1. Here is one way to do forensics for free. Autopsy GUI.

    # vimeo.com/128819840 Uploaded 15 Plays 0 Comments
  2. Good morning. Welcome to Cyber Secrets. This new bi-weekly educational web series will cover topics ranging from the anonymity to data recovery to forensics to computer attacks. Our first episode of Cyber Secrets talks about anonymity on the internet.

    Jeremy Martin, the voice and creator of this video, explains that you can still maintain a level of anonymity with a little effort. Cyber Secrets was spawned while writing The Beginner's guide to the Internet Underground and will cover a lot of how-tos along with explanations of hacking, forensics, and general information security.

    Bio of the creator:
    Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995, Mr. Martin has worked with Fortune
    200 companies and Federal Government agencies. He has received numerous awards for service. He has been teaching Advanced Ethical Hacking, Computer Forensics, Data Recovery, SCADA/ICS security,
    Security Management, and more since 2003. As a published author he has spoken at security conferences around the world. Current research projects include SCADA security, vulnerability analysis, threat profiling,
    exploit automation, anti-forensics, and reverse engineering malware. In a past life, he was also a freelance artist

    Credentials: CISSP-ISSAP/ISSMP, CISM, NSA-IAM/IEM, CHS-III, CEICHFI/CEH/CNDA/ECSA/LPT, A+/Net+/Security+/Linux+, LPIC-I, CPT/CEPT/CCFE/CDRP/CASS/CSSA/CREA, ACSA, Novell CLA,
    CDCS, etc…

    Board of Directors for Infragard, Denver Chapter (2006-2009)
    CHS officer of American College of Forensic Examiners Int’l (2005-2008)
    Advisory Board for the Business Espionage Controls and Countermeasures Association

    Published work: The Art of Casual Wireless Hacking, The Beginner's Guide to the Internet Underground, & the Cyber Intelligence Report Contributing editor for Blacklisted 411, Engine Builder, EthicalHacker.net, Hackin9, IQ Magazine, Successful Dealer, and The Business Espionage Report (TBER). Work used in post graduate courseware.

    # vimeo.com/88453692 Uploaded 273 Plays 0 Comments
  3. Good morning. Welcome to Cyber Secrets. In this episode, we will cover anti forensics using the USB rubber ducky.

    Jeremy Martin, the voice and creator of this video, explains that you can still maintain a level of anonymity with a little effort. Cyber Secrets was spawned while writing The Beginner's guide to the Internet Underground and will cover a lot of how-tos along with explanations of hacking, forensics, and general information security.

    Bio of the creator:
    Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995, Mr. Martin has worked with Fortune
    200 companies and Federal Government agencies. He has received numerous awards for service. He has been teaching Advanced Ethical Hacking, Computer Forensics, Data Recovery, SCADA/ICS security,
    Security Management, and more since 2003. As a published author he has spoken at security conferences around the world. Current research projects include SCADA security, vulnerability analysis, threat profiling,
    exploit automation, anti-forensics, and reverse engineering malware. In a past life, he was also a freelance artist

    Credentials: CISSP-ISSAP/ISSMP, CISM, NSA-IAM/IEM, CHS-III, CEICHFI/CEH/CNDA/ECSA/LPT, A+/Net+/Security+/Linux+, LPIC-I, CPT/CEPT/CCFE/CDRP/CASS/CSSA/CREA, ACSA, Novell CLA,
    CDCS, etc…

    Board of Directors for Infragard, Denver Chapter (2006-2009)
    CHS officer of American College of Forensic Examiners Int’l (2005-2008)
    Advisory Board for the Business Espionage Controls and Countermeasures Association

    Published work: The Art of Casual Wireless Hacking, The Beginner's Guide to the Internet Underground, & the Cyber Intelligence Report Contributing editor for Blacklisted 411, Engine Builder, EthicalHacker.net, Hackin9, IQ Magazine, Successful Dealer, and The Business Espionage Report (TBER). Work used in post graduate courseware.

    # vimeo.com/89373928 Uploaded 133 Plays 0 Comments
  4. Good morning. Welcome to Cyber Secrets. In this episode, we will cover how to set up a simple tor hidden service using portable apps, XAMPP, and the Tor Browser Bundle. There are more secure ways of doing this if you are willing to put in the time and effort, but this is a quick, down, and dirty way to get on up in seconds.

