|
|
|
|
|
|
Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.
|
|
|
At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.
Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.
|
|
|
|
|
On March 14, 2014 the securityweekly.com website was defaced (index.php was modified) by an attacker at approximately 6:30AM EST. We discovered this attack, via Twitter in fact, at 8:00AM that morning. Our web site was restored and operational by 11:00AM that morning, and forensics investigations are continuing.
|
Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.
|
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency.
Michael Assante is an internationally recognized thought leader in cyber security of industrial control systems. Assante held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cyber security standards across the North American electric power industry.
Matthew E. Luallen is a well-respected information professional, researcher, instructor, and author. Mr. Luallen serves as the president and co-founder of CYBATI, a strategic and practical educational and consulting company. CYBATI provides critical infrastructure and control system cybersecurity consulting, education, and awareness.
Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security.
|
|
|
In this tech segment we're going to talk about regular expressions in python. We're going to be using perl-style regular expressions, which is usually referenced as "PCRE". PCRE is used in many places outside of Python, such as snort and other IDS signatures, and most places you see regular expressions, it will be PCRE. Regex is a language, but it's far more restricted than a normal programming language.
If you need to perform any complex string search and replace, you're probably going to use regular expressions. As the famous saying goes,
Some people, when confronted with a problem, think “I know, I'll use regular expressions.” Now they have two problems.
So I'm going to teach you how to create some problems for yourself.
I'm going to put the testing strings in the show notes. If you want to play along, you don't need to install python, we're going to use pythex, an online regular expressions tester. I think this is the best way to demonstrate regular expressions without getting too bogged down in the context of code.
|
Eve Adams (@HackerHuntress) is Senior Talent Acquisition Expert at Halock Security Labs, a full-service information security advisory in Schaumburg, IL. Eve leverages her security staffing experience to drive recruitment for both internal Halock roles and client placement. She also spearheads Halock’s social media presence and counts Twitter as one of her most powerful recruiting tools. Eve’s passionate about information security, thinks most recruiters are doing it wrong, and naively believes technology can change the world for the better. In past lives, she has been a writer, translator and reptile specialist, among other things. While she is officially OS-agnostic, Eve usually runs Ubuntu at home.
|
FTP Passwords!! They are everywhere!!
http://tinyurl.com/HNTV-FTP-Creds
Chargeware.. It is legal, but it can still get you shot.
http://tinyurl.com/HNTV-EULA
Target breach and the state of phishing:
http://tinyurl.com/HNTV-Target-Email
SANS 560 Orlando April 7th - 12th
http://tinyurl.com/SANS-560-Orlando
Please note the link and the dates in the video are wrong for SANS Orlando.
|
|
|
Kat Sweet is a geek-of-all-trades: maker, musician, ham (call sign K7FTW), and firm advocate of NSFW 3D printing. She presented on the latter, giving a talk titled "The Sensual Side of 3D Printing" at BSidesLV and SkyTalks in 2013. She can be followed on twitter at @TheSweetKat.
|
|
|
DjangoSCA is a python based Django project source code security auditing system that makes use of the Django framework itself, the Python Abstract Syntax Tree (AST) library, and regular expressions. Django projects are laid out in a directory structure that conforms to a standard form using known classes, and standard file naming such as settings.py, urls.py, views.py, and forms.py.
DjangoSCA is designed for the user to pass the root directory of the Django project as an argument to the program, from which it will recursively descend through the project files and perform source code checks on all python source code, and Django template files.
|
Paul Paget was appointed CEO of Pwnie Express in August 2013 to help grow it into the leader for testing the security of remote operations. Joining Dave Porcello, the founder, and his outstanding team. The PWN Plug has created a hit and they aim to make it a standard around the world. It radically simplifies and reduces the cost of assessing security, especially in hard to reach out of the way part of an organization such as bank offices, stores and off shore facilities.
|
Brian Richardson is a Senior Technical Marketing Engineer with Intel Software and Services Group. After fifteen years of external experience with BIOS and UEFI, Brian joined Intel in 2011 to focus on industry enabling for UEFI. Brian has a Master's Degree in Electrical Engineering from Clemson University, along with five US patents and a variety of seemingly disconnected hobbies involving video production. Brian has presented at Intel Developer Forum, UEFI Plugfest, Windows Ecosystem Summit and WinHEC. Brian can be contacted via twitter at @Intel_Brian and @Intel_UEFI.
Chris has been in IT security since the late 90’s with his first role in network support by monitoring IDS and explaining how hackers were breaking into places and what they did once they were in. He now specializes in intrusion analysis and runs the professional services side of CyTech Services, overseeing the commercial consulting and managed security services.
Plus, the stories of the week!
|
|
|
Jared DeMott is a principal security researcher at Bromium and has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course.
Windows Meterpreter recently got some new capabilities thru the Extended API module by OJ Reeves also known as TheColonial. He added support for:
*Interacting with the Clipboard
*Query services
*Window enumeration
*Executing ADSI Queries
We will cover in this Technical Segment the ADSI interface since it gives us a capacity in enterprise environments not available previously in meterpreter other than a module from Meatballs called enum_ad_computers.
|
|
|
|
|
|
|
Peter Van Eeckhoutte is the founder of Corelan Team, author of exploit writing tutorial series and free tools. He started working in IT and security in 1995, and currently works as a CISO.
Joel Yonts is a seasoned security executive with a passion for information security research. He has over 20 years of diverse Information Technology experience with an emphasis in Information Security. Joel is currently the Chief Information Security Officer for Advanced Auto Parts and maintains a blog at Malicious Streams.com.
|
Drunken Security News with Rob, Larry, Jack, and guest host Joff Thyer. Joff is a security researcher for the consulting division of Security Weekly, Black Hills Information Security, and is on to add some Aussie flavor to the podcast. His loves are Beer, Hacking, Math and Wireless.
|
Ian Iamit is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.
Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm.
|
Security News with Paul, Rob, and Carlos
|
Champ Clark, also know as "Da Beave" in some circles, is the CTO of Quadrant Information Security headquartered in Jacksonville, Florida. He is one of the founding members of the VoIP hacking group Telephreakand runs the Deathrow OpenVMS cluster. He has co-authored books published by Syngress Publishing and has been interviewed by various magazines. He has spoken at conferences on topics such as "war dialing" the world with VoIP, exploring X.25 networks around the world, and most recently, real time log analysis with "Sagan", software he developed.
|
|
|
Before Jens 'Atom' Steube wrote hashcat, he was a bug hunter for fun, focusing on open source software. After 2005 he only did bug hunting on commercial software and therefore not allowed to disclose product names. In 2010 he started hashcat and since that time it's the only project he's been working on.
Thomas MacKenzie works for NCC Group as a Security Consultant, conducting all different types of security assessments. Ryan Dewhurst works for NCC Group as a Security Consultant, conducting all different types of security assessments. ScriptAlert1.com is a very simple and concise platform to explain Cross-Site Scripting, it's dangers and mitigation. Our aim is for penetration testers to include a link in their pen test reports to the resource and to get it to be the de facto description for semi-technical/tech savvy managers.
|
Martin Roesch is the VP and chief architect, Security Business Group at Cisco.A respected authority on intrusion prevention and detection technology and forensics, he is responsible for the technical direction and product development efforts for Sourcefire's commercial and open source product offerings. Roesch, who has nearly 20 years of industry experience in network security and embedded systems engineering, is also the author and lead developer of the Snort® Intrusion Prevention and Detection System (www.snort.org) that forms the foundation for the Sourcefire Next-Generation IPS.
|
|
|
Kyle is an information security engineer who devotes his spare time to exploiting the ‘internet of things’. He enjoys lockpicking, CTFs, tinkering with electronics, exploit development and blogging about his findings. He is the founding member of Louisville Organization of Locksport.
Walkthrough the Episode 350 Crypto Challenge puzzle with Mike Connor, a senior member of the Analysis team at Dell SecureWorks. He is a big supporter of all things Chicago, specifically THOTCON , BsidesChicago, and all of the different Burbsec groups.
|
Dan Philpott is a Solutions Architect with Natoma Technologies working with Federal customers on cloud computing and federal information security projects. His work focuses on federal information security initiatives including FISMA, cybersecurity, FDCC, USGCB, HSPD-12, risk management and other federal information assurance initiatives. Has worked on federal cloud computing security with the Cloud Security Alliance and has participated in Federal CIO Council cloud and FedRAMP efforts. Founder of FISMApedia.org, information security instructor with Potomac Forum and co-author of "FISMA and the Risk Management Framework" from Syngress. He is fully buzzword compliant and an owner of the coveted Application Security Specialist baseball cap, known in security circles as the ASS hat.
|
Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He is well known for his appearances at DEFCON as the host for the game Hacker Jeopardy.
|
Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a World War II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.
