Security and Forensics Podcasts Irongeek Listens To
A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Security and Forensics Podcasts Irongeek Listens To

These are just the podcasts I listen to about every week, if you know others I should check out let me know. Also, check out http://getmon.com/ for many more.

Interview with Dan King, Stories of the Week - Episode 382 - August 3, 2014

Come see us this week at DEF CON!

Source: Paul's Security Weekly | 3 Aug 2014 | 8:53 pm

Interview with Michael Santarcangelo - Episode 369, Part 1 - April 10, 2014

Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.

Source: Paul's Security Weekly | 13 Apr 2014 | 5:04 pm

Interview with Josh Abraham - Episode 368, Part 1 - April 3, 2014

At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.

Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.

Source: Paul's Security Weekly | 4 Apr 2014 | 7:49 pm

Wordpress Defacement: Lessons Learned - Episode 366 - March 20, 2014

On March 14, 2014 the securityweekly.com website was defaced (index.php was modified) by an attacker at approximately 6:30AM EST. We discovered this attack, via Twitter in fact, at 8:00AM that morning. Our web site was restored and operational by 11:00AM that morning, and forensics investigations are continuing.

Source: Paul's Security Weekly | 23 Mar 2014 | 5:03 pm

Interview with Gary McGraw - Episode 366 - March 20, 2014

Gary McGraw is an author of many books and over a 100 peer-reviewed publications on IT security. In addition, Gary McGraw serves on the Dean’s Advisory Council for the School of Informatics of Indiana University, and produces the monthly Silver Bullet Security Podcast for IEEE Security & Privacy magazine (syndicated by informIT). Gary is the Chief Technical Officer at Cigital Inc. In addition, he serves on the advisory boards of several companies, including Dasient, Fortify Software, Invincea, and Raven White. He holds dual PhD in Cognitive Science and Computer Science from Indiana University. In the past, Gary McGraw has served on the IEEE Computer Society Board of Governors.

Source: Paul's Security Weekly | 23 Mar 2014 | 5:03 pm

Live from SANS ICS - Episode 365 - March 16, 2014

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency.

Michael Assante is an internationally recognized thought leader in cyber security of industrial control systems. Assante held the position of Vice President and Chief Security Officer at the North American Electric Reliability Corporation and oversaw the implementation of cyber security standards across the North American electric power industry.

Matthew E. Luallen is a well-respected information professional, researcher, instructor, and author. Mr. Luallen serves as the president and co-founder of CYBATI, a strategic and practical educational and consulting company. CYBATI provides critical infrastructure and control system cybersecurity consulting, education, and awareness.

Jonathan Pollet, Founder and Principal Consultant for Red Tiger Security, USA has over 12 years of experience in both Industrial Process Control Systems and Network Security.

Source: Paul's Security Weekly | 23 Mar 2014 | 5:02 pm

Perl Compatible Regular Expressions - Episode 364, Part 2 - March, 6, 2014

In this tech segment we're going to talk about regular expressions in python. We're going to be using perl-style regular expressions, which is usually referenced as "PCRE". PCRE is used in many places outside of Python, such as snort and other IDS signatures, and most places you see regular expressions, it will be PCRE. Regex is a language, but it's far more restricted than a normal programming language.

If you need to perform any complex string search and replace, you're probably going to use regular expressions. As the famous saying goes,
Some people, when confronted with a problem, think “I know, I'll use regular expressions.” Now they have two problems.

So I'm going to teach you how to create some problems for yourself.

I'm going to put the testing strings in the show notes. If you want to play along, you don't need to install python, we're going to use pythex, an online regular expressions tester. I think this is the best way to demonstrate regular expressions without getting too bogged down in the context of code.

Source: Paul's Security Weekly | 8 Mar 2014 | 10:28 pm

Interview with Eve Adams - Episode 364, Part 1 - March, 6, 2014

Eve Adams (@HackerHuntress) is Senior Talent Acquisition Expert at Halock Security Labs, a full-service information security advisory in Schaumburg, IL. Eve leverages her security staffing experience to drive recruitment for both internal Halock roles and client placement. She also spearheads Halock’s social media presence and counts Twitter as one of her most powerful recruiting tools. Eve’s passionate about information security, thinks most recruiters are doing it wrong, and naively believes technology can change the world for the better. In past lives, she has been a writer, translator and reptile specialist, among other things. While she is officially OS-agnostic, Eve usually runs Ubuntu at home.

Source: Paul's Security Weekly | 8 Mar 2014 | 10:26 pm

Hack Naked TV 14-15

FTP Passwords!! They are everywhere!!
http://tinyurl.com/HNTV-FTP-Creds

Chargeware.. It is legal, but it can still get you shot.
http://tinyurl.com/HNTV-EULA

Target breach and the state of phishing:
http://tinyurl.com/HNTV-Target-Email

SANS 560 Orlando April 7th - 12th

http://tinyurl.com/SANS-560-Orlando

Please note the link and the dates in the video are wrong for SANS Orlando.

Source: Paul's Security Weekly | 25 Feb 2014 | 12:17 pm

Interview with Kat Sweet - Episode 363, Part 1 - Febuary 20, 2014

Kat Sweet is a geek-of-all-trades: maker, musician, ham (call sign K7FTW), and firm advocate of NSFW 3D printing. She presented on the latter, giving a talk titled "The Sensual Side of 3D Printing" at BSidesLV and SkyTalks in 2013. She can be followed on twitter at @TheSweetKat.

Source: Paul's Security Weekly | 22 Feb 2014 | 4:08 pm

Joff Thyer on Django Static Code Analysis - Episode 362, Part 2 - February 13, 2014

DjangoSCA is a python based Django project source code security auditing system that makes use of the Django framework itself, the Python Abstract Syntax Tree (AST) library, and regular expressions. Django projects are laid out in a directory structure that conforms to a standard form using known classes, and standard file naming such as settings.py, urls.py, views.py, and forms.py.
DjangoSCA is designed for the user to pass the root directory of the Django project as an argument to the program, from which it will recursively descend through the project files and perform source code checks on all python source code, and Django template files.

Source: Paul's Security Weekly | 17 Feb 2014 | 1:01 am

Interview with Paul Paget from Pwnie Express - Episode 362, Part 1 - February 13, 2014

Paul Paget was appointed CEO of Pwnie Express in August 2013 to help grow it into the leader for testing the security of remote operations. Joining Dave Porcello, the founder, and his outstanding team. The PWN Plug has created a hit and they aim to make it a standard around the world. It radically simplifies and reduces the cost of assessing security, especially in hard to reach out of the way part of an organization such as bank offices, stores and off shore facilities.

Source: Paul's Security Weekly | 17 Feb 2014 | 1:01 am

Ep. 047 Is that a phish in your mouth or you just happy to see me?

Being a stand up comic is a hard job, and full of Social Engineering Goodness. Being a magician in Vegas is just as hard. What if you were both? Our guest Mac King is just that combination, join us for a delightful, blood filled conversation. July 8 2013


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 7 Jul 2013 | 3:56 pm

4:cast Episode 43 – Where No Forensicator Has Gone Before

This episode we’re joined by Jad Saliba from Magnet Forensics as he discusses the newly announced phone features of IEF.
We also talk about NSA letters, Prism, and how Logicube are going all trekkie on us.

