Categories
Podcast Episodes Uncategorized

Tis the Season for Cybercrime: 5 Things you can do to protect yourself this holiday season.

Hello again internet, its me your host the Script Kitty: Killer Kat! Once again the holidays are right around the corner and I have a special gift for you, 5 things you can do to protect yourself from cyber crime this holiday season.

Whether you are looking under the tree for a new VR headset, a smart home device, or anything else WiFi enabled there is one thing for sure, black hat hackers are waiting for their own present, the thousands of unpatched devices that go online every year on December 25th. Every holiday season thousands of people receive new devices as gifts and in a rush to use their new devices many people, especially younger people skip installing device updates before connecting and using the device. To a hacker an unpatched device is a goldmine, many security updates contain fixes for well known security issues and when a device is left unpatched it allows hackers to gain easy access by exploiting well known security flaws. Because cyber criminals know lots of unpatched devices will go online on December 25th many of them search for and target these unpatched devices, but the good news is that knowledge goes both ways and that brings us to my first tip: Update and setup devices before gifting them. If you have a game console, computer, phone, or any other device you are planning to gift to someone this year (especially if that person is younger) take the time to install software updates and set up the device before hand. Not only will this protect the device from opportunistic cyber criminals but it will also save your loved ones valuable time spent waiting for software updates to download and install on Christmas morning.

Installing software updates will keep your devices from getting hacked through outdated software but what about more deceptive social engineering based attacks. Well its sad to say but the holidays are a prime time for cyber scams such as phishing, with many cyber criminals exploiting the chaos of the holidays to craft convincing looking emails or phone scams designed to trick you into loosing your valuable data. If you get an email that informs you of a problem (Usually with an online shopping order) and provides a link that then asks you to reenter your login information, then there is a good chance that you have fallen victim to a classic phishing scam. Lucky I have some tips to help you avoid these scams, if you are presented with a login page close that page of your browser and manually enter the website directly, this prevents hackers from using fake websites to steal your login information. Even though the idea of a fake website seems a little crazy at first glance, through a combination of almost identical URLs and exactly copying the original webpage’s HTML (Which is the information your web browser uses to show you what a website looks like) these fake websites have fooled even experienced Cybersecurity experts and high ranking government officials.

On the topic of shopping online, this next topic is something I’ll be exploring in future episodes so if you haven’t already please consider subscribing so you don’t miss out on those and all the rest of the fascinating content I have in store for the CyberKat Cafe! With that said our third topic is online shopping. Be it fake 5 star reviews, counterfeit and mislabeled goods, or even straight up scams the holiday season is rife with online shopping based cyber attacks. Some things to watch out for while shopping online are: Fake 5 star reviews, many online brands have been bribing regular users on sites like Amazon to leave 5 star reviews in exchange for free products and sometimes cash or gift card payments. While this goes against the rules of basically every online market place I have reported this behavior directly to amazon and they declined to comment, I’ll also note that as of time of writing they have also not taken visible action against the companies and people involved in this. So since Amazon is not going to take these reviews down, I’ll help you spot them. The first thing to look for are vague 5 star reviews that don’t really say anything about the product, usually something like “Its great!” or “I bought this for someone and they loved it!”, especially look out for “I haven’t received/used this yet but it looks great!” many of these fake 5 star reviews get a rebate on the purchased item that is only applied once they have left the review so they will often times leave a review before they actually get the product so they can get their rebates early. I’ll be going further in depth on my research into this issue so if that is something that interests you watch this space.

Another thing to look out for while shopping online is SEO or Search Engine Optimization. Now SEO by itself is not malicious, perhaps a little manipulative or deceptive but never the less a standard practice used by organizations to improve online visibility. SEO takes advantage of the way search algorithms work to make something appear more frequently or higher up in searches. Have you ever seen an amazon post with 30 different keywords in the product name before getting to what the item is actually called? Usually something along the lines of “| Gift for him | Gift for her | Travel |For home | gift for men ” etc. That is a classic example of SEO in action, because these keywords are so effective at getting visibility and selling products they are often combined with other scams such as the fake reviews mentioned above. Real companies with established brands don’t use SEO like this to grab attention, and while not every product with a word salad title is a scam the majority of them are low quality and not worth your money.