Dan Auerbach is a Staff Technologist who is passionate about defending civil liberties and encouraging government transparency. Dan works on EFF's various technical projects and helps lawyers, activists, and the public understand important technologies that might threaten the privacy or security of users.
Corey Thuen is co-founder of Southfork Security, a security services company specializing in ICS. Corey recently found out first-hand how fragile privacy can be when a large corporation decides to sue you over your open source software.
|
Nik Seetharaman is a consultant for a government client in the DC area. He spent 11 years in the United States Air Force where he served in the intelligence and joint special operations communities.
Nate Kenyon (@L2Nate) spent 5 years in the Marine Corps doing everything from pulling cable to configuring routers and switches. After leaving the USMC he worked for several defense contractors working with the US Navy and Defense Logistics Agency doing firewall, IPS and network configurations. He currently works for a large corporation working on wired and wireless intrusion detection systems and security product evaluations.
Michael Farnum has worked with computers since he got a Kaypro II and an Apple IIc during his middle school years. Michael served in the US Army, where he drove, loaded, and gunned on the mighty M1A1 Abrams main battle tank (which is where he got his "m1a1vet" handle).
Dave Kennedy worked for the United States Marine Corps and deployed to Iraq twice for intelligence related missions. He also holds the World Record for most hugs given at a conference and is founder and principal security consultant of TrustedSec - An information security consulting firm located in Cleveland Ohio.
RazorEQX is a A CEH, OSCP certified Security professional with over 25 years’ experience and a proven leadership track record. Experience in most aspects of Information Technology, in a wide range of industries and disciplines; specializing in in-depth Malware, intelligence collaboration the past 4 years.
Sno0ose (@Sno0ose) served as Combat medic for a combat aviation unit. Was wounded overseas during a 1 year tour of duty. Now a consultant with focus on incident response, vulnerability assessment, reverse-engineering malware, and penetration testing. Co-host of Grumpysec, and lead coordinator of BSidesMSP.
|
Jayson E. Street is an author of “Dissecting the hack: The F0rb1dd3n Network” from Syngress. He has also spoken at DEFCON, DerbyCon, UCON and at several other ‘CONs and colleges on a variety of Information Security subjects. His life story can be found on Google under “Jayson E. Street.” He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time’s persons of the year for 2006. ;)
Kevin Finisterre is a Senior Research Consultant with Accuvant, has hacked everything from utilities providers to police cars and is keen on disseminating information relating to the identification and exploitation of software vulnerabilities on many platforms.
|
As with most sizable organizations it is near impossible to uninstall or completely disable Java which sent us on a hunt for a feasible way to contain Java based attacks. What we came up with was restricting it to run only in trusted zones. This worked for APPLET tags when encountered in IE.
What this does is block any applet from running if it is not part of a trusted internet zone. First thing is to identify all the internal trusted zones and add them. Next allow the user to trust their own zones. Most of the time it seemed they knew when there was an applet they wanted to run.
The Honeynet Project is a lnon-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.
Why would use use HTTP Comments displayer? This nmap script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within these comments. While this does not necessarily represent a breach in security, this information can be leveraged by an attacker for exploitation.
|
SCADA systems are being attacked and making headlines. However, this is not news, or is it? There is a lot of new found "buzz" around attacking SCADA and defending SCADA. Technology has evolved and many systems are Internet connected and more advanced than ever. Water, power, electric, manufacturing all have SCADA.
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing.
Joel Langill is the SCADAhacker. His expertise was developed over nearly 30 years through in-depth, comprehensive industrial control systems architecture, product development, implementation, upgrade and remediation in a variety of roles covering manufacturing of consumer products, oil and gas including petroleum refining, automation solution sales and development, and system engineering.
Dale Peterson is the founder and CEO of Digital Bond, a control system consulting and research practice. He performed his first SCADA assessment in 2000, and Dale is the program chair for the S4 conference every January in Miami Beach.
Patrick Miller provides services as an independent security and regulatory advisor for the Critical Infrastructure sectors as Partner and Managing Principal of the Anfield Group.
|
Welcome to our very special episode 350! We have a very special episode, all in support of wounded veterans in our armed services. Please take the time to donate using the links above. We've got an epic day in store for you, including contests, panel discussions, technical segments and more!
Active Defense: Taking The Fight To Attackers: Should We?
We've all heard the term "Hacking Back". We all have mixed feelings about this term. Lets be clear, its not about feelings! The revenge-based "hacking back" was doomed for failure from the beginning. On the flip side, we're losing the battle against attackers on many fronts. What can we do? Setting traps, tracking attackers, luring them into areas of the network and systems deemed "honeypots" is on the table, or is it? What are the legal ramifications to this activity?
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With over 25 years in private law practice, he has advised many organizations, large and small, private sector and public sector, on privacy, computer security, e-mail discovery, outsourcing contracts and records management. Nothing Mr. Wright says in public is legal advice for your particular situation. If you need legal advice or a legal opinion, you should retain a lawyer.
Joshua Corman is the Director of Security Intelligence for Akamai. Mr. Corman’s cross-domain research highlights adversaries, game theory and motivational structures. His analysis cuts across sectors to the core security challenges plaguing the IT industry, and helps to drive evolutionary strategies toward emerging technologies and shifting incentives.
Dave Dittrich is an Affiliated Research Scientist with the Office of the Chief Information Security Officer at the University of Washington. He is also a member of the Honeynet Project and Seattle's "Agora" computer security group.
Robert Graham is the co-founder and CTO of Errata Security, a firm specializing in cybersecurity consulting and product verification. Mr. Graham learned hacking as a toddler from his grandfather, a WW-II codebreaker. His first IDS was written more than 10 years ago designed to catch Morris-worm copycats.
|
As the Security Weekly crew gears up for the Episode 350 marathon for our charity Wings for Warriors next week on October 25th, enjoy this episode featuring pre-recorded interviews from HP Protect.
|
This segment was broken in two parts as the technical segment with Heather Mahalik happened in the middle of it. Heather is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.
Ok, on to the stories of the week with Paul, Larry, Allison and Jack. What'd you do this summer? Disney? Six Flags? Big Data Land? After much chatter in the Twittersphere (logged here by Space Rogue) last week, Jack brings up the "Popping Penguins" article from Forbes. The article talks about this super vulnerable program that is going to be the downfall of Linux. It's called bash. Would you believe you can use bash to start a listener on your machine and then send some commands over telnet to have someone else's machine connect back to you? Uh oh. Also, beware of another application, one that runs from the desktop that lets you connect to other computers and pull down files from a machine you don't own. Yeah, that one's called a browser. Sounds equally dangerous, no? Should we uninstall bash as a security measure?
Larry threw out there an article on 5 WiFi security myths to abandon. But Larry mentioned that some of these might not actually be very new. Things like don't hide SSID as some newer systems will see them anyway and digging deeper to find the SSID isn't that hard. Plus, if its owner took the steps to hide it, wouldn't that pique your interest that there may be something good running there? Sending out a weak signal may sound like a good idea as if someone can't reach it, they can't connect to it, right? But all that does is annoys its intended users and if someone really wants to get on the network, they'll simply use an antenna. The article ends with the non-myth that if you truly want WiFi security, make sure you use good encryption and a strong password. Simple, eh?
Jack was looking forward to going on a good patch rant. He and Paul have done webinars about really stretching things and getting your patch cycle down to five days from the day of release. Jack said during the good old days, he'd challenge himself to getting his systems patched within 72 hours. Patch Tuesday was to be completed by Friday. In this article by Dr. Anton Chuvakin, he does indicate how it would be good for some big corporations to get their patch cycle down from 90 days to 30 days, but then argues if the bad guys only need 3, then what's the point of all that effort? Jack's feeling is that even the 30 days should be enough in many cases, but it's often politics and other "can't do" attitudes that prevent it from happening. Why is that? Get those patches in place people!