Source: Forensic 4cast » Forensic 4cast | 10 Jun 2013 | 7:54 am

Ep. 046 My mind is made up, Don’t confuse me with facts

Back in the late 1960’s one teacher dared to stand up and teach children a powerful lesson in predjuduce. That lesson has implications for us today. Join us as we interview world renowkned teacher, Jane Elliot. June 10 2013


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Jun 2013 | 7:07 pm

Ep. 045 Negotiation Skills Applied to Social Engineering

Negotiation skills - how closely do they mirror Social Engineering? Join us and our guest, Jenny “The Radcliffe” Radcliffe as we discuss these topics


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 May 2013 | 9:20 pm

Ep. 044 Do you trust me?

Trust. It is the foundation that every relationship must have to succeed. Our guest Dr. Paul Zak spent many years studying trust. Join us as he answers questions like:

What is trust? What chemical creates trust? How can you make someone ooze with that chemical? Do synthetic trust products work? Does Dave’s creepy hugging actually have any hint of truth?


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Apr 2013 | 11:14 pm

Exotic Liability 87: Trigger

The one where we start a shiznit-storm and, oh yeah, a chat with Violet Blue....

Thanks to:

Jericho & Banasidhe for being in studio!

Enjoy!

Source: Exotic Liability | 24 Mar 2013 | 10:58 pm

Employee Security: Should we Educate or Ignore

We don’t do it often… but when a topic so fitting comes up we just get together and chat about it. Yesterday a well known author wrote an article that stated basically “security gets in the way of having fun on the Internet”. This topic is close to us as we all focus on education and security. Enjoy the chat… March 20, 2013


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 20 Mar 2013 | 11:25 am

Ep. 043 Social Engineering without a pretext

Join us with Seena Sharp of Sharp Marketing as she helps us understand if it possible to social engineer with out the use of pretexting.

She is the author of the book “Competitive Intelligence Advantage”

She answers questions like: What type of information is the most important? How to collect valuable data? What are the best sources? And much much more!


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Mar 2013 | 10:39 am

Episode 41: The Return

We’re back! First new episode of Forensic 4cast since November 2011. We’ve selected a panel of top people from the field… sadly none of them were available so we have a bunch of other guys instead. Join us as we talk about Android malware, why Lee doesn’t use two-factor authentication, outsourcing to China, and so on.

Suck it Ovie!

You can either listen to the MP3 or watch the YouTube video below.

Source: Forensic 4cast » Forensic 4cast | 11 Mar 2013 | 8:15 am

Ep. 042 Thank you for Social Engineering Me!

Imagine having the power to not only social engineer anyone into giving over information with out hesitation but actually being happy for having done it? Our long time friend and podcast guest, Robin Dreeke talks about context framing and how we use it to leave our targets saying, “Thank you sir, may I have another?” Date Feb 18, 2013


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 17 Feb 2013 | 4:16 pm

InfoSec Daily Podcast Episode 839

Episode 839 - Goodbye, Farewell and So Long

Source: InfoSec Daily Podcast | 5 Feb 2013 | 6:07 pm

InfoSec Daily Podcast Episode 838

Episode 838 - BigBrother in .de, FTC do not track mobile, Cisco study, 2FA for Twitter, and 4k banker credentials leaked.

Source: InfoSec Daily Podcast | 4 Feb 2013 | 7:20 pm

InfoSec Daily Podcast Episode 837

Episode 837 - Silent but Deadly, Don’t Blame Us, & Me Too!

Source: InfoSec Daily Podcast | 1 Feb 2013 | 9:53 pm

InfoSec Daily Podcast Episode 836

Episode 836 - MacOSX a/v, NYT hack, Oracle on Java, and User Fun

Source: InfoSec Daily Podcast | 31 Jan 2013 | 8:58 pm

InfoSec Daily Podcast Episode 835

Episode 835 - UPnP, HP Printers, Alabama DHS Cyber Intrusion, Pwnium Rewards $3.14159 M, and Cloud Security Mistakes

Source: InfoSec Daily Podcast | 29 Jan 2013 | 8:07 pm

InfoSec Daily Podcast Episode 834

Episode 834 - Thoughts on Security Industry

Source: InfoSec Daily Podcast | 28 Jan 2013 | 7:48 pm

InfoSec Daily Podcast Episode 833

Episode 833 - Barracuda Backdoor, Crims can watch you!, and 3 indicted for Gozi botnet.

Source: InfoSec Daily Podcast | 24 Jan 2013 | 8:01 pm

InfoSec Daily Podcast Episode 832

Episode 832 - DHS Warning, APT Attacks, Expelled!, Protect Against Spies, at&t

Source: InfoSec Daily Podcast | 22 Jan 2013 | 5:48 pm

InfoSec Daily Podcast Episode 831

Episode 831 - Virut, HIPAA Final Rule, IA vs IS, Even Moar Java and South Korean Competition

Source: InfoSec Daily Podcast | 21 Jan 2013 | 7:31 pm

InfoSec Daily Podcast Episode 830

Episode 830 - Bodyscanners, MSAV, Genomes & Moar Java

Source: InfoSec Daily Podcast | 18 Jan 2013 | 7:40 pm

InfoSec Daily Podcast Episode 829

Episode 829 - ColdFusion Patched, AIDE 2013 CFP Open

Source: InfoSec Daily Podcast | 17 Jan 2013 | 7:29 pm

Infosec Daily Podcast Episode 828

Episode 828 - CFAA update in works, Red October, dev Outsources to China, GoDaddy NTLM leak, and $5k gets you Java 0day

Source: InfoSec Daily Podcast | 16 Jan 2013 | 8:32 pm

InfoSec Daily Podcast Episode 827

Episode 827 - Hack3rCon, Prepping and General Talk

Source: InfoSec Daily Podcast | 15 Jan 2013 | 6:08 pm

Infosec Daily Podcast Episode 826

Episode 826 - Scrape-DNS, Java Patched But Not Fixed, ADP-Themed Phishing Campaign, Security Vendor Could Be Next Target

Source: InfoSec Daily Podcast | 14 Jan 2013 | 7:57 pm

Ep. 041 Framing Your Life and Becoming Inspirational

Framing is one topic that can make or break the success of a social engineer. What if you could harness the power to reframe yourself to become anything despite any obstacle? Christine Ha is this months guest and she is truly a success story, an inspiration and a star example of re-framing. Date Jan 14, 2013


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Jan 2013 | 6:20 am

Infosec Daily Podcast Episode 825

Episode 825 - DDoS and Free Speech, nokia stops https mitm keeps http mitm, Java 0day again, Exploit kit for $10k per month, and Hacking Pipelines

Source: InfoSec Daily Podcast | 11 Jan 2013 | 10:44 pm

InfoSec Daily Podcast Episode 824

Episode 824 - RFID Tags and school, Java Again, Nokia MitM, China’s new PII law

Source: InfoSec Daily Podcast | 10 Jan 2013 | 8:38 pm

InfoSec Daily Podcast Episode 823

Episode 823 - FISA Warrantless, Impersonation Felony, Assault Weapons Ban

Source: InfoSec Daily Podcast | 8 Jan 2013 | 5:51 pm

Exotic Liability 86 - Christmas and then some...

