This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Ubuntu Security Podcast
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Episode 213
Manage episode 384249911 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.
Goings on in Ubuntu Security Community
Ubuntu Security team at the Ubuntu Summit (00:48)
- Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
- In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
Andrei publishes The Open Source Fortress (01:41)
- https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
- Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
- He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
- He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
- So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
- Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
- Designed to be worked through in your own time
UbuCTF at the Ubuntu Engineering Sprint (04:15)
- Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
- Organised around a story of cyber crime fighting against a criminal gang in Riga
- 5 days, 26 challenges, 64 players
- Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
- Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
- 457 flags submitted (110 correct), 47 patches submitted
- Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
- Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪
Get in contact
248 قسمت
اشتراک گذاری
Manage episode 384249911 series 2423058
محتوای ارائه شده توسط Alex Murray and Ubuntu Security Team. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Alex Murray and Ubuntu Security Team یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Overview
As we ease back into regular programming, we cover the various activities the team got up to over the past few weeks whilst away in Riga for the Ubuntu Summit and Ubuntu Engineering Sprint.
Goings on in Ubuntu Security Community
Ubuntu Security team at the Ubuntu Summit (00:48)
- Preparation for Riga Product Roadmap Sprint, Ubuntu Summit and Engineering Sprint from Episode 212
- In the last episode we previewed a couple talks by different folks from the Ubuntu Security Team - recordings for these will be available but currently there is only the livestreams from the main plenary room - as such, right now you can go watch Tobias’ talk “From Asahi Linux to Ubuntu: Running Linux on Apple Silicon”
Andrei publishes The Open Source Fortress (01:41)
- https://discourse.ubuntu.com/t/the-open-source-fortress-is-now-live/40183
- Back in August, Andrei put out a call for topic suggestions for a vulnerability discovery workshop that he was putting together, with a particular focus on open source code bases
- He presented this in a 90 minute session 2 weeks ago on the final day of the Ubuntu Summit
- He covered a number of topics with a focus on practical application of each using dedicated tooling, e.g.:
- Threat modelling with OWASP Threat Dragon
- Secret scanning with Gitleaks
- Dependency scanning with OSV-Scanner
- Linting with Bandit and flawfinder
- Code querying with Semgrep
- Fuzzing with AFL++
- Symbolic execution with KLEE
- So not only did participants learn about a given technique, such as what fuzzing is etc, but also how they can easily apply it with standard tooling to find real world problems
- Due to the success of the workshop, he has decided to make the contents publicly available
- Online wiki https://ossfortress.io/
- Presentation from the Summit
- Github repository with example projects to run the various tools against
- Pre-built docker images for the various tools used in the workshop
- Designed to be worked through in your own time
UbuCTF at the Ubuntu Engineering Sprint (04:15)
- Emi, Nishit, Andei, Amir and David from the team organised and held the first UbuCTF at the Engineering Sprint the week after the Ubuntu Summit
- Organised around a story of cyber crime fighting against a criminal gang in Riga
- 5 days, 26 challenges, 64 players
- Challenges covered a variety of topics
- Networking
- Web
- Crypto(graphy)
- Reverse engineering
- Pwning
- Vulnerability Patching
- Gave experience using tools like Wfuzz, Pwntools, cutter / rizin / radare2, Ghidra, Wireshark, insomnia and more
- 457 flags submitted (110 correct), 47 patches submitted
- Result was very close - won by Anton Troyanov (Senior Engineer on the MAAS team)
- Ubuntu Security team members were barred from competing as we had previously worked on these challenges - BUT shout out to Sudhakar Verma who just joined our team only 4 weeks ago and so didn’t have any prior experience with this CTF - managed to solve every single challenge 💪💪💪
Get in contact
248 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Ubuntu Security Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
The Fragmented Podcast is the leading Android developer podcast started by Kaushik Gopal & Donn Felker. Our goal is to help you become a better Android Developer through conversation & to capture the zeitgeist of Android development. We chat about topics such as Testing, Dependency Injection, Patterns and Practices, useful libraries, and much more. We will also be interviewing some of the top developers out there. Subscribe now and join us on the journey of becoming a better Android Developer.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