One quick note on a tangent the team went off on. In their experience as pentesters, Larry and Paul mention that all to often the way they end up pwning a system is through some machine that no one knew was running, with services that no one knew were running, with an account that no one knows why it still exists. Do you have a good inventory of where your data is? What machines are in your data center? What services and accounts are on each? If those are gold to a pentester, who has to respect a customer's defined scope, guess what a malicious user is going to do to your network.
Paul's looking for advice on what new phone he should get? Android? iPhone? What say you? Tweet him up with your suggestion at @pauldotcom
Remember that Yahoo bug bounty program? $12.50 credit toward the Yahoo store? A little update from the rants and ridicule from last week, it was actually one guy , Ramses Martinez, Director, Yahoo Paranoids, who was very appreciative of people reporting bugs and was paying them out of pocket. He would send researchers a Yahoo tshirt but would then find out the recipient already had multiple Yahoo shirts. Martinez's idea then was to give the reporter a credit in the Yahoo store matching the value of the shirt, our of his own pocket. Since the uproar, Yahoo has installed its own bug bounty program and Martinez is no longer paying for the reports himself. Good on ya, Yahoo and even better, thank you Ramses Martinez for caring about security.
Speaking of bug bounties, Google has started a bug bounty program for open source software. Repeat that, it's not just Google software that they're paying bounties for, it's software that there really is no organization behind and normally count on volunteers to fix things. Now Google is putting their money behind that effort. As Allison mentions, there hasn't ever been any motivation for anyone to report bugs and now there is.
estrada-sm.jpgPaunch, the alleged author of the Blackhole exploit kit was arrested in Russia last week. Or at least we think so. Some unconfirmed reports have indicated this and Blackhole has not been updated since this time. Or maybe the guy just decided to take an extended vacation and threw the story out there himself. Either way, it might be time for Evil Bob to find a new exploit kit. (Note: Erik Estrada is not "Paunch", he's Ponch, as in Frank Poncharello)
Microsoft has a new disk cleanup where it removes all the old and outdated updates. Jack gained more than 6 GB of space after running the cleanup but a word of caution, it take a concerning long time for the next reboot. You might think you killed your computer but no, it really does take that long.
Check out "Tails" a security and privacy distribution and let us know what you think. Is it good? What makes it a better choice than some others? Though the number of security updates in recent versions is a little concerning. Yeah, I get it that it's good that security holes are fixed and that it's to software that the distro is including. But it's just a little concerning when you pitch it as being for security and privacy yet there are piles of security updates. It makes me wonder just how secure it is and whether it's any better than a secure version of your favorite distribution anyway. But you can certainly let me know and I'll post some comments from you in upcoming week. Tweet me at @plaverty9
There was also some discussion on iOS7 image identification, Larry has a colleague at Inguardians who wrote up an intro to using rfcat and Jack suggests taking a deeper look for yourself before jumping into the patch for MS13-81 and whether your system needs it. If it does, test thoroughly. It's got some deep stuff on it.
|
Thierry has 14 years experience in information security, designing resistant architectures and systems, managing development and information security teams, ISM policies and high profile penetration tests. Thierry has a security blog over at blog.zoller.lu . Thierry is currently now working as a Practice Lead for Threat and Vulnerability Management at Verizon Business.
|
|
|
Jaime "WiK" Filson enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village.
Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.
|
|
|
Being a stand up comic is a hard job, and full of Social Engineering Goodness. Being a magician in Vegas is just as hard. What if you were both? Our guest Mac King is just that combination, join us for a delightful, blood filled conversation. July 8 2013
Download Standard Podcasts
|
This episode we’re joined by Jad Saliba from Magnet Forensics as he discusses the newly announced phone features of IEF.
We also talk about NSA letters, Prism, and how Logicube are going all trekkie on us.
|
Back in the late 1960’s one teacher dared to stand up and teach children a powerful lesson in predjuduce. That lesson has implications for us today. Join us as we interview world renowkned teacher, Jane Elliot. June 10 2013
Download Standard Podcasts
|
Negotiation skills - how closely do they mirror Social Engineering? Join us and our guest, Jenny “The Radcliffe” Radcliffe as we discuss these topics
Download Standard Podcasts
|
Trust. It is the foundation that every relationship must have to succeed. Our guest Dr. Paul Zak spent many years studying trust. Join us as he answers questions like:
What is trust?
What chemical creates trust?
How can you make someone ooze with that chemical?
Do synthetic trust products work?
Does Dave’s creepy hugging actually have any hint of truth?
Download Standard Podcasts
|
|
|
The one where we start a shiznit-storm and, oh yeah, a chat with Violet Blue....
Thanks to:
Jericho & Banasidhe for being in studio!
Enjoy!
|
We don’t do it often… but when a topic so fitting comes up we just get together and chat about it. Yesterday a well known author wrote an article that stated basically “security gets in the way of having fun on the Internet”. This topic is close to us as we all focus on education and security. Enjoy the chat… March 20, 2013
Download Standard Podcasts
|
Join us with Seena Sharp of Sharp Marketing as she helps us understand if it possible to social engineer with out the use of pretexting.
She is the author of the book “Competitive Intelligence Advantage”
She answers questions like:
What type of information is the most important?
How to collect valuable data?
What are the best sources?
And much much more!
Download Standard Podcasts
|
We’re back! First new episode of Forensic 4cast since November 2011. We’ve selected a panel of top people from the field… sadly none of them were available so we have a bunch of other guys instead. Join us as we talk about Android malware, why Lee doesn’t use two-factor authentication, outsourcing to China, and so on.
Suck it Ovie!
You can either listen to the MP3 or watch the YouTube video below.
|
Imagine having the power to not only social engineer anyone into giving over information with out hesitation but actually being happy for having done it? Our long time friend and podcast guest, Robin Dreeke talks about context framing and how we use it to leave our targets saying, “Thank you sir, may I have another?” Date Feb 18, 2013
Download Standard Podcasts
|
Episode 839 - Goodbye, Farewell and So Long
|
Episode 838 - BigBrother in .de, FTC do not track mobile, Cisco study, 2FA for Twitter, and 4k banker credentials leaked.
|
Episode 837 - Silent but Deadly, Don’t Blame Us, & Me Too!
|
Episode 836 - MacOSX a/v, NYT hack, Oracle on Java, and User Fun
|
Episode 835 - UPnP, HP Printers, Alabama DHS Cyber Intrusion, Pwnium Rewards $3.14159 M, and Cloud Security Mistakes
|
Episode 834 - Thoughts on Security Industry
|
Episode 833 - Barracuda Backdoor, Crims can watch you!, and 3 indicted for Gozi botnet.
|
Episode 832 - DHS Warning, APT Attacks, Expelled!, Protect Against Spies, at&t
|
Episode 831 - Virut, HIPAA Final Rule, IA vs IS, Even Moar Java and South Korean Competition
|
Episode 830 - Bodyscanners, MSAV, Genomes & Moar Java
|
Episode 829 - ColdFusion Patched, AIDE 2013 CFP Open
|
Episode 828 - CFAA update in works, Red October, dev Outsources to China, GoDaddy NTLM leak, and $5k gets you Java 0day
|
Episode 827 - Hack3rCon, Prepping and General Talk
|
Episode 826 - Scrape-DNS, Java Patched But Not Fixed, ADP-Themed Phishing Campaign, Security Vendor Could Be Next Target
|
Framing is one topic that can make or break the success of a social engineer. What if you could harness the power to reframe yourself to become anything despite any obstacle? Christine Ha is this months guest and she is truly a success story, an inspiration and a star example of re-framing. Date Jan 14, 2013
Download Standard Podcasts
|
Episode 825 - DDoS and Free Speech, nokia stops https mitm keeps http mitm, Java 0day again, Exploit kit for $10k per month, and Hacking Pipelines
|
Episode 824 - RFID Tags and school, Java Again, Nokia MitM, China’s new PII law
|
Episode 823 - FISA Warrantless, Impersonation Felony, Assault Weapons Ban
|
Supersized episode with lots o' guests!
Merry Christmas from the EL Crew.