Supersized episode with lots o' guests!

Merry Christmas from the EL Crew.

Enjoy!

Source: Exotic Liability | 24 Dec 2012 | 10:39 am

InfoSec Daily Podcast Episode 822 [Remix]

Episode 822 - You’re really dead. Cisco VoiP hack, GreenSQL report, paid Facebook message service, and elcomsoft Forensic Disk Decryptor.

Source: InfoSec Daily Podcast | 21 Dec 2012 | 6:38 pm

InfoSec Daily Podcast Episode 821

Episode 821 - Career Dayish, VMWare VMViewer fix, Mimicing APT in pentesting, and ctf365

Source: InfoSec Daily Podcast | 20 Dec 2012 | 6:27 pm

InfoSec Daily Podcast Episode 820

Episode 820 - Oracle Prevent Java Apps,Wiper Copycat?, Dexter, SWF Investigator, Single-browser

Source: InfoSec Daily Podcast | 18 Dec 2012 | 5:54 pm

InfoSec Daily Podcast Episode 819

Episode 819 - Mac Trojan, Samsung Chip, Iran Trojan, EU Breach Disclosure, and TIA rejects NIST mobile security guidelines.

Source: InfoSec Daily Podcast | 18 Dec 2012 | 3:14 pm

InfoSec Daily Podcast Episode 818

Episode 818 - Minority Report, ExloitHub, FSecure 7 for ‘13, and bwall’s pot compare

Source: InfoSec Daily Podcast | 14 Dec 2012 | 5:53 pm

SecuraBit Episode 113: Medical Madness

Hosts


Guests

  • Christopher Burgess - @burgessct - http://www.burgessct.com/

Topics

  • The state of security in Medical.
  • Social movements.
  • Lab Stuff


News Items


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • http://www.sans.org/info/119125
  • Use code 36449 for 20% off your Syngress order!


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 14 Dec 2012 | 10:51 am

InfoSec Daily Podcast Episode 817

Episode 817 - @PentestLessons, IE Data Leakage, No Anonymity, How To Rob A Bank, Dexter, and Security or FUD?

Source: InfoSec Daily Podcast | 12 Dec 2012 | 5:53 pm

InfoSec Daily Podcast Episode 816

Episode 816 - Izz ad-Din al-Qassam, Java Attacks, Android Scanner Fail, Samsung, Carolinas Healthcare, India 1,600

Source: InfoSec Daily Podcast | 11 Dec 2012 | 6:04 pm

Ep. 040 Putting the Psycho in Social Engineering

As social engineers we don’t often have to deal with the negative aspects of psychology, but this month we do. Retired FBI Profiler and international trainer and speaker, Mary Ellen O’Toole joins us to discuss identifying psychopaths and much much more.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Dec 2012 | 12:30 pm

InfoSec Daily Podcast Episode 815

Episode 815 - Necurs 80k+, NDIS backdoor, Jeff Moss on Internet, and EU power company DoS.

Source: InfoSec Daily Podcast | 10 Dec 2012 | 7:29 pm

InfoSec Daily Podcast Episode 814

Episode 814 - Texting 911, "Project Mayhem", Royal Pwn, Debunking, ATT DDOS

Source: InfoSec Daily Podcast | 10 Dec 2012 | 7:28 pm

InfoSec Daily Podcast Episode 813

Episode 813 - BIND 9.9.2, BlackHole & Chrome,Pak hack, 25 GPU Monster, SMB Medical Offices

Source: InfoSec Daily Podcast | 10 Dec 2012 | 7:27 pm

InfoSec Daily Podcast Episode 812

Episode 812 - Nationwide Insurance, US votes to keep internet free, and GT Mobile Browser research

Source: InfoSec Daily Podcast | 6 Dec 2012 | 2:00 pm

InfoSec Daily Podcast Episode 811

Episode 811 - Macs targetted again, tumblr worm, darpa looks for backdoors, and King Cope’s Full Disclosure 0Days.

Source: InfoSec Daily Podcast | 4 Dec 2012 | 6:17 pm

InfoSec Daily Podcast Episode 810

Episode 810 - FOREX, Banks owe, Spear-Phishing, distributed computation via browser

Source: InfoSec Daily Podcast | 30 Nov 2012 | 5:57 pm

InfoSec Daily Podcast Episode 809

Episode 809 - Syria, Printers, Solid Oak, and IAEA

Source: InfoSec Daily Podcast | 29 Nov 2012 | 5:57 pm

InfoSec Daily Podcast Episode 808

Episode 808 - @PentestLessons, Unencrypted PAN Storage, The Email That Hacks You, and Security or FUD

Source: InfoSec Daily Podcast | 28 Nov 2012 | 6:23 pm

InfoSec Daily Podcast Episode 807

Episode 807 - eBay XSS, 1300 Databases, RedHack Trial, Yahoo! XSS 4Sale, 20-plus flaws in SCADA

Source: InfoSec Daily Podcast | 27 Nov 2012 | 5:43 pm

InfoSec Daily Podcast Episode 806

Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing

Source: InfoSec Daily Podcast | 26 Nov 2012 | 5:44 pm

InfoSec Daily Podcast Episode 805

Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing

Source: InfoSec Daily Podcast | 21 Nov 2012 | 5:44 pm

InfoSec Daily Podcast Episode 804

Episode 804 - NZ Kiosk Update, GoatSec Trial, Linux Drive By Rootkit, FreeBSD Compromise, and Konstituion Kiboshing

Source: InfoSec Daily Podcast | 20 Nov 2012 | 5:44 pm

InfoSec Daily Podcast Episode 803

Episode 803 - Google Docs as Proxy, Facebook turns on SSL, Oprah Oops and top 10 Vulns of 2012

Source: InfoSec Daily Podcast | 19 Nov 2012 | 6:00 pm

InfoSec Daily Podcast Episode 801

Episode 801 - EA Origin, Skype, Adobe, Smart Card Sniffing Malware, and NASA's Lost Laptop

Source: InfoSec Daily Podcast | 16 Nov 2012 | 6:00 pm

InfoSec Daily Podcast Episode 800

Episode 800 - Pentest Lessons, BSidesDE Wrap Up and Security or FUD

Source: InfoSec Daily Podcast | 14 Nov 2012 | 5:43 pm

Ep. 039 Information Gathering on Steroids

Our guest this week is notorious forensics guru from the UK, Nick Furneaux. Nick discusses with us the magic of API manipulation. He gave us some free “posh” tips for making websites dump the data we want as social engineers. Try these things below:

Download and install the Firefox addon - JSONView

Try:-

https://api.twitter.com/1/users/lookup.json?screen_name=BarackObama

https://api.twitter.com/1/users/lookup.json?screen_name=MittRomney

http://code.google.com/apis/ajax/playground/

The last one will find all tweets within 2 miles of the GPS coors (central london) that contains the words London Riot. Replace as desired!

http://search.twitter.com/search.json?q=london%20riot&geocode=51.50733,%20-0.12768,2ml&include_entities=true&result_type=mixed

This type of data mining can lead to searchable and impressive results for any social engineer.