So you have your gifts bought online safely, software updates installed, you’re safe right? Well almost, there is one last way that black hat hackers take advantage of the holiday season and that’s through holiday apps with hidden malware. As reported by Barracuda Networks hackers are using holiday themed android applications to infect users phones with malware. Now malware on Android is nothing new, I even have an upcoming episode on the disturbing prevalence of Android malware. The best way to protect yourself against this malware is to only download apps from official market places such as the Google Play Store, however even the Play Store is rife with malware. Be cautious of downloading free apps and of apps that ask for unnecessary permissions. There are many kinds of malicious apps, some slow your phone down by using its resources to mine Cryptocurrency or to show you thousands of invisible ads to farm ad revenue. Some will steal your information or encrypt your phone. But no matter what kind it is, malware is certainly something you don’t want to get for Christmas.

My 5th and final tip is to share this with someone, Cybersecurity works best when everyone is informed and educated about best practices. The human element is often one of the easiest things for hackers to exploit but with proper education it can also be one of the greatest defenses. This holiday season take the time to share this with someone you love so they can be informed and protected against cyber criminals. And if you enjoyed this please remember to subscribe so you can be notified whenever new content is available.

And with that said, until next time this is Killer Kat signing off, stay safe out there, and don’t forget to have a merry Christmas and a happy New Year!

Categories
Meta

A signal through the noise: The CyberKat Cafe podcast goes live.

Hello internet! Welcome back to the CyberKat Cafe with me your host the Internet’s resident Script Kitty, Killer Kat! For the first time ever available in audio format.

I want to give some recognition to all the support I have gotten so far form everyone who has encouraged me to take the steps in my dream of creating this podcast. Thank you all, I could not have done this without you!

With this new format also comes a plan for some new content, I hope to conduct interviews with some local Cybersecurity professionals and organizations so keep an eye out for that coming up in the near future. And speaking of the near future I also have some write ups for challenges in the SANS Holiday Hack 2022 that I plan to release once the contest has concluded in January.

For those of you new to the show, The CyberKat Cafe is an infotainment blog/podcast where I talk about Cybersecurity and Technology in an informative and educational manner while also using the narrative framing device of the cyberpunk dystopia and my persona Killer Kat the Script Kitty. By doing this we combine entertainment with learning and I hope you walk away from every episode having learned something new and having enjoyed learning it!

I have a lot of exciting things planned for this Podcast and if you want to be a part of the team or want to appear as a sponsor please reach out to me at our website https://cyberkatcafe.com/. (That’s here if you’re reading this on the blog!)

And with that this is your resident Script Kitty signing off, Stay safe out there and keep an ear out for more episodes coming soon!

Categories
Meta

Future of the blog: Looking for Webdesign help

Hello Internet, I’m sure you all know that blogs don’t die with a bang but with a thousand “Future of the blog” posts. But this hopefully does not foreshadow such a grim fate for us.

When I started this blog I had the idea in my head of a Educational / Entertaining blog with the idea of me the titular Script Kitty broadcasting my hacker show across the cyberpunk dystopian future. To this end I did my best to match the Cyberpunk aesthetic with the garish colors of my blog however I am no webdesigner. So this is where you come in, if you are a student web designer and are interested in working on designing my blog please contact me, I am of course willing to compensate you for your work and even pay you half up front as a show of good will.

As I am also a college student with limited funds I am not interested in any professional designers as I’m sure I would not be able to afford to compensate a seasoned professional (nor is my blog important or complicated enough to require such experience), but if you are a web design student and are looking for one of your first gigs then let me know and we can discuss details.

I’m looking for a cyberpunk theme that is functional but also stylized, heavy inspiration from Scifi/Cyberpunk terminals and monitors.

I am also hoping to start a podcast segment as well, so hopefully I’ll be able to gather the resources to work on that sometime in the near future. Then I can really learn into my Cyberpunk hacker DJ persona, while also helping to provide accessible education to a wider audience.

With that it is time once again for me to say until next time, but before I sign off please enjoy this AI generated rendition of what my Cyberpunk Radio station base would look like according to Hotpot.ai

And with that your faithful Script Kitty is once again signing off, stay safe out there and remember not to eat anything called Soylent Green even if you get a good price from the order terminal.

