Category: Noname

Looking into AI, there are vast aspects of how to build a thinking machine. Who’s working with this, and how they pursue their goal of making thinking machines, can be categorised to social groups, or tribes, according to Toby Walsh in his book; Android Dreams.

The learners. Just as we humans learn, the computers must too. It can be supervised, semi-supervised and unsupervised. They can be divided in the following groups:

• symbolists; logics, using inductive reasoning to determine the cause A of a result B
• connectionists; neuroscience inspired, learning from continuous signals interconnected, e.g, Deep Learning
• evolutionaries; finding the best computational model, e.g., inspired by “the survival of the fittest” theory
• Bayesians; statistical approach, probability theory of the Bayes theorem
• analogises; other spaces, where observed problems can be used to solve others

The reasoners, such as the rules of thought, knowledge and uncertainty, orchestrated to fit a purpose.

The robotics, making computers create their perception of the real world, using cameras, microphones, and other data sources. In a way, combining reasoning and learning.

The linguists, making computers learn our language and how we communicate.

Common for all tribes are that they can be defines as botht neats (mathematical precision) and scruffies (by chance, great chance).

Started playing with the freely available VMs from FireEye. Seems like nice Windows based alternatives to Kali and Parrot OS for at least basic pentesting and forensics tools. Personally I like Kali for its sustainability in the market, frequent updates and tools arsenal. However Parrot has grown on me with its sleek design.

Anyways, it seems FireEye got a lot from acquiring Mandiant a while ago. The Redline toolkit is quite nice, so it will be interesting to see how these two plays out:

Commando VM is for penetration testing, see Github.

Flare VM is for malware analysis.

Google just published a fourth article om how they implement(ed?) BeyondCorp. Great lessons learned from the creators of the all so fuzzy concept “zero trust”.

Nice read: How Google adopted BeyondCorp: Part 3 (tiered access)

To play with, of course. See Kali Nethunter App Store.

From time to time we experience web sites and services are not working properly or is unavailable. To check if it’s me, my network, device, or the service itself I like Downdetector a lot. Based on user reports it is quite accurate and gives you a nice history of events if need be.

The NICE (NICE Cybersecurity Workforce Framework) initiative is lead by NIST as an initiative to boost cybersecurity education. It offers tools to assess and build cybersecurity workforce in organizations, private and government and supports cross-sectoral efforts for information and competancy sharing as utilized by the Japanese, cool! A Japanese government driven Cross-Sectoral Forum picked the NIST Framework to build in-house cybersecurity positions and organisations.

I especially like the reference spreadsheet as it can be used to map work roles required for completeness and the associated relevant knowledge. Further NIST have preliminary work for training plans. Check it out!

Techjunkie made a nice list of the most common temp mails out there:

• Mailinator
• Guerrilla mail
• 10 minute mail
• And more… See Techjunkie

For reference, there are a lot of platforms to play for free with security preventive tools and techniques as well as vulnerabilities. OWASPs Juice Shop gives lets you play with the Top 10 OWASP risks. PwnAdventure lets you test your skills in hacking games.

OWASP Juice Shop is supposed to be the opposite of a best practice, how great is that! The Pwning Juice Shop book gives you a nice start.

CTFd is a Capture The Flag (CTF) framework that guides you in how to set it all up.

And then you have the common cloud platforms, AWS, Azure, Google Cloud, DigitalOcean etc. to easily set up and test security features on easy-to-deploy infrastructures, platforms and/or applications. Have to mention Heroku, a platform for apps, including Juice Shop as just mentioned.

Talking about cloud, do not miss Twistlock! They also facilitate CTFs, such as the T19 challenge (Docker image).

..Interesting!

Check the new insider build, outlined by Bleepingcomputer.

In november Microsoft and Adobe was offering a set of security updates. Check how ZeroDay Initiative covers it.