Enjoy!
|
Episode 822 - You’re really dead. Cisco VoiP hack, GreenSQL report, paid Facebook message service, and elcomsoft Forensic Disk Decryptor.
|
Episode 821 - Career Dayish, VMWare VMViewer fix, Mimicing APT in pentesting, and ctf365
|
Episode 820 - Oracle Prevent Java Apps,Wiper Copycat?, Dexter, SWF Investigator, Single-browser
|
Episode 819 - Mac Trojan, Samsung Chip, Iran Trojan, EU Breach Disclosure, and TIA rejects NIST mobile security guidelines.
|
Episode 818 - Minority Report, ExloitHub, FSecure 7 for ‘13, and bwall’s pot compare
|
|
|
Episode 817 - @PentestLessons, IE Data Leakage, No Anonymity, How To Rob A Bank, Dexter, and Security or FUD?
|
Episode 816 - Izz ad-Din al-Qassam, Java Attacks, Android Scanner Fail, Samsung, Carolinas Healthcare, India 1,600
|
As social engineers we don’t often have to deal with the negative aspects of psychology, but this month we do. Retired FBI Profiler and international trainer and speaker, Mary Ellen O’Toole joins us to discuss identifying psychopaths and much much more.
Download Standard Podcasts
|
Episode 815 - Necurs 80k+, NDIS backdoor, Jeff Moss on Internet, and EU power company DoS.
|
Episode 814 - Texting 911, "Project Mayhem", Royal Pwn, Debunking, ATT DDOS
|
Episode 813 - BIND 9.9.2, BlackHole & Chrome,Pak hack, 25 GPU Monster, SMB Medical Offices
|
Episode 812 - Nationwide Insurance, US votes to keep internet free, and GT Mobile Browser research
|
Episode 811 - Macs targetted again, tumblr worm, darpa looks for backdoors, and King Cope’s Full Disclosure 0Days.
|
Episode 810 - FOREX, Banks owe, Spear-Phishing, distributed computation via browser
|
Episode 809 - Syria, Printers, Solid Oak, and IAEA
|
Episode 808 - @PentestLessons, Unencrypted PAN Storage, The Email That Hacks You, and Security or FUD
|
Episode 807 - eBay XSS, 1300 Databases, RedHack Trial, Yahoo! XSS 4Sale, 20-plus flaws in SCADA
|
Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing
|
Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing
|
Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing
|
Episode 803 - Google Docs as Proxy, Facebook turns on SSL, Oprah Oops and top 10 Vulns of 2012
|
Episode 801 - EA Origin, Skype, Adobe, Smart Card Sniffing Malware, and NASA's Lost Laptop
|
Episode 800 - Pentest Lessons, BSidesDE Wrap Up and Security or FUD
|
Our guest this week is notorious forensics guru from the UK, Nick Furneaux. Nick discusses with us the magic of API manipulation. He gave us some free “posh” tips for making websites dump the data we want as social engineers. Try these things below:
Download and install the Firefox addon - JSONView
Try:-
https://api.twitter.com/1/users/lookup.json?screen_name=BarackObama
https://api.twitter.com/1/users/lookup.json?screen_name=MittRomney
http://code.google.com/apis/ajax/playground/
The last one will find all tweets within 2 miles of the GPS coors (central london) that contains the words London Riot. Replace as desired!
http://search.twitter.com/search.json?q=london%20riot&geocode=51.50733,%20-0.12768,2ml&include_entities=true&result_type=mixed
This type of data mining can lead to searchable and impressive results for any social engineer.
Follow Nick on his twitter account, NickFX
Till next month
Download Standard Podcasts
|
Episode 797 - Adobe 0Day, CoDeSys Responds, Law Firms, Ebanking, iPhones Data
|
Episode 796 - SecZone Founder Interview, @PentestLessons, Security or FUD
|
Episode 795 - Sophos Anti-Virus, LG Smart World, China Most Threatening, Anonymous hackfest, TrustWave SC hacking
|
Episode 794 - Irish Incidents on rise, Coke-a-cola Hacked and doesn’t tell, NJ e-mail vote, Nov. 5th breaches
|
Episode 793 - Paypal Vulnerable, Android Client Side Protection, DHS The Opportunist, and Hackmageddon October Timeline
|
Episode 792 - Algerian Attack, Windows 8 defeated, ZeroAccess Botnet, Fast Flux Botnet, DigiNotar Final Report, SC Data breach, iOS 6.0.1
|
Hosts
Guests
Topics
- Encrypting your stuff
- Files
- Passwords
- Web Browsing
News Items
- DARPA-Funded Radio HackRF Aims To Be A $300 Wireless Swiss Army Knife For Hackers
- Real-Time Cyber-Attack Map
- Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet
- SMARTPHONE USERS SHOULD BE AWARE OF MALWARE TARGETING MOBILE DEVICES AND SAFETY MEASURES TO HELP AVOID COMPROMISE
- State-Sponsored Malware ‘Flame’ Has Smaller, More Devious Cousin
- DOING INFOSEC RIGHT
Use Our Discount Codes
- Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
- FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
- Use code 36449 for 20% off your Syngress order!
Upcoming events
Links
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Episode 791 - 60 Seconds Arrests, .AU Post breached again, .ru cyberspy in Georgia, DDoS & SQLi lead on forums and UK Bank Phishers arrested
|
Episode 790 - Naming hackers, Firefox 16.0.2, Xtreme RAT, NullCrew, Twinings Tea
|
Episode 789 - DNS Amplification still going, Cloud Security control, UK says lie on the internet, .JP bank phishing, and Supreme Court and ownership
|
Episode 788 - synackpwn, SCDR, Data Breach Laws & Election/Vote Hacking 2012
|
DerbyCon V2.0 was an epic con. The team was all present to share if a few firsts - and our first live podcast from DerbyCon… Check it out Date Oct 15, 2012
Download Standard Podcasts
|
|
|
|
|
Media Manipulation. What Is it? How does it work? Can you really make people see, buy and read things? Ryan is an experienced and talented media manipulator.
Download Standard Podcasts
|
Hosts
Guests
Topic
- Crisis Malware
- Z800 For Sale
- Citrix
- AV Talk - Primary vs Secondary Technology
- Mainframes and TSO Brute
News Items
- Blizzard Hacked
- backtrack 5 r3 released
Use Our Discount Codes
- Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
- FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
- Use code 36449 for 20% off your Syngress order!
Upcoming events
Links
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
|
|
3 years - wow. A truly humbling journey its been. 3 years we have spent researching, dissecting and analyzing all manner of human influence. With the most successful SECTF to date, we celebrate our 36th in style - AT DEFCON 20. The panel has changed (we miss you Jim), the topics have gotten deeper and the quality has gotten better.
What did this year include? How did the SECTF go? Well, find out as you join us for our 3 year anniversary LIVE!
Download Standard Podcasts
|
Hosts
Guests
Topics
- DEF CON 20 and BSidesLV Calendar
- Chris Mills’s picks
- Nicholas B’s Picks
- http://blog.hacktalk.net/
- With Connection and Nicholas B.
- pwnieexpress interview with Jonathan Cran
Use Our Discount Codes
- Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
- FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
- Use code 36449 for 20% off your Syngress order!
Upcoming events
Links
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 
|
|
|
|
|
The art of obtaining information without ever asking a question, known as elicitation, is a skill that can make you a master social engineer. Join us as we talk with author and expert on this topic, John Nolan. Date June 11, 2012
Download Standard Podcasts
|
|
|
Hosts
Guests
- Dr. Tran
- Emwave
- Professor Farnsworth
News Items
- ANONYMOUS CLAIM: ‘WE HAVE ACCESS TO EVERY CLASSIFIED DATABASE IN THE U.S. GOVERNMENT’
- Pentagon boosts contractor cybersecurity program
- http://thehackernews.com/2012/05/pentagon-boosts-contractor.html
- "The effort, known as the Defense Industrial Base ("DIB") program, is a voluntary information-sharing program in which the Department of Defense shares "unclassified indicators and related, classified contextual information" about cyber-attacks and threats with defense contractors.”
- “In exchange, defense contractors report known intrusions and can receive forensics analysis and damage assessments from the government after those attacks. In an optional part of the program, the DIB Enhanced Cybersecurity Services, the government shares additional classified threat and technical data with defense contractors and Internet service providers. "
- 17 year old Teenager arrested over TeamPoison hacking attacks
- http://thehackernews.com/2012/05/17-year-old-teenager-arrested-over.html
- "A teenage boy has been arrested on suspicion of being a member of "TeamPoison", a computer hacking group that has claimed responsibility for 1,400 offences including an attack on the phone system of Scotland Yard's counter-terrorism unit last month. These include attacks on the United Nations, the UK Anti-Terrorist Hotline, MI6 and RIM, as well as politicians including Nicolas Sarkozy and Tony Blair.”
