Engineering Sprint (04:15)

Get in contact

Episode 213

Overview

Goings on in Ubuntu Security Community

Ubuntu Security team at the Ubuntu Summit (00:48)

Andrei publishes The Open Source Fortress (01:41)

UbuCTF at the Ubuntu Engineering Sprint (04:15)

Get in contact

پادکست هایی که ارزش شنیدن دارند

به Player FM خوش آمدید!

مشابه Ubuntu Security Podcast

راهنمای مرجع سریع

Ubuntu Security Podcast « »
Episode 213