Follow Nick on his twitter account, NickFX

Till next month


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Nov 2012 | 3:28 pm

InfoSec Daily Podcast Episode 797

Episode 797 - Adobe 0Day, CoDeSys Responds, Law Firms, Ebanking, iPhones Data

Source: InfoSec Daily Podcast | 8 Nov 2012 | 5:43 pm

InfoSec Daily Podcast Episode 796

Episode 796 - SecZone Founder Interview, @PentestLessons, Security or FUD

Source: InfoSec Daily Podcast | 7 Nov 2012 | 7:21 pm

InfoSec Daily Podcast Episode 795

Episode 795 - Sophos Anti-Virus, LG Smart World, China Most Threatening, Anonymous hackfest, TrustWave SC hacking

Source: InfoSec Daily Podcast | 6 Nov 2012 | 5:52 pm

InfoSec Daily Podcast Episode 794

Episode 794 - Irish Incidents on rise, Coke-a-cola Hacked and doesn’t tell, NJ e-mail vote, Nov. 5th breaches

Source: InfoSec Daily Podcast | 5 Nov 2012 | 6:29 pm

InfoSec Daily Podcast Episode 793

Episode 793 - Paypal Vulnerable, Android Client Side Protection, DHS The Opportunist, and Hackmageddon October Timeline

Source: InfoSec Daily Podcast | 2 Nov 2012 | 6:29 pm

InfoSec Daily Podcast Episode 792

Episode 792 - Algerian Attack, Windows 8 defeated, ZeroAccess Botnet, Fast Flux Botnet, DigiNotar Final Report, SC Data breach, iOS 6.0.1

Source: InfoSec Daily Podcast | 1 Nov 2012 | 5:51 pm

SecuraBit Episode 112: Protect All the Secrets!

Hosts


Guests

Topics


News Items


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
  • Use code 36449 for 20% off your Syngress order!


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 1 Nov 2012 | 4:42 pm

InfoSec Daily Podcast Episode 791

Episode 791 - 60 Seconds Arrests, .AU Post breached again, .ru cyberspy in Georgia, DDoS & SQLi lead on forums and UK Bank Phishers arrested

Source: InfoSec Daily Podcast | 31 Oct 2012 | 5:49 pm

InfoSec Daily Podcast Episode 790

Episode 790 - Naming hackers, Firefox 16.0.2, Xtreme RAT, NullCrew, Twinings Tea

Source: InfoSec Daily Podcast | 30 Oct 2012 | 5:49 pm

InfoSec Daily Podcast Episode 789

Episode 789 - DNS Amplification still going, Cloud Security control, UK says lie on the internet, .JP bank phishing, and Supreme Court and ownership

Source: InfoSec Daily Podcast | 29 Oct 2012 | 6:10 pm

InfoSec Daily Podcast Episode 788

Episode 788 - synackpwn, SCDR, Data Breach Laws & Election/Vote Hacking 2012

Source: InfoSec Daily Podcast | 26 Oct 2012 | 6:10 pm

Ep. 038 Live from DerbyCon 2012

DerbyCon V2.0 was an epic con. The team was all present to share if a few firsts - and our first live podcast from DerbyCon… Check it out Date Oct 15, 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Oct 2012 | 7:37 pm

Securabit Episode 111: Glitching with Derp

Hosts


Guests

Topics

  • The Glitch
  • Derp


News Items
LastPass Sentry Warns You When Your Online Accounts Have Been Breached
http://lifehacker.com/5944301/lastpass-sentry-warns-you-when-your-online-accounts-have-been-breached

Android Hack: Cracking WiFi passwords with your phone
http://hackaday.com/2012/09/18/android-hack-cracking-wifi-passwords-with-your-phone/

Judge correctly rules WiFi sniffing legal
http://erratasec.blogspot.com/2012/09/judge-correctly-rules-wifi-sniffing.html
http://arstechnica.com/tech-policy/2012/09/sniffing-open-wifi-networks-is-not-wiretapping-judge-says/

Google Acquires Online Malware Scanner VirusTotal
http://lifehacker.com/5941392/google-acquires-online-malware-scanner-virustotal

Chase joins Bank of America in possible Islamic attack outage
http://www.theregister.co.uk/2012/09/19/chase_website_outage/

Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
  • Use code 36449 for 20% off your Syngress order!

Upcoming events

Links

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 25 Sep 2012 | 2:33 pm

SecuraBit Episode 110: We can do Science!

Hosts


Guests

  • AP Delchi - http://bsideslv.com/sciencefair/ - Submit your idea through your local hackerspace and represent! This is an excellent opportunity to start new hackerspaces or make existing ones even better!


Topics

  • Science Fair!
  • Bitcoin Hack
  • GovDeals


News Items
Dropbox’s Two-Step Authentication Out of Beta, Enable It Now to Further Secure Your Data
http://lifehacker.com/5938341/dropboxs-two+step-authentication-out-of-beta-enable-it-now-to-further-secure-your-data

Here’s Everywhere You Should Enable Two-Factor Authentication Right Now
http://lifehacker.com/5938565/heres-everywhere-you-should-enable-two+factor-authentication-right-now

How Secure Are You Online: The Checklist
http://lifehacker.com/5938980/how-secure-are-you-online-the-checklist

‘Degrade, Disrupt, Deceive’: U.S. Talks Openly About Hacking Foes
http://www.wired.com/dangerroom/2012/08/degrade-disrupt-deceive/

Toyota Contractor Accused of Sabotaging Company Network, Stealing Data
http://www.wired.com/threatlevel/2012/08/toyota-alleges-sabotage/

Hackers Release 1 Million Apple Device IDs Allegedly Stolen From FBI Laptop
http://www.wired.com/threatlevel/2012/09/hackers-release-1-million-apple-device-ids-allegedly-stolen-from-fbi-laptop/

Another reason to not use floating unregulated currencies
http://nakedsecurity.sophos.com/2012/09/06/bitcoin-exchange-floored-in-virtual-bank-robbery-250000-stolen-in-security-lapse/

http://www.wired.com/images_blogs/dangerroom/2012/09/torturebox.png
Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
  • Use code 36449 for 20% off your Syngress order!


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 14 Sep 2012 | 10:55 am

Ep. 037 “Trust Me I’m Lying” An Interview with Ryan Holiday

Media Manipulation. What Is it? How does it work? Can you really make people see, buy and read things? Ryan is an experienced and talented media manipulator.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Sep 2012 | 6:41 pm

SecuraBit Episode 109: Hercules had a Z800!

Hosts


Guests


Topic

  • Crisis Malware
  • Z800 For Sale
  • Citrix
  • AV Talk - Primary vs Secondary Technology
  • Mainframes and TSO Brute


News Items


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
  • Use code 36449 for 20% off your Syngress order!


Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 22 Aug 2012 | 8:39 pm

SecuraBit Episode 108: 50% Survived DEFCON Edition

Hosts


Guests


Topics


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE OnDemand Bundle with corresponding course purchase for SANS Network Security 2012 with code SecuraBit_NS12OD
  • Use code 36449 for 20% off your Syngress order!