Categories
Uncategorized

Windows is slowing down your PC! : 30 Windows services you can disable right now.

Hello Internet, soy tu gatito guion residente. And today I have a topic that effects the majority of computer users and that is windows overhead wasting system resources. This is a topic that many in the tech sphere have covered before and indeed you can even download a PowerShell script that will disable many of these services and telemetry functions. However the problem with this one size fits all approach is that there may be a legitimate reason you want to run one or more of these services or features.

Knowledge is power so today I am going to describe some of the most common of these services, what they do, and why you might want to keep them. I’ll also include a brief guide on how to disable these services so that you can configure your computer to your preferences. Without further ado lets begin; There is a menu on your computer called “Services” the easiest way to access this menu is to simply search for “Services” in your windows search bar. You should see a window that looks like this:

The windows services menu.

Once you’re here the process for disabling a service is as easy as right clicking on a line item, clicking properties and then changing the startup type to disabled in the drop-down menu seen here:

Now that you know how to disable these services lets talk about what they do and why you might want to disable them. Here is a short list of some of the most commonly disabled services and what they do.

  1. Xbox services: These services all pertain to the Xbox functionality integrated into windows 10. You should see 3-4 services that start with Xbox and if you are using your computer for work there is no reason to leave them enabled as they will waste system resources.
  2. Bluetooth services: These services pertain to the Bluetooth protocol, if your system does not have the hardware required to use Bluetooth they can be safely disabled.
  3. Certificate Propagation: The certificate refers to cryptographic certificates used as a form of authentication, however this particular services handles smart cards and if you aren’t using them it is safe to disable.
  4. Connected User Experiences and Telemetry: The astute among you may associate the world Telemetry with Spyware and honestly that assessment is far from wrong, while Telemetry does have legitimate uses in software many companies Microsoft included have gone beyond the stated purpose of Telemetry to instead collect data on users that is then sold to interested parties. At the risk of never being hired by Microsoft I have to say if there is one thing on this list everyone should disable its this.
  5. Downloaded Maps Manager: Exactly what it says on the tin, this service handles mapping data for applications that need it. If you don’t use windows map apps and instead use google maps in a browser then you don’t need this service.
  6. Fax: Another self explanatory service, this handles faxing allowing you to send and receive digital facsimiles of various documents provided you have the appropriate hardware. Depending on what you use your PC for depends on if you need this or not.
  7. GameDVR and Broadcast User Service: This contains functionality for recording game footage, the majority of people will never use this. You may encounter difficulty disabling this service in which case you would need to go into the Registry and change some settings, unless you are already familiar with the Windows Registry its better to just leave things alone than risk causing an issue by attempting to modify the Registry.
  8. Geolocation Service: This is somewhat polarizing, if you value privacy you will most likely want to disable this, which will then prevent windows apps like Weather, Maps, Etc from knowing your location. However if you don’t see the harm in sharing your location and wish to have the convenience of this feature then firstly you probably aren’t a frequent reader of my blog, Welcome! And secondly you’re going to want to leave this enabled.
  9. Microsoft Account Sign-in Assistant: This allows users to sign in with their Microsoft Account, If you’re here reading this I hope you’re using a local user account to log into your PC but if for some reason you are not then you would want to leave this enabled.
  10. Netlogon: Netlogon is used for networking in larger organizations, for home users you’re not going to need this unless for some reason you have a domain. For work computers you shouldn’t be changing your settings based on the advice of a Tech Enthusiast blog without talking with your IT department first and if you are the IT department let me know if you’re hiring.
  11. Parental Controls: This service manages parental controls for child accounts in windows, without it you cant use the parental controls.
  12. Payments and NFC/SE Manager: This is a another hardware/use case specific one, NFC stands for Near Field Communication, its that thing that lets you tap your credit card to pay at the store or link an Amiibo to your Nintendo Switch. If your PC has the hardware and you want to use NFC technology then you should leave it enabled, but this service runs in the background by default and on a gaming PC its a waste of system resources.
  13. Phone Service: This is another weirdly specific one, if you wanted to and you have the right hardware you can connect your phone to your windows PC. For some business users this is a useful feature but many will find it unneeded.
  14. Print Spooler: A Print Spooler holds print jobs in your computers memory and then sends them to the printer when its ready to print. If you want to use a printer then you need this service, however if you do not own a printer or have no intention of printing things from your gaming PC then this is another one that is safe to disable.