    Jeremy Martin, the voice and creator of this video, explains that you can still maintain a level of anonymity with a little effort. Cyber Secrets was spawned while writing The Beginner's guide to the Internet Underground and will cover a lot of how-tos along with explanations of hacking, forensics, and general information security.

    Bio of the creator:
    Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995, Mr. Martin has worked with Fortune
    200 companies and Federal Government agencies. He has received numerous awards for service. He has been teaching Advanced Ethical Hacking, Computer Forensics, Data Recovery, SCADA/ICS security,
    Security Management, and more since 2003. As a published author he has spoken at security conferences around the world. Current research projects include SCADA security, vulnerability analysis, threat profiling,
    exploit automation, anti-forensics, and reverse engineering malware. In a past life, he was also a freelance artist

    Credentials: CISSP-ISSAP/ISSMP, CISM, NSA-IAM/IEM, CHS-III, CEICHFI/CEH/CNDA/ECSA/LPT, A+/Net+/Security+/Linux+, LPIC-I, CPT/CEPT/CCFE/CDRP/CASS/CSSA/CREA, ACSA, Novell CLA,
    CDCS, etc…

    Board of Directors for Infragard, Denver Chapter (2006-2009)
    CHS officer of American College of Forensic Examiners Int’l (2005-2008)
    Advisory Board for the Business Espionage Controls and Countermeasures Association

    Published work: The Art of Casual Wireless Hacking, The Beginner's Guide to the Internet Underground, & the Cyber Intelligence Report Contributing editor for Blacklisted 411, Engine Builder, EthicalHacker.net, Hackin9, IQ Magazine, Successful Dealer, and The Business Espionage Report (TBER). Work used in post graduate courseware.

    # vimeo.com/89378693 Uploaded 352 Plays 0 Comments
  5. Good morning. Welcome to another episode of Cyber Secrets. In this episode, we will cover basics of the Heartbleeding / Heartbleed / Heartbleeded attack and how it can effect you. If you do not believe it could, think again... Nice shirt by the way...

    Here is a problem/solution explanation for those that are interested.
    - The video can also be found at http://youtu.be/FDgaHDeKIkI

    To quote heartbleeding.org, "The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."

    To be fair, this is a simple stupid bug that any programmer could fix and yet most programmers still make on a regular basis. Basically, someone forgot to validate a variable just like 95% of the vulnerabilities out there. Simple as that. Since it is Open Source, everyone had the opportunity to see it, but as most simple mistakes, no one does. It is not just the programmer that wrote the code that is at fault, but EVERYONE that used the code because they ALL had the chance to look at it and fix it. The unfortunate result of this colossal blunder is that this one simple mistake made OpenSSL practically useless since it would allow an attacker to see the "protected" data anyway. This is not a call to stop using Open Source. It is a statement that everyone should understand that they could have fixed it if they cared to look. This is actually the biggest benefit of Open source.

    The Heartbleed attack works like a buffer overflow. memcpy copies data, but it has three variables. The first variable is the final destination of the data to be copied. The second variable is the location of the data to be copied. The third variable is the amount of data... Just like in a buffer overflow, you alter the last section or amount, and you can start to read what was in the buffer. And like this old buffer overflows, it comes down to trusting the variable without validation. For example; if the payload claims to be 64k when it is really 0 KB, you have data leakage...

    What information could be leaked?
    * digital certificates
    * Usernames/Passwords
    * Medical information
    * Bank account details
    * You name it

    How do you fix it?
    * Update. Then change sensitive information like passwords.

    What do you have to do when a certificate has been compromised?

    Revoke the cert. Issue a new cert through the Registration Authority (RA). Request new cert from Certificate Authority (CA). Issue the new cert. Unencrypted ALL data encrypted with the old cert. Re-encrypt that data with the new cert. Destroy the old cert. Not doing this means your are doing it wrong and are a risk to the organization. Same as assuming the certs were not compromised. This is the cost of doing business in the Tech age.
    ---

    If you have any questions or comments, please feel free to fire away.

    # vimeo.com/91816472 Uploaded 13 Plays 0 Comments

Cyber Secrets

Jeremy Martin

The web series Cyber Secrets walks you though cyber security while covering digital forensics, hacking, intelligence gathering and much more. If you are a computer geek, a security guru, or just want to know what is possible in the digital age, watch…


+ More

The web series Cyber Secrets walks you though cyber security while covering digital forensics, hacking, intelligence gathering and much more. If you are a computer geek, a security guru, or just want to know what is possible in the digital age, watch Cyber Secrets. You just may learn something.

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.