Upcoming events

Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 15 Aug 2012 | 3:13 pm

Ep. 036 LIVE From Defcon 20: Social-Engineer Anniversary

3 years - wow. A truly humbling journey its been. 3 years we have spent researching, dissecting and analyzing all manner of human influence. With the most successful SECTF to date, we celebrate our 36th in style - AT DEFCON 20. The panel has changed (we miss you Jim), the topics have gotten deeper and the quality has gotten better.

What did this year include? How did the SECTF go? Well, find out as you join us for our 3 year anniversary LIVE!


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 31 Jul 2012 | 4:48 pm

SecuraBit Episode 107: Summer Con Preview

Hosts

Guests

Topics

Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
  • Use code 36449 for 20% off your Syngress order!

Upcoming events

Links

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 20 Jul 2012 | 8:24 pm

SecuraBit Episode 106: Unlock your Door!

Hosts

Guests

Topics

  • TOOOL - The Open Organisation Of Lockpickers http://toool.us/
  • Physical Security and the Three R's
  • New edition of Practical Lockpicking coming soon!

News Items
Coders' Rights At Risk in the European Parliament
https://www.eff.org/deeplinks/2012/06/eff-european-parliament-directive-attack-information-systems

Department of Homeland Security and U.S Navy hacked
http://thehackernews.com/2012/06/department-of-homeland-security-and-us.html

US-CERT discloses security flaw in Intel chips
http://m.csoonline.com/article/708568/us-cert-discloses-security-flaw-in-intel-chips  

FEMA pushes cyber attack game for businesses
http://www.v3.co.uk/v3-uk/the-frontline-blog/2184608/fema-pushes-cyber-attack-game-businesses

United States Department of Defense data leaked by Anonymous hackers
http://thehackernews.com/2012/06/united-states-department-of-defense.html

KeepTheWebOpen.com
http://keepthewebopen.com/digital-bill-of-rights

Attacks Targeting US Defense Contractors and Universities Tied to China
http://threatpost.com/en_us/blogs/attacks-targeting-us-defense-contractors-and-universities-tied-china-061312

10000 Twitter User oauth token hacked and Exposed by Anonymous
http://thehackernews.com/2012/06/10000-twitter-user-oauth-token-hacked.html

Password flaw leaves MySQL, MariaDB open to brute force attack
http://go.theregister.com/feed/www.theregister.co.uk/2012/06/11/mysql_mariadb_password_flaw/


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE exam attempt with corresponding qualifying course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC (Expires July 6th!)
  • Use code 36449 for 20% off your Syngress order!


Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 3 Jul 2012 | 9:10 am

Exotic Liability 85: The boys are back in town

- Recent events review

- DC20 and BSides LV preview

- Secret goings-on...


www.exoticliability.com

Source: Exotic Liability | 1 Jul 2012 | 10:36 pm

Ep. 035 Mastering Elicitation with John Nolan

The art of obtaining information without ever asking a question, known as elicitation, is a skill that can make you a master social engineer. Join us as we talk with author and expert on this topic, John Nolan. Date June 11, 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Jun 2012 | 6:33 pm

SecuraBit Episode 105: Flaming Bluetooth Penetration!

Hosts


Guests


Topics

  • APT and Penetration Testing
  • Bluetooth Hacking and Reconnaissance


News Items
Google Warning Users About State-Sponsored Attacks | threatpost
http://m.threatpost.com/en_us/blogs/google-warning-users-about-state-sponsored-attacks-060512

Apple Releases Guide To iOS Security - TechCrunch
http://m.techcrunch.com/2012/06/04/apple-releases-guide-to-ios-security/

Flame
A Massive Web of Fake Identities and Websites Controlled Flame Malware
http://www.wired.com/threatlevel/2012/06/flame-command-and-control/

Spy malware infecting Iranian networks is engineering marvel to behold
http://arstechnica.com/security/2012/05/spy-malware-infecting-iranian-networks-is-engineering-marvel-to-behold/

Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers
http://www.wired.com/threatlevel/2012/05/flame/

Stuxnet
Report: Obama Ordered Stuxnet to Continue After Bug Caused It to Spread Wildly
http://www.wired.com/threatlevel/2012/06/obama-ordered-stuxnet-continued/

Confirmed: US and Israel created Stuxnet, lost control of it
http://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/


Words to Avoid Online If You Don't Want to Join the Government's Watch List http://lifehacker.com/5913945/words-to-avoid-online-if-you-dont-want-to-join-the-governments-watch-list


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
  • Use code 36449 for 20% off your Syngress order!


Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 6 Jun 2012 | 8:37 am

SecuraBit Episode 104: Cackalacky Goodness!

Hosts


Guests

  • Dr. Tran
  • Emwave
  • Professor Farnsworth


News Items


Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
  • Use code 36449 for 20% off your Syngress order!


Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 18 May 2012 | 3:11 pm

Ep. 034 Beating the Polygraph - Social Engineer Style

Can the polygraph be beaten? How can a social engineer utilize non-verbal communication to become an professional interviewer? Join us with our guest Mike Liwiki, an FBI veteran and professional Polygraph examiner as we answer these questions. Date May 14 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 13 May 2012 | 9:21 pm

SecuraBit Episode 103: Pockets full of Ownsies

Hosts

Guests

  • Tom Eston - @agent0x0
    • Mobile App/Device Security and Security Justice.

Topics

  • Lab
  • Contests
  • Banter

News Items

Use Our Discount Codes

  • Use code SecuraBit_Connect to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.
  • FREE exam attempt with corresponding course purchase for SANSFIRE 2012 with code SecuraBit_SFGIAC
  • Use code 36449 for 20% off your Syngress order!

Upcoming events


Links


Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast – http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available – http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 3 May 2012 | 10:03 pm

SecuraBit Episode 102: The Last Train

Please join us as we kick it old school with various news and banter, as well as a special interview with Chris Sullo!  Our show notes can be found here.

Source: SecuraBit | 24 Apr 2012 | 12:18 pm

Ep. 033 Hacking Human Behavior

Hackers are people who like to understand the deeper things in life. Those who aren’t satisfied with boundaries or being told how to think or what to do. Our guest this month is a true “hacker”, Josh Klein. Join us as we discuss what is hacking this month. Date April 09 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Apr 2012 | 2:45 pm

Exotic Liability 84: FTW

-RSA events

-Liability Pad

-Book club

-BYOD nitemare

-GPS rulez

-Shady fat man

-Playground fights

-NCCDC

-DerbyCon/Source Boston

-Tooltime

Source: Exotic Liability | 1 Apr 2012 | 10:58 am

SecuraBit Episode 101: The Survey Says!

Join us as we talk with Robin Wood (@digininja) about his recent survey of IT Security professionals!  Our show notes can be found here:  http://wiki.securabit.com/ShowNotes/EP101

Source: SecuraBit | 30 Mar 2012 | 1:59 pm

2012 Award Nominations

Nominations have been open for some time now but I also understand that you may not read the site, only listen to the podcast. If this is the case, this is especially for you.