- “The boy, who police suspect used the hacker nickname 'MLT' and was a spokesman for TeamPoison, was interviewed at a local police station on offences under the Computer Misuse Act on Wednesday. The arrest is part of an ongoing investigation by the Police Central e-Crime Unit (PCeU) division of the Metropolitan Police into various hacking gangs who have made headlines in the last year or so.”
- “TeamPoison’s highest-profile attack was mounted against Scotland Yard’s counter-terror hotline last month, has also claimed responsibility Distributed Denial of Service attacks against banks in collaboration with Anonymous, another “hacktivist” group with similar anti-corporate and anti-authority politics.”
- 55,000+ Twitter Accounts Hacked, How To Tell If Yours Was Among Them
- How to Securely Share a Password with Someone Using LastPass
- FBI Wants Backdoors in Facebook, Skype and Instant Messaging
-
Everyone Has Been Hacked. Now What?
-
‘Unknowns’ Hacking Group Hits NASA, Air Force, Harvard and Others in ‘Hacking for Good’ Effort
Use Our Discount Codes
- Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
- FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
- Use code 36449 for 20% off your Syngress order!
Upcoming events
Links
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Can the polygraph be beaten? How can a social engineer utilize non-verbal communication to become an professional interviewer? Join us with our guest Mike Liwiki, an FBI veteran and professional Polygraph examiner as we answer these questions. Date May 14 2012
Download Standard Podcasts
|
Hosts
Guests
- Tom Eston - @agent0x0
- Mobile App/Device Security and Security Justice.
Topics
News Items
- Skype User IP Address Disclosure
- Google knew street cars were slurping wifi (Marius Milner was the engineer, of NetStumbler fame)
- Mozilla is first major tech company to denounce CISPA
- Mac Flashback trojan still making $10,000 a day
- Indictment Returned for Jeremy Hammond in Chicago Anonymous case
Use Our Discount Codes
- Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
- FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
- Use code 36449 for 20% off your Syngress order!
Upcoming events
Links
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Please join us as we kick it old school with various news and banter, as well as a special interview with Chris Sullo! Our show notes can be found here. 
|
Hackers are people who like to understand the deeper things in life. Those who aren’t satisfied with boundaries or being told how to think or what to do. Our guest this month is a true “hacker”, Josh Klein. Join us as we discuss what is hacking this month. Date April 09 2012
Download Standard Podcasts
|
-RSA events
-Liability Pad
-Book club
-BYOD nitemare
-GPS rulez
-Shady fat man
-Playground fights
-NCCDC
-DerbyCon/Source Boston
-Tooltime
|
|
|
Nominations have been open for some time now but I also understand that you may not read the site, only listen to the podcast. If this is the case, this is especially for you.
|
Emotions cause an involuntary muscular response that last only 1/25th of second to 1 sec on a human face. Being able to decode these reactions can help a person communicate on a very deep and personal level. But how can they be used as a social engineer? Join us and Dr. Paul Ekman, world renowned for his research into microexpressions, as we explore this fascinating topic Release Date March 12 2012
Download Standard Podcasts
|
|
|
|
|
In this huge episode:
We're back!
Retorts
Head in the clouds
RSA love vs. Team Sad Face
Got a dollah
Cyber, cyber, cyber
Juice box
Hookers and blow
SET update
Mimikatz
Source Boston
B-Sides SF
Demerit points
Adventures in insomnia
|
Being able to build a successful profile is an essential tool for a social engineer. There are tools out there that specialize in gathering and detailing information on targets. What about social media? Chris Sumner helps us to use social media to build effective profiles on our targets Release Date Feb 13 2012
Download Standard Podcasts
|
Please join us as we talk about cybercrime, botnets, and the ever changing internet with special guest Brian Krebs! Our show notes are now on our wiki: http://wiki.securabit.com/ShowNotes/EP98 
|
In Episode 97 we announced that we'd be sending some preconfigured BT5 boxes to hackerspaces as well as a virtual machine version of this for people to access our community pentesting lab. Currently, there are 15 virtual machines available to be attacked, and we're setting a current target of 15 to 20 users for this [...] 
|
Please join us as we interview Ron Gula, Co-Founder of Tenable Security! We also discuss various cyber warfare topics including Al Qaeda hacking, SCADA, and our own Pentesting lab offering for the community and for hackerspaces! http://wiki.securabit.com/ShowNotes/EP97 
|
For years people have told us to get a Pick Up Artist on the podcast. It never really appealed to us, till we met Jordan Harbinger. Jordan is not a PUA but a confidence consultant. He helps guys learn how to be the best they can be. He is a social engineer, an influence expert and one awesome podcast guest. Release Date January 09 2012
Download Standard Podcasts
|
|
|
Join us as we talk about 2011! Please visit our wiki for full show notes! 
|
Greyscaledx rides through again and fixes our shit skype
we sewar about stuff
Why we like anon/lulz/etc
other current news
HAhah... u REALLY think we are gonna have show notes... really!?>?
InfoSec Santa is on to talk naughty
We throw Baseballs...
</end>
|
Join the crew as they interview special guest Marisa Fagan of SECore! Please visit our wiki for full show notes! 
|
What can you do if a loved one was kidnapped and the government couldn’t help? The Halo Corp is a group of ex-Military commando’s that specialize in rescuing and recovering of people in very dangerous circumstances. We invited Brad Barker, the CEO of The Halo Corp onto the podcast to discuss how they use Social Engineering. Release Date December 12 2011
Download Standard Podcasts
|
Join us as we talk some lab shop with Mike Bailey and the rest of the crew! Please visit http://wiki.securabit.com/ShowNotes/EP94 for our show notes! 
|
In this episode we are joined by data recovery and forensics specialist Gareth Davies. Gareth has published papers and given presentations on the subject of data storage manipulation. Our discussion contains items that, I believe, all forensic investigators should be aware of.
|
Physical Social Engineering is a very interesting topic. Although it is the easiest method into a company it is also the hardest type of pentest to sell to clients. We discuss this topic with two experienced and professional physical social engineers, Sharon Conheady and Munya Kanaventi. Release Date November 14 2011
Download Standard Podcasts
|
Please re-download the Steganography file from the original post. The first one was corrupted. It will now export with the proper lowercase key. 
|
Join us as we interview Nick Keuning from GFI about their Sandbox solution! Our show notes are now housed on our wiki. Please visit this link to view them! 
|
This time around we are giving away books! The contest officially starts NOW and will run until 11:59PM on 11/19. We will announce winners promptly after that. Prizes will be awarded to 1st and 2nd place. Everyone else who scores any amount of points will be entitled to a free sticker mailed to them if [...] 
|
On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security. We touched on some pretty amazing points and we hope you'll enjoy this show! Please visit our wiki for full show notes! 
|
Hey folks, This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon. Fortunately for all, there were enough tickets that nobody actually needed ours. We had a great time meeting folks and talking security, as well as meeting up with you, our valued [...] 
|
Please visit our Wiki for full show notes 
|
NLP is a subject of much debate in the security world as well in the science community. This podcast we delve deep into the top… dissecting what NLP is, how it is used in daily life, in the medical field, for therapy and of course, how it can be used by social engineers.
Download Standard Podcasts
|
Join us this Friday 9/30 at the Bluegrass Brewing Company @ 10pm eastern time. Come by and grab a beer, hang out, and let us throw stickers at you! The location is: Bluegrass Brewing Company 2 Theater Sq, Louisville, KY 40202(502) 568-2224 Here are walking directions as well. It's 0.5 miles to walk it, and [...] 
|
Join us as we interview Saviour Emmanuel Ekiko, author of the Ghost Phisher tool. Show notes are now at our wiki: http://wiki.securabit.com/ShowNotes/EP90 
|
Challenge closed. tuts for solutions will be submitted soon. Congrats to our winners who completed all the challenges. Andrew Fastow - 13 points jgor @indiecom - 13 points Thanks to all that participated Look forward to seeing you next month for our #SecurabitChallenge Anyone competing [...] 
|
- Superstar Thoughtleader Chris Eng brings some real Infosec Talent
- All the other stuff doesn't matter =)
Oh yea... Follow @grayscaledx and thank him profusely for remixing our f'd sound. We owe him big for this one.
Now Sponsored by: Listeners who gave us enough $ to buy new gear and sound better than we did on this ep.
Dunno if we can credit him/her/them yet but if we get permission we will.