  15. Remote Registry: The Windows Registry is a database of configuration options and settings used by various low level parts of your computer, its incredibly powerful if you know how to use it because its working much closer to your computers hardware than most settings options. What this service allows is for remote users to modify registry settings on the computer, there are legitimate applications that use this service but the majority of them are enterprise level applications you would not be running on your home PC. Unless you’re running some kind of software that needs this I would highly recommend disabling it.
  16. Retail Demo Service: If you have ever been to a Bestbuy and tried using one of the display computers then you have seen what this service does. You should disable it unless for some reason you want to use your PC as a retail display.
  17. Smart Card: Smart Card and the two other Smart Card services handle the use of Smart Cards with your PC. This is a very useful security feature for enterprise users however most home PC do not have smart card readers or a need for them so it can be safely disabled.
  18. TCP/IP NetBIOS Helper: This provides support for the NetBIOS over TCP/IP service. What does that mean? Well in non technical terms NetBIOS is what allows you to use networked printers, share files and log on remotely to other computers on your network. NetBIOS is a historically insecure protocol however it is also a useful protocol. If you only have a single PC on your network you use for something like gaming then you can disable this service without issue however if you do want the features NetBIOS provides then you should leave it running.
  19. Telephony: This is used for certain VOIP applications, Faxing, Dial-up modems, some DSL providers, Some VPN’s and various other things related to phone lines. Depending on your circumstances you may be able to disable this without issue but I would not recommend it as it does not run in the background by default and its likely you will find yourself in a position where you need it.
  20. Touch Keyboard and Handwriting Panel Service: This is another hardware specific service, if you have a touchscreen or stylus then this service will be needed to operate properly. However many desktop PC do not have this hardware and can safely disable this service.
  21. WalletService: Honestly I cant find any documentation on this, I believe its related to Microsoft Wallet which has been rebranded as Microsoft Pay. I’ll let you decide for yourself how you feel about this one as I cannot confirm at this time that its safe to disable (although it probably is)
  22. Windows Biometric Service: If you have biometric devices on your PC this is needed to use them. For example a fingerprint reader or face unlocker. If you don’t then you can disable this to free up some system resources.
  23. Windows Error Reporting Service: This service generates error reports and makes log files when programs stop working or responding. It can be safely disabled but then you will not get logs which could be useful in attempting to remedy the problem.
  24. Windows Image Acquisition (WIA): This is used by scanners and cameras, if you don’t use either it can be safely disabled.
  25. Windows Insider Service: This is needed to use the Windows Insider Program, if you don’t use it then you can safely disable this service.
  26. Windows Media Player Network Sharing Service: This uses the UPnP (Universal Plug and Play) protocol to share your Windows Media Player libraries to other networked devices/media players. If you don’t use Windows Media Player then you can disable this.
  27. Windows Camera Frame Server: This allows multiple clients to access video from connected cameras. If you disable it your webcam may stop working, if you don’t have a webcam then its safe to disable.
  28. Windows Connect Now – Config Registrar: This is used for Windows Connect Now, which is Microsoft’s implementation of the notoriously insecure WPS (WiFi Protected Setup) protocol, This can safely be disabled as you should NEVER have WPS enabled on your router because if you do you are literally allowing anyone with a basic knowledge of computers the ability to hack your WiFi. Its dangerous and you cannot afford to be caviler about this.
  29. Windows Mobile Hotspot Service: Just as your phone can use its cellular data connection to allow other devices into the internet so can a cellular enabled windows PC. If you don’t have a cellular enabled computer then this is safe to disable.
  30. Windows Search: Last on our list is Windows Search, if you don’t want to use Windows Search then you can disable this service. However I would highly recommend simply altering your firewall to disable certain features of windows search instead of entirely removing the search bar from your computer. Stay tuned as that is a topic that I hope to cover in the future.

And there you have it folks, that’s Killer Kat’s non exhaustive list of 30 windows services you can disable. Now if you read this far into the article then you’re a Web-Scraper script according to my analytics page, however if you are a human being then you may have noticed that many of these features are not currently running and instead only a handful are running on your PC currently. The reason why is that many of these services will only run if something prompts them to, the automatic ones are usually hardware based because its easier to waste RAM running touchscreen support on all computers than attempt to troubleshoot it when computers with touchscreens aren’t running it.