Source: Forensic 4cast » Forensic 4cast | 12 Mar 2012 | 9:30 am

Ep. 032 Non-Verbal Human Hacking

Emotions cause an involuntary muscular response that last only 1/25th of second to 1 sec on a human face. Being able to decode these reactions can help a person communicate on a very deep and personal level. But how can they be used as a social engineer? Join us and Dr. Paul Ekman, world renowned for his research into microexpressions, as we explore this fascinating topic Release Date March 12 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Mar 2012 | 7:12 pm

SecuraBit Episode 100: Double Header with WPS and Forensics!

Join us as we interview Craig Heffner of Tactical Network Solutions regarding the recent WPS vulnerability and his Reaver tool, and as we also interview Harlan Carvey whose latest Windows Forensic Analysis Toolkit book was recently released.  

Our show notes can be found here:  http://wiki.securabit.com/ShowNotes/EP100

 

 

 

Source: SecuraBit | 11 Mar 2012 | 11:52 am

SecuraBit Episode 99: 99 Bottles of Pwn on the Wall!

Join us as we interview the CTO of Silicum Security about ECAT, Pascal Longpre! 

Please refer to our wiki for full show notes.

Source: SecuraBit | 27 Feb 2012 | 6:41 pm

Exotic Liability 83: Oh yeah

In this huge episode:

We're back!

Retorts

Head in the clouds

RSA love vs. Team Sad Face

Got a dollah

Cyber, cyber, cyber

Juice box

Hookers and blow

SET update

Mimikatz

Source Boston

B-Sides SF

Demerit points

Adventures in insomnia

Source: Exotic Liability | 26 Feb 2012 | 1:08 am

Ep. 031 Profiling People with Social Media

Being able to build a successful profile is an essential tool for a social engineer. There are tools out there that specialize in gathering and detailing information on targets. What about social media? Chris Sumner helps us to use social media to build effective profiles on our targets Release Date Feb 13 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 Feb 2012 | 9:40 pm

SecuraBit Episode 98: Adapting to Our Internet!

Please join us as we talk about cybercrime, botnets, and the ever changing internet with special guest Brian Krebs! Our show notes are now on our wiki:  http://wiki.securabit.com/ShowNotes/EP98

Source: SecuraBit | 8 Feb 2012 | 3:34 pm

More details on the Pentesting Lab

In Episode 97 we announced that we'd be sending some preconfigured BT5 boxes to hackerspaces as well as a virtual machine version of this for people to access our community pentesting lab. Currently, there are 15 virtual machines available to be attacked, and we're setting a current target of 15 to 20 users for this [...]

Source: SecuraBit | 30 Jan 2012 | 12:08 pm

SecuraBit Episode 97: Ron Gula and Cyber Warfare!

Please join us as we interview Ron Gula, Co-Founder of Tenable Security!  We also discuss various cyber warfare topics including Al Qaeda hacking, SCADA, and our own Pentesting lab offering for the community and for hackerspaces! http://wiki.securabit.com/ShowNotes/EP97

Source: SecuraBit | 25 Jan 2012 | 3:22 pm

Ep. 030 How to S.E. Your Sexy Back

For years people have told us to get a Pick Up Artist on the podcast. It never really appealed to us, till we met Jordan Harbinger. Jordan is not a PUA but a confidence consultant. He helps guys learn how to be the best they can be. He is a social engineer, an influence expert and one awesome podcast guest. Release Date January 09 2012


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Jan 2012 | 9:02 pm

Exotic Liability 82 Holidays are Errata funz

The story behind http://securityerrata.eu/errata/index.html

http://attrition.org/errata/

writing based on facts

the tough road of accountability

 and a whole bunch of other shit we didnt make notes of. 

oh yea. a bunch of podcasters at the end....sorry it got crazy.

Source: Exotic Liability | 5 Jan 2012 | 9:47 pm

SecuraBit Episode 96: Year in Review!

Join us as we talk about 2011!  Please visit our wiki for full show notes!

Source: SecuraBit | 3 Jan 2012 | 1:37 pm

InfoSec Santa

Greyscaledx rides through again and fixes our shit skype

we sewar about stuff

Why we like anon/lulz/etc

other current news

HAhah... u REALLY think we are gonna have show notes... really!?>?

InfoSec Santa is on to talk naughty

We throw Baseballs...

</end>

Source: Exotic Liability | 16 Dec 2011 | 7:31 pm

SecuraBit Episode 95: Words with Alec Baldwin!

Join the crew as they interview special guest Marisa Fagan of SECore! Please visit our wiki for full show notes!

Source: SecuraBit | 16 Dec 2011 | 8:03 am

Ep. 029 Force Multipliers in Modern Social Engineering

What can you do if a loved one was kidnapped and the government couldn’t help? The Halo Corp is a group of ex-Military commando’s that specialize in rescuing and recovering of people in very dangerous circumstances. We invited Brad Barker, the CEO of The Halo Corp onto the podcast to discuss how they use Social Engineering. Release Date December 12 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Dec 2011 | 4:16 pm

SecuraBit Episode 94: Late Night with Securaline!

Join us as we talk some lab shop with Mike Bailey and the rest of the crew! Please visit http://wiki.securabit.com/ShowNotes/EP94 for our show notes!

Source: SecuraBit | 6 Dec 2011 | 3:49 pm

Episode 40 – All is not what it seems

In this episode we are joined by data recovery and forensics specialist Gareth Davies. Gareth has published papers and given presentations on the subject of data storage manipulation. Our discussion contains items that, I believe, all forensic investigators should be aware of.

Source: Forensic 4cast » Forensic 4cast | 28 Nov 2011 | 8:16 pm

Ep. 028 – Getting Physical With Social Engineering

Physical Social Engineering is a very interesting topic. Although it is the easiest method into a company it is also the hardest type of pentest to sell to clients. We discuss this topic with two experienced and professional physical social engineers, Sharon Conheady and Munya Kanaventi. Release Date November 14 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 13 Nov 2011 | 8:58 pm

Challenge 2 Update

Please re-download the Steganography file from the original post.  The first one was corrupted.  It will now export with the proper lowercase key.

Source: SecuraBit | 7 Nov 2011 | 11:15 am

SecuraBit Episode 93: Playing in the Sandbox!

Join us as we interview Nick Keuning from GFI about their Sandbox solution! Our show notes are now housed on our wiki.  Please visit this link to view them!

Source: SecuraBit | 5 Nov 2011 | 2:42 pm

SecuraLabs Challenge #2

This time around we are giving away books! The contest officially starts NOW and will run until 11:59PM on 11/19.  We will announce winners promptly after that. Prizes will be awarded to 1st and 2nd place.  Everyone else who scores any amount of points will be entitled to a free sticker mailed to them if [...]

Source: SecuraBit | 5 Nov 2011 | 1:16 pm

SecuraBit Episode 92: Hammers, Nails, and Screwed!

On this episode we had special guest Christofer Hoff on to discuss Cloud and Virtualized security.  We touched on some pretty amazing points and we hope you'll enjoy this show!   Please visit our wiki for full show notes!

Source: SecuraBit | 20 Oct 2011 | 8:53 am

Derbycon Challenge and Attendance Wrap-Up

Hey folks, This is a wee bit late but we wanted to post the answers to our challenge that we had up before Derbycon.  Fortunately for all, there were enough tickets that nobody actually needed ours. We had a great time meeting folks and talking security, as well as meeting up with you, our valued [...]