\m/
|
Hosts Chris Gerling - @secbitchris Chris Mills - @chrisam Andrew Borel - @andrew_secbit Tony Huffman - @myne_us Guests Rafal Los - @Wh1t3Rabbit http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/bg-p/sws-119 Topics Vericode vs Oracle Root Certificate Authorities Anonymous Item X Use Our Discount Code Use "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all [...] 
|
Probably no other name is thought of more when people talk about social engineering than Kevin Mitnick. Kevin’s new book, “Ghost in the Wires” is now on the New York Times Best Seller list and there is a lot of comments, debates and opinions about Kevin floating around. The Social-Engineer.Org crew asks the questions that the rest of the world is afraid.
Download Standard Podcasts
|
In this episode Rob Lee has joined me to talk about the Consortium of Digital Forensic Specialists (CDFS).
For more information about CDFS please visit http://www.cdfs.org
Also, if you’re wondering what Rob was talking about towards the end, here’s the video in question: http://www.youtube.com/watch?v=kA565OyOkLM
WARNING!
I can not be held responsible for your own personal well-being if you choose to watch this.
|
Rambling about con's n vegas mayhem
Bye Bye BSides
other stuffz
less content than normal... we were in recovery =) u were too.... admit it.
|
|
|
We are now doing our show notes inside of our wiki. If you have suggestions or comments please feel free to leave them here. http://wiki.securabit.com/ShowNotes/EP88 Thank you for listening! 
|
|
|
VEGAS!!! BlackHat 2011, BSidesLV, and Defcon 19 schedule reviews!!! See you all at the Cons next week. ConBlackmail.com is COMING! Parties, Booze, and Puke!
|
No show notes this week... sorry ;)
intro- GTFTS- Samuel L. Jackson
Outtro- Overdose: Jamie Foxx
|
|
|
Opening song by Dr. Dre & Eminem. TV shows, chat with the White Rabbit about all kinds of shit. Closing song by Emiliana Torrini from the SuckerPunch soundtrack. (ya, ryan did the show notes on this one)
|
Hosts
myne-us @myne_us
Jacob hammack @hammackj
Guest Host
Dave Kennedy @dave_rel1k
Guest
Dr. Tyler Bletsch (Tyler.Bletsch {at} gmail.com)
Tyler's former security group at NC State University under Xuxian Jiang - http://www.csc.ncsu.edu/faculty/jiang/
Topics
JOP programming
Turing complete exploit development (http://en.wikipedia.org/wiki/Turing_completeness)
links
JOP
JOP technical report
ftp://ftp.ncsu.edu/pub/tech/2010/TR-2010-8.pdf
JOP academic paper
http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf
Tyler's dissertation (JOP in x86 and MIPS, and a few other techniques)
http://repository.lib.ncsu.edu/ir/bitstream/1840.16/6698/1/etd.pdf
ROP
http://cseweb.ucsd.edu/~hovav/dist/rop.pdf
http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/
http://sandsprite.com/CodeStuff/Understanding_imports.html
http://j00ru.vexillium.org/?p=893
http://www.braid-game.com/
http://qubes-os.org/Architecture.html
If you like the intro music and the closing music check out http://dualcoremusic.com/nerdcore/
break music http://www.audiomicro.com/saxophone-piano-drums-short-jazz-introduction-royalty-free-stock-music-94 
|
Really long episode featuring Dave Marcus
|
Our guests this month are people you all know and love… but this time we talk to Muts, Jim, Dookie… oh and Dave (and a special GUEST) about the release of their book, Metasploit: A Penetration Testers Guide in this first interview with the crew about their book. Release Date July 11 2011
Download Standard Podcasts
|
Sorry no show notes kiddoes. This is a rush job then back to work, and I wasn't present for recording to take notes.
|
|
|
In this episode I have taken a break from hosting and my wife, Alisha has taken over as the first all-female panel takes the stage in a special edition of Forensic 4cast.
Listen to the first ladies of forensics discuss how they got into the field, as well as the challenges and perks of working in the field as a member of the fairer sex.
Sadly I forgot to put something in the episode about the LinkedIn Group. If you are a female forensicator please join the group “Women in Digital Forensics” http://www.linkedin.com/groups?home=&gid=3766181&trk=anet_ug_hm. I joined it and am now an honorary woman. Not sure how I feel about that particular moniker…
*The original file had a small problem that I have now fixed.
|
|
|
|
|
Our guest Dan Airely is a behavioral economist. He is a renowned author and speaker on the topics of Predictable Irrationality.
Download Standard Podcasts
|
SecuraBit Episode 82: Totally Rad Man!
May 18, 2011
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Tony Huffman – @myne_us
Guests:
Carl Herberger from http://www.radware.com/
General topics:
DDOS: Recent attacks from groups like anonymous , attack vectors, technique information and how it can effect you.
Signatures: Signature based detection and the effects it had on todays security
General security: Some general discussion on security
Securibit exploit development group (SEG) starting up blog post coming soon.
NEWS:
PSN hacked again! :
Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackersduring the initial PSN attack.
http://arstechnica.com/gaming/news/2011/05/report-playstation-network-passwords-exploited-accounts-compromised.ars
international_strategy_for_cyberspace.pdf
http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf
Backtrack 5 is out
http://www.backtrack-linux.org/
Facebook privacy demo gets guy arrested in austrelia
http://www.net-security.org/secworld.php?id=11045
Microsoft patch tuesday
http://www.microsoft.com/technet/security/bulletin/ms11-may.mspx
Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011
Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 
|
Our guest Aaron Delwiche is a TED speaker and a college professor that focuses on the use of propaganda. His site is devoted to understanding how it works. Release Date May 19 2011
Download Standard Podcasts
|
|
|
Welcome to the first of many EL Podcasts to come. We cover a ton of stuff, including some more details on the recent changes. We hope you like the new format as much as we do!
Previously known as EL 1: A New Era. The name apparently confused people
|
Our favorite linux distribution is about to release its new version - BackTrack5. How better to announce the release than by a big ol’ podcast complete with Infected Mushroom and almost the whole dev crew - Release Date May 05 2011
Download Standard Podcasts
|
This episode I had the pleasure of talking to Brian Karney and Lee Reiber about AD Triage, MPE+, and FTK version 4.
|
SecuraBit Episode 80: Our 8080 Episode
April 20, 2011
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Tony Huffman – @myne_us
Dan Mitchell - @danmitchell
Guests:
int80 - @dualcoremusic
DualcoreMusic
General topics:
http://dualcoremusic.com/nerdcore/
http://www.youtube.com/watch?v=CMNry4PE93Y
NEWS:
Patch Tuesday April 2011 64 patched:
http://www.microsoft.com/technet/security/current.aspx
http://isc.sans.edu/diary.html?date=2011-04-11
Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Verizon 2011 Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf
Barracuda
http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/
http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter
http://www.flyingpenguin.com/?p=11513
“Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters. After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market. As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees. The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later. We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”
Texas
http://www.txsafeguard.org/
http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html
“Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”
Michigan Police taking your phones
http://www.thenewspaper.com/news/34/3458.asp
http://www.geekosystem.com/cellebrite-cellphone-hacker/
“The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”
Wordpress
http://en.blog.wordpress.com/2011/04/13/security/
http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter
http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311
Georgian woman cuts off web access to whole of Armenia
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access
Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice
http://www.f-secure.com/weblog/archives/00002134.html
“Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”
Quick Mentions:
FBI take down botnet
http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411
Facebook adds 2 factor
http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Flash 0 day:
http://www.adobe.com/software/flash/about/
Anything below version 10.2.153.1 is vulnerable
Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011
Links:
http://www.securabit.com
http://dualcoremusic.com/nerdcore/
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 
|
There are a lot of skills that a social engineer needs to be successful. With all the important skills out there, one of the most is building rapport. We invited back one of our favorite guests, Robin Dreeke, to talk about how he builds rapport in 5 minutes or less. Release Date April 11 2011
Download Standard Podcasts
|
In this episode we’re joined by Steve Salinas and Ashley Stockdale from Guidance Software. They’ve taken time out of their busy schedules to talk about the upcoming release of EnCase Forensic Version 7.
|
SecuraBit Episode 79: Back to the basics with Marcus Carey!
April 6, 2011
Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman – @myne_us
Guests:
Marcus J Carey- @iFail
http://hackersforcharity.org/
General topics:
NEWS:
Epsilon:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411
http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3
"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said.
LizaMoon:
http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511
In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports.
https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111
“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code”
Pandora.com data leak:
http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3
“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “
RSA attack:
http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111
“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html
¾ Energy Firms Had Data Breach over last year:
http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511
Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said.