Windows is designed to run with minimal tech knowledge or user input, and this comes at two costs: One the literal cost of system resources being used by unneeded features thus driving up your electricity bill (and perhaps making users buy stronger computers to compensate), and the second being that Microsoft makes quite a bit of their revenue by collecting and selling information on their users, this is why Windows is so inexpensive and often ships preinstalled on many computers. Selling user data to cover costs is nothing new, most social media sites operate in a similar manner. however selling user data is also the reason why Microsoft really really wants you to use a Microsoft account; It helps them keep track of all of your user data much more efficiently, they aren’t going to spend money hosting the infrastructure for something like the Microsoft account if its going to loose money.

Let me know if you have any questions or if I got anything wrong, the comments below are always open for discussion. If you liked this then consider subscribing to get more content like this delivered to your inbox for free, and with that this is your Resident Script Kitty, Killer Kat signing off stay safe out there in this Cyberpunk dystopia we call home!

Categories
Uncategorized

Why I chose Infotainment, and how I think it could help shape our future.

Hello Internet! Once again its me, your resident script kitty here to talk about something meta.

As you are aware I chose to run my InfoSec blog as an infotainment platform and you may be wondering why, I would like to share my thoughts on the matter and how I think more Infotainment could help the industry as a whole.

Now right off the bat I would like to acknowledge some inspirations of mine, The SANS Holiday Hack challenge is probably the best example of infotainment in the Cyber Security sphere at time of writing. I personally enjoy it every year and I know when I was first starting out it helped make many of the complex ideas and discussions around Infosec less intimidating.

I would also like to spotlight some excellent Infosec Youtubers. LiveOverflow & PwnFunction come straight to my mind as excellent examples. Youtube as a platform as really brought infotainment into the mainstream as a medium and as someone who loves a lot of what these YouTubers are doing, and they ways they are making complex topics easy to understand and engage with while also providing free access to education content I think they deserve respect.

PBS digital studios, Game Theory and other independent creators have really spearheaded this trend and what we have seen is a massive increase in both interest and engagement in many topics often considered difficult or dry. I think the Infosec community could benefit greatly from a similar culture. How many times have you had someone say they “Just cant understand all this computer stuff” or “I don’t need to worry about my password or account security that’s what we have you for!” because they don’t understand and/or don’t want to learn even the fundamentals of Cyber Security because they view it as complex or uninteresting.

I think we all know, the human layer is the weakest part of security. This is why user awareness training is so important and why we as an industry invest so heavily into it. If you look around in the modern organization everyone is blueteam, each employee has the potential to either cause a security incident or strengthen the overall security landscape through their actions and knowledge. The future of blue team is going to involve making sure every person on board is aware of the nature of Cyber Security and the risks and potential warning signs that they may encounter.

I feel the next logical step is to move from user awareness training (Which often falls into the infotainment category itself) into a larger infotainment environment. While it may not appeal to everyone creating this media will bring these topics into conversation and provide an easy entry point for anyone who is interesting in learning more about InfoSec who may not have the resources or prior knowledge to learn through more traditional measures.

By taking something important and making it fun we can create a culture of learning and knowledge that will provide benefits to everyone involved. I truly believe that humanity is on the precipice of a new era and that educating people so they are better prepared to face the challenges of our ever evolving digital world is more important than ever.

And that is why I say: Until next time, this is your resident Script Kitty signing off!

Categories
Uncategorized

print (“Hello world!”)

Hello world, or should I say world wide web. Allow me to introduce myself I am Killer Kat and this is my cyber security blog. Here is where you can find my thoughts on the latest cyber security news, events, and any projects I am working on.

As a cyber security student & enthusiast (as well as a full time script kitty) you can expect to see a lot of content around CTFs and other beginner to intermediate events. Discussion around whats in the news, and other miscellaneous things in the sphere such as coding or lockpicking.

Feel free to join the discussion down below or contact me if you have any questions. You can also check out my Github page at https://github.com/Killer-Kat if you are interested in any of my code or scripts.