Source: SecuraBit | 11 Oct 2011 | 8:26 pm

SecuraBit Episode 91: The Show That Almost Wasn’t

Please visit our Wiki for full show notes

Source: SecuraBit | 10 Oct 2011 | 12:30 pm

Ep. 027 No Hype NLP for Social Engineers

NLP is a subject of much debate in the security world as well in the science community. This podcast we delve deep into the top… dissecting what NLP is, how it is used in daily life, in the medical field, for therapy and of course, how it can be used by social engineers.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Oct 2011 | 9:33 pm

Derbycon Meetup Friday Night at 10pm!

Join us this Friday 9/30 at the Bluegrass Brewing Company @ 10pm eastern time.  Come by and grab a beer, hang out, and let us throw stickers at you! The location is: Bluegrass Brewing Company 2 Theater Sq, Louisville, KY 40202(502) 568-2224  Here are walking directions as well.  It's 0.5 miles to walk it, and [...]

Source: SecuraBit | 28 Sep 2011 | 1:41 pm

SecuraBit Episode 90: Ghosts and Cylons

  Join us as we interview Saviour Emmanuel Ekiko, author of the Ghost Phisher tool. Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP90

Source: SecuraBit | 26 Sep 2011 | 7:18 am

Derbycon Ticket Challenge!

Challenge closed. tuts for solutions will be submitted soon.  Congrats to our winners who completed all the challenges.  Andrew Fastow              - 13 points jgor      @indiecom        - 13 points Thanks to all that participated Look forward to seeing you next month for our #SecurabitChallenge   Anyone competing [...]

Source: SecuraBit | 22 Sep 2011 | 8:21 am

Exotic Liability 80: Unbreakable

- Superstar Thoughtleader Chris Eng brings some real Infosec Talent

- All the other stuff doesn't matter =)

Oh yea... Follow  @grayscaledx and thank him profusely for remixing our f'd sound. We owe him big for this one.

Now Sponsored by: Listeners who gave us enough $ to buy new gear and sound better than we did on this ep. 

Dunno if we can credit him/her/them yet but if we get permission we will.

\m/


Source: Exotic Liability | 21 Sep 2011 | 6:30 pm

SecuraBit Episode 89: Executables or Executables?

  Hosts Chris Gerling - @secbitchris Chris Mills - @chrisam Andrew Borel - @andrew_secbit Tony Huffman - @myne_us Guests Rafal Los - @Wh1t3Rabbit http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/bg-p/sws-119 Topics Vericode vs Oracle Root Certificate Authorities Anonymous Item X Use Our Discount Code Use "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all [...]

Source: SecuraBit | 13 Sep 2011 | 3:25 pm

Ep. 026 Kevin Mitnick - Raw, Uncensored and Uncut

Probably no other name is thought of more when people talk about social engineering than Kevin Mitnick. Kevin’s new book, “Ghost in the Wires” is now on the New York Times Best Seller list and there is a lot of comments, debates and opinions about Kevin floating around. The Social-Engineer.Org crew asks the questions that the rest of the world is afraid.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Sep 2011 | 9:17 pm

Episode 39 – Luby’s Worst Nightmare

In this episode Rob Lee has joined me to talk about the Consortium of Digital Forensic Specialists (CDFS).

For more information about CDFS please visit http://www.cdfs.org

Also, if you’re wondering what Rob was talking about towards the end, here’s the video in question: http://www.youtube.com/watch?v=kA565OyOkLM

WARNING!

I can not be held responsible for your own personal well-being if you choose to watch this.

Source: Forensic 4cast » Forensic 4cast | 1 Sep 2011 | 4:10 am

EL 79: ConGestion

Rambling about con's n vegas mayhem

Bye Bye BSides

other stuffz

less content than normal... we were in recovery =) u were too.... admit it.

Source: Exotic Liability | 22 Aug 2011 | 9:23 am

Ep. 025 Social-Engineer.Org Live at Defcon 19

Our live podcast from Defcon 19


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Aug 2011 | 5:36 pm

SecuraBit Episode 88: How to get laid!

  We are now doing our show notes inside of our wiki.  If you have suggestions or comments please feel free to leave them here. http://wiki.securabit.com/ShowNotes/EP88 Thank you for listening!  

Source: SecuraBit | 11 Aug 2011 | 3:36 pm

SecuraBit Episode 87: Don't link my RF link!

Check out our wiki for show notes!

http://wiki.securabit.com/ShowNotes/EP87

Source: SecuraBit | 31 Jul 2011 | 8:56 pm

Episode 78: Con-dom

VEGAS!!! BlackHat 2011, BSidesLV, and Defcon 19 schedule reviews!!! See you all at the Cons next week. ConBlackmail.com is COMING! Parties, Booze, and Puke!

Source: Exotic Liability | 30 Jul 2011 | 3:41 pm

Exotic Liability 77- Winehouse

No show notes this week... sorry ;)

intro- GTFTS- Samuel L. Jackson

Outtro- Overdose: Jamie Foxx

Source: Exotic Liability | 27 Jul 2011 | 6:15 pm

SecuraBit Episode 86: Securing Layer 8

Join us as we interview Lance Spitzner, Technical Director for the SANS Securing the Human Program.

Show notes are now at our wiki:  http://wiki.securabit.com/ShowNotes/EP86

Source: SecuraBit | 24 Jul 2011 | 8:20 pm

Exotic Liability 76 - Down the Rabbit Hole

Opening song by Dr. Dre & Eminem. TV shows, chat with the White Rabbit about all kinds of shit. Closing song by Emiliana Torrini from the SuckerPunch soundtrack. (ya, ryan did the show notes on this one)

Source: Exotic Liability | 20 Jul 2011 | 4:28 pm

Securabit SEG style #2 JOP with Tyler Bletsch

Hosts

myne-us @myne_us

Jacob hammack @hammackj

Guest Host

Dave Kennedy @dave_rel1k

Guest

Dr. Tyler Bletsch (Tyler.Bletsch {at} gmail.com)

Tyler's former security group at NC State University under Xuxian Jiang - http://www.csc.ncsu.edu/faculty/jiang/

Topics

JOP programming

Turing complete exploit development (http://en.wikipedia.org/wiki/Turing_completeness)

links

JOP

JOP technical report

ftp://ftp.ncsu.edu/pub/tech/2010/TR-2010-8.pdf

JOP academic paper

http://www.csc.ncsu.edu/faculty/jiang/pubs/ASIACCS11.pdf

Tyler's dissertation (JOP in x86 and MIPS, and a few other techniques)

http://repository.lib.ncsu.edu/ir/bitstream/1840.16/6698/1/etd.pdf

ROP

http://cseweb.ucsd.edu/~hovav/dist/rop.pdf

http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/

http://sandsprite.com/CodeStuff/Understanding_imports.html

http://j00ru.vexillium.org/?p=893

http://www.braid-game.com/

http://qubes-os.org/Architecture.html

If you like the intro music and the closing music check out http://dualcoremusic.com/nerdcore/

break music http://www.audiomicro.com/saxophone-piano-drums-short-jazz-introduction-royalty-free-stock-music-94

Source: SecuraBit | 16 Jul 2011 | 9:48 am

Exotic Liability 75: Major Marcus

Really long episode featuring Dave Marcus

Source: Exotic Liability | 14 Jul 2011 | 4:46 pm

Ep. 024 The Authors of Metasploit: A Penetration Testers Guide

Our guests this month are people you all know and love… but this time we talk to Muts, Jim, Dookie… oh and Dave (and a special GUEST) about the release of their book, Metasploit: A Penetration Testers Guide in this first interview with the crew about their book. Release Date July 11 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Jul 2011 | 10:21 pm

Exotic Liability 74: Emo

Sorry no show notes kiddoes.  This is a rush job then back to work, and I wasn't present for recording to take notes.