Comodo what really happened:
https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311
http://pastebin.com/uSdKNDN5
“ I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “
FBI asks for help on cracking code:
http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html
Other Stories:
http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml
http://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml
Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events:
ThotCon (15 Apr 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011
Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Ladies and Gentleman, it grieves us to no end to announce that this will be the final episode of Exotic Liability. It's been a blast, and we wish we could continue, but life and work have proven to be to big of an obstacle to over come. We said we'd do this until we not having fun anymore and we've reached that point. Organizing schedules has taken all the fun out of it. We will keep our twitter presence, and www.exoticliability.com will stick around as a place where like minded individuals can get together.
Thank you to all of our listeners for the crazy amount of support you've given us. With much sadness, we say goodbye.
-Exotic Liability
|
|
|
|
|
Reporters have an amazing knack of getting information from people. That alone interests us, but then you mix in their ability to take that info and make it interesting, make it captivating and make it real - that is an art. We talk to a, in our opinion, superb reporter that works with CNET news as well as CBS Interactive, Elinor Mills. She helps us to uncover the secrets to this art and see what we can learn. Release Date March 07 2011
Download Standard Podcasts
|
Is today’s show we discuss the HBGary v Anonymous issues, the opening of the CFCE to non-law enforcement, the future of digital forensics tools, and the 2011 Forensic 4cast Awards.
|
|
|
Getting people to put their heart into their work can be achieved through many motivations. If you have a job your employer does this through fair compensation and benefits. But how does one motivate volunteers when there is no money involved? Not only that but keep them motivated day after day and year after year? Join us as we discuss this topic and a very special announcement with Johny Long, DualCore and the crew live at Shmoo 2011.
Download Standard Podcasts
|
Securabit Episode 75: Booze over IP
February 9, 2011
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel – @andrew_secbit
Tony (myne-us) – @myne_us
Guests:
Mike Dahn
twitter: @mikd
Joe Gottlieb
Twitter: joe_gottlieb
General topics:
Mike:Bsides origins and other. http://chaordicmind.com/blog/
Joe: Open Security Intelligence http://www.opensecurityintelligence.com/
On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss:
- Current challenges with today’s SIEM tools, which are a decade old
- Why security analytics needs to be ‘open’
- Why integrating business intelligence tools (i.e. Pentaho, Microsoft Exchange, Cognos, etc.) with SIEM tools can create useful dashboards that help security analysts mine huge data stores for the ‘needle in the haystack’ information they need
- Why ‘security quants’ (analysts that can look deep into the data and develop complex yet useful SQL queries) will become the next role in the SOC
- The benefits of joining the community and sharing best practices
The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides SF on 2/14 at 3pm PT on this very topic.
--HBGary Federal
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/
--Nasdaq
attack does not yet have reports of how they where attacked. The comment on the website was for the 1999 attack where someone defaced the nasdaq website.
Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267
The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.
"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.
--Bsides
http://www.securitybsides.com/w/page/12194156/FrontPage
to contact: info (at) securitybsides dot org -or- call 415-742-1739
--Exploit developers corner
Looking for exploit developers!
If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery.
List of common questions.
-How did you find the vulnerability?
-What is your goal in vulnerability research?
-How did you go about disclosing the vulnerability and how did the vendor respond?
-And more...
!!Caution!!: No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE.
Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx
Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 
|
Securabit Episode 74: Podcasting in the Dark with Brian Krebs January 26, 2011
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guests:
Brian Krebs - @briankrebs - http://krebsonsecurity.com/
General topics:
- I recall reading about various greeting card based attacks over the years. Do you think they've all been originated by the same folks who did this one? Or at least, with the same goals in mind?
- How prevalent do you think ATM skimmers are? What are some ways the common person can look out for them?
- Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E?
- Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses?
- Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller financials to merge? How can they balance the need to offer more convenient services (such as mobile banking) with the need to improve security at the same time?
- What do you think the top 3 stories for 2010 were? Why do you think they were the top stories?
Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8
|
Pure awesome, Nuff said.
Intro - "Bullet in the Head" by Rage Against the Machine
Outro - "Cop Killer" by Body Count
|
|
|
There has been a lot of buzz about the new book, Social Engineering: The Art of Human Hacking. Along with the “buzz” is some very positive reviews and feedback. The team at Social-Engineer.Org decided to gather a selection from the community as well as the SEORG team and interview the author, their very own Chris Hadnagy. Release Date Jan 10 2011
Download Standard Podcasts
|
|
|
SecuraBit Episode 71: Managing our Careers with Lee Kushner
December 15, 2010
Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel – @andrew_secbit
Guests:
Lee Kushner - @LJKush - http://www.ljkushner.com/ - http://www.infosecleaders.com/
General topics:
Discussion on Career Management
The importance of having a career plan.
It’s a very crowded market in information security, and it’s getting more so every day.
www.infosecleaders.com/2010-compensation-survey/
FAQ: Compromised Commenting Accounts on Gawker Media http://lifehacker.com/5712785/
OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/
Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.
Upcoming events
#BSidesBerlin (28-30 Dec 2010)
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (March 2011)
Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8 
|
In the movies a Jedi hand wave can force a target to think or act the way they want, but in real life what is needed to “influence” targets to think and act the way you want? Anchoring and Elicitation are two powerful tools of the social engineer. Join us as professional social engineer and FBI agent Robin Dreeke helps us to analyze these two powerful aspects of social engineering. Release Date Dec 12 2010
Download Standard Podcasts
|
- Mike Tyson
- Crazy Stories
- Lenny Zeltser Joins in
- Uncontrolable Laughter
- Port 79
http://www.kickstarter.com/projects/793929175/spoken-word-music-album-by-paulie-lipman
Intro: "Geek Love" by Paulie Lipman
Outro: "Atlas Quit" by Paulie Lipman
|
Deception is very hard to understand. What if we could write an algorithm that would dissect deception allow us to delve in at a molecular level? This month’s podcast does that. We talk with a psychologist and research that has dedicated his life to defining and understanding deception. Release Date Nov 8 2010
Download Standard Podcasts
|
-Andrew Gavin Joins in
-OpenDLP
-IDS/FUD stuff
-VAST/VOIP Stuff
-Random News
-No boobs in Australia
Intro: "Big girls need love too" by Blueprint
Outro: "The Spicy McHaggis Jig" by Dropkick Murphys
|
-The Return of stripper talk
-Cons
-Cool talks
-Random News
-Phone Creeper
-Sexting
-Some Voicemail
-And a Slew of other stuff
Intro: "Black Swan" By Thom Yorke
Outro: "Fuck You" By Cee Lo Green
|
Non-Verbal Communication is the way our bodys, faces, hands and feet tell the story about what our true thoughts are. Join us this month as we talk with one of the world’s leading experts in non-verbal communications, Joe Navarro. A 25 year veteran of the FBI and leading researcher into Body Language and Non-Verbal Communications, Joe helps us to see how these are used to both deceive and detect deception.
Download Standard Podcasts
|
-The boys actually talk security
-The Guys from NSS Labs join in
-Exploit Hub
-All kinds of other greatness
Intro: "Virus" By Deltron 3030
Outro: "Truth From Fiction" By Supreme Beings of Leisure
|
Looking for social engineering skills in interesting jobs has always been a theme of our podcast since the beginning. Our guest this month made a career out of scamming people on camera, but with no malicious intent. Paul Wilson is a magician, consultant to some of the biggest stars in the world as well as professional con artist. Join us as we discuss his experiences and what he has learned. Release Date 13 September 2010
Download Standard Podcasts
|
-@shoebox joins in
-http://www.openlocksport.com
-Tip of the Day!
-Kinds of other Crazyness
Intro: "Passing By Behind Your Eyes" By Sunday School
Outro: "Rubber Vagina" By Unknown (Maybe Rodney Rude)
|
WOW. Our first year is just about over and here is our 1st year anniversary episode.We hope you enjoy the social-engineer crew live at Defcon with a room of about 100 people asking questions and getting involved in the fun. Thank you for the great year and we look forward to whats in store.
Download Standard Podcasts
|
-Disaster Protocol Joins in for some shit talking
-Tools and News
-Pure Comedy
-BH.BSidesLV.DC talks
-@jsokoly joins in
- @myrcurial calls in
-http://freebyron.com
-EL Scares Marketing (and HR)
Intro: Ligatt Parody by the boys from Disaster Protocol (shitcast.co.uk)
Outro: "60 Revolutions" by Gogol Bordello
|
Sorry no time for Show notes... I'll try to get some up for this episode later.
Intro: "Lies" by Johnny Knows Karate
Outro: "Shrooms" by The Lonely Island
|
What happens when the results of not being successful can cause jail time? Is there a way to use SE skills to keep you from the slammer? We talk to Dale Carson’s author of “Arrest Proof Yourself” about this very topic
Download Standard Podcasts
|
-Social Networking
-Bad Articles
-Lameness
-F.U.D.
-Terrible Top 10
-Tons of other stuff
Intro: "Sofa King" by Dangerdoom
Outro: "Prince Charming" by Brother Ali
|
-Rolaf & Andrew from Paterva talk Maltego -Fun with trucks and guns -More Blue Lasers -Tiger Team Rip-off -Crazy dude tries to take out Bin Laden -Drinking & Writing -Eat Da Poo Poo! -And more of the EL you love Intro "Bottom Line" by Swollen Members Outro "Eat Da Poo Poo AutoTune Remix" by BartBaKer (Youtube)
|
-Random News -More Ligatt -Book Troubles -Screw Google, some more. -Firing Squad Intro: "Golden Brown" by The Stranglers Outro: "Tennessee Wedding" by Jim Bianco
|
-Carlos Perez joins in -SANS Pentesting Summit -Pentesters need to learn business -All kinds of Ligatt stuff -@infosecmafia Joins in too -Tons more Intro "Let it off" by Phantogram Outro "Shut the fuck up" by Cake
|
A round table discussion with some of the brightest minds in social engineering. We will discuss future of social engineering and hear some really cool stories of actual exploits.
Download Standard Podcasts
|
No time for show notes, but Fucking Awesome! Tons of tools and tons of stories!!!!!!!1111one!111!one1
|
Join us as we interview one of the world’s leading experts in unconscious persuasion. Kevin helps us to analyze the methods that people are manipulated while on auto pilot. We dig deep and learn some of most amazing tips on persuasion you will ever hear.
Download Standard Podcasts
|
-Happy Mothers Day
-our 13 month aniversary
-A whole lot of wrong
-A little bit of security
-A few fun tools
-Second big red button
-A bunch of other crap
Intro: "Mr. Shiny Cadillackness" by Clutch
Outro: "Gatman & Robbin'" by 50 Cent ft. Eminem
|
-Thotcon
-National CCDC
-Source Boston
-Mexico City
-War Stories
-Tons of other stuff!
Intro - "Fuck you" by Lily Allen
Outro - "Fuck song" from Disaster Movie
|
The information contained in this podcast is some of the most mind blowing we have ever released. An intimate talk with someone who has detailed knowledge of how to perform identity theft. He outlines, details and shows how these attacks are performed then talks with us how we can mitigate these attacks. You will not want to miss this one.
Download Standard Podcasts
|
I'm running way short on time, so sorry for the lacking show notes. I promise it's a great one though!
-Confessions of a sec addict
-M$/RSA's NEW!!! findings
-A Ton more
Intro - Shame of Life by The Butthole Surfers
Outro - My Dick by Mickey Avalon
|
-TJX Hacker
-Viper Car Alarms
-319753 Mute
-Voice Mail
-Drunk Dialed by our intern
-Tons and Tons more
Intro/Outro - "Typical" by Mute Math
|
-Kos Interview Part 2
-Eurotrash + Jason Street Join in
-Ton more
Intro - "The Worst Day Since Yesterday" by Flogging Molly
Outro - "DUI #1" by Mac Lethal
|
-Part 1 of 2
-Battery Trojan
-Kos Joins in
-More Goog vs China
-Tons more.
Intro - "Cause = Time" by Broken Social Scene
Outro - Natalie Portman Rap from SNL
|
Join the Social-Engineer.org team as we discuss the topics of persuasion and mindlessness with Harvard psychologist and world renowned persuasion expert, Ellen Langer.
Download Standard Podcasts
|
-More Tech Problems
-Ian Amit joins in
-http://www.securityandinnovation.com/
-Cyberwar Jedi mind trick
-Nerd Thunderdome and BSidesLV 2010
-Botnet Fun
-Legalities
-ExcaliberCon
-A bunch more
Intro: Cyborg Love by Mac Lethal
Outro: Dirty Girl by Felt 2
|
-EL's 50th Episode Double the length
-Joe Grand joins in
-Tons of fun Hardware hacking stuff
-Technical Problems
-Badges, that shit ain't easy
-TV Sucks
-Jhaddix drops in
-CN goes to Jail
-Wet your noodle for the EFF
-Lady Laz3r show in Vegas
-A ton more
Intro: Closer to the Club by NIN vs 50 Cent
Outro: Poker Face Cover by Chris Daughtry
|
-First live stream(ish)!
-Rickrolled Live
-EL Android/iPhone Apps
-Boyscout, It's magic
-nmap String of Doom
-Unexpected Guests
-A ton of security stuff!
-Shmoocon
-Hackcon
Intro/Outro - Put it in Your Mouth by Akinyele
|
A live edition of the podcast done at Shmoo Con. We had a very lively topic on how we use the information that is gathered on our social engineering audits. We invited TWO special guests, Tom Eston from Security Justice as well as Shawn Moyer. Both are experienced and seasoned pentesters and social engineers. We rip apart the information security field as well as policies, education and user relation in this podcast.
Download Standard Podcasts
|
-iPad -Only in Vegas
-Tech Crunch
-Joomla
-Laz3r is useless
-Addictomatic.com
-Socialmention.com
-Entitycube.research.microsoft.com
-Yasni.com
Intro - What's the Story Morning Glory by Oasis
Outro - El Chupa Nibre by Dangerdoom
|
-Aluc joins in (@thealuc)
-Useful/Cool phone apps
-Give credit where it's due
-Red Teaming
-Much More
|
-Rafal Los is a Ninja Gangsta -Web Scanners -US getting hacked isn't new -iQuake, app for quake victims -Tons, I do mean tons, more
|
Have you ever wondered where BackTrack came from? Want to know how new editions of our favorite pentesting tool come about? Join us as we talk with muts, balding_parrot, pure_hate as well our panel and special guest and web developer DigiP.
This exclusive will be one to remember.
Download Standard Podcasts
|
-The Goog vs China
-Haiti -Vegas -CES -Dogs Invade -Porn and plot lines -Upcoming Cons -Tons More
|
Join us as we reveal some of the secrets that are widely used in marketing. From social engineering tactics, NLP secrets and manipulation strategies are now unmasked. We join forces with NLP and SE Expert Brad Smith to discuss these hot topics.
Download Standard Podcasts
|
-Hezbolla -Epic failures -TSA -The system works -Voicemail -Facebook Apps -A TON more
|
- Brittney Murphy
- Sky Hacking
- Gates calls in
- Security, it's nothing new - Bad Santa
- And more
|
We discuss the aspect of framing from a very unique perspective. Join us as we delve into the depths of framing and see how we use it in our daily lives and what we can learn from a Harvard Math Genius.
Download Standard Podcasts
|
-Delchi starts off the show -Tom Brennan talks OWASP Top10 -And more of the offensive security you love
|
-Cyborg Bruce -Passwords are easy -7 Scam Principles -SE -and more!
|
- China stories galore - Walmart, No questions asked - France takes it again - ELCon?!?! We need your input!
|
Pretexting is one of the key components of social engineering. When we decided to search out a professional radio host we never thought we would meet one as dynamic and intriguing as Tom Mischke. Join us as Tom helps us to analyze a side of pretexting we rarely consider.
Download Standard Podcasts
|
Marcus J. Carey joins us DojoSec/DojoCon Mitnick bashing Tigerteam is bullshit Giving earns respect A new meaning to ATM
|
- Jayson E. Street - Dissectingthehack.com - The return of Skype - Dale and Delchi call in - Tech problems make Laz3r cry - Infosec Camps - Sharing Info - It's a community - Strippers to hackers program
|
-Tool Runners -Information Gathering -Social Security Engineers -Mistreating Strippers
|
This month we are interviewing ex-Law Enforcement agent Matt Churchill. He has experience in interrogation and interview tactics.
Download Standard Podcasts
|
Episode 799 - Stuxnet at Chevron, MW3 vulns, Google Info Requests, CSA 2012 reprise, and Blizzard sued
|