Source: Exotic Liability | 7 Jul 2011 | 12:16 am

Securabit SEG style #1

Hosts
myne-us @myne_us
Jabob hammack @jhammack

Guest
Dave Kennedy @dave_rel1k
http://www.derbycon.com/
http://www.secmaniac.com/
http://seorg.org/

Topics
is BOF dead
what got you started
what are some of things that helped you get started
Heap
osx exploitation
and more....

links
http://advancedwindowsdebugging.com/
https://net-ninja.net/blog/?p=293
http://www.exploit-db.com/
http://www.offensive-security.com/live-information-security-training/

Intro by http://dualcoremusic.com/nerdcore/

@dave_rel1k

Source: SecuraBit | 2 Jul 2011 | 6:00 pm

Episode 38 – Independent Women REPOST

In this episode I have taken a break from hosting and my wife, Alisha has taken over as the first all-female panel takes the stage in a special edition of Forensic 4cast.

Listen to the first ladies of forensics discuss how they got into the field, as well as the challenges and perks of working in the field as a member of the fairer sex.

Sadly I forgot to put something in the episode about the LinkedIn Group. If you are a female forensicator please join the group “Women in Digital Forensics” http://www.linkedin.com/groups?home=&gid=3766181&trk=anet_ug_hm. I joined it and am now an honorary woman. Not sure how I feel about that particular moniker…

*The original file had a small problem that I have now fixed.

Source: Forensic 4cast » Forensic 4cast | 28 Jun 2011 | 2:47 pm

SecuraBit Episode 84: Tech Talk with Scott Moulton

SecuraBit Episode 84:  Tech Talk with Scott Moulton
June 15, 2011   

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us

Guests:
Scott Moulton - @scottamoulton - http://www.myharddrivedied.com/

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.


Upcoming events
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 28 Jun 2011 | 1:44 am

SecuraBit Episode 83: Hey look its the Human Hacker!!!

SecuraBit Episode 83:  Hey look its the Human Hacker!!!
June 1, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling - MIA
Christopher Mills – @thechrisam - MIA
Jason Mueller – @securabit_jay - MIA
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Tim Krabec  - @tkrabec

Guests:
Chris Hadnagy ( @humanhacker on Twitter ) discusses Social Engineering: The Art of Human Hacking

General topics:
Social Engineering: The Art of Human Hacking
http://www.amazon.com/Social-Engineering-Human-Hacking-ebook/dp/B004EEOWH0/ref=tmm_kin_title_0?ie=UTF8&m=AG56TWVU5XWC2
Social-Enginer.org
- variety of guests who use social enginering
Does Social Engineering Always Involve Deception?
Marketing or Social Engineering
Stereotypes
online help from skype :) <LOL
Social Engineer CTF for DEFCON 19
Five Key Points of Social Engineering

Links to News:
http://www.rollingstone.com/music/news/hackers-plant-fake-tupac-story-on-pbs-website-20110531http://www.redstate.com/neil_stevens/2011/05/28/anthony-weiner-and-his-eponymous-twitter-hack/
http://threatpost.com/en_us/blogs/report-l3-warns-employees-attacks-using-compromised-securid-tokens-060111


Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.


Upcoming events
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
SANS Boston 2011(8 - 15 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 14 Jun 2011 | 4:45 am

Ep. 023 Social Engineer Yourself Into Rational Thought

Our guest Dan Airely is a behavioral economist. He is a renowned author and speaker on the topics of Predictable Irrationality.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 Jun 2011 | 8:39 pm

SecuraBit Episode 82: Totally Rad Man!

SecuraBit Episode 82:  Totally Rad Man!

May 18, 2011

Hosts:

Anthony Gartner – @anthonygartner http://anthonygartner.com

Chris Gerling  – @chrisgerling

Christopher Mills – @thechrisam

Jason Mueller – @securabit_jay

Andrew Borel –  @andrew_secbit

Tony Huffman – @myne_us

Guests:

Carl Herberger from http://www.radware.com/ 

General topics:

 DDOS: Recent attacks from groups like anonymous , attack vectors, technique information and how it can effect you.

Signatures: Signature based detection and the effects it had on todays security

General security: Some general discussion on security 

Securibit exploit development group (SEG)  starting up blog post coming soon.

 

NEWS:

PSN hacked again! : 

 Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackersduring the initial PSN attack.

http://arstechnica.com/gaming/news/2011/05/report-playstation-network-passwords-exploited-accounts-compromised.ars

international_strategy_for_cyberspace.pdf

http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf

Backtrack 5 is out

http://www.backtrack-linux.org/

Facebook privacy demo gets guy arrested in austrelia

http://www.net-security.org/secworld.php?id=11045

Microsoft patch tuesday

http://www.microsoft.com/technet/security/bulletin/ms11-may.mspx

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events

#BSidesDetroit (3 - 4 Jun 2011)

#BSidesStJohns St. John's, NL (10 Jun 2011)

#BSidesCT Meriden, CT (11 Jun 2011)

FIRST Austria (12 - 17 June 2011)

#BSidesVienna(18 June 2011)

Toorcon (18 - 19 June 2011)

#BSidesLasVegas (3-4 August 2011)

BlackHat Vegas (3 - 4 August 2011)

DEFCON 19 (4 - 7 August 2011)

#BSidesLA Los Angeles, CA (18 - 19 August 2011)

#BSidesMO(21 Oct 2011)

#BSidesNewDelhi (22 - 23 October 2011)

VB Barcelona October 2011

Links:

http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit

iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405

iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 26 May 2011 | 6:00 am

Ep. 022 Social Engineering for the Masses

Our guest Aaron Delwiche is a TED speaker and a college professor that focuses on the use of propaganda. His site is devoted to understanding how it works. Release Date May 19 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 17 May 2011 | 7:44 pm

SecuraBit Episode 81: Network Admins Takeover

SecuraBit Episode 81:  Network Admins Takeover
May 4, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Andrew Borel –  @andrew_secbit
Tim Krabec  - @tkrabec

Guests:
Sam Bowne discusses IPv6 and the RA 0day attack
Twitter: @sambowne
Home page: samsclass.info


General topics:
IPv6 Info: http://samsclass.info/ipv6/60_S11.php
RA 0day attack: http://samsclass.info/ipv6/proj/flood-router6a.htm
http://orchilles.com/2011/04/ssl-renegotiation-dos-faq.html


NIST Guidelines for the Secure Deployment of IPv6
http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf

Hurricane Electric cert and info
http://ipv6.he.net/certification/

BackTrack 5 Available on May 10, 2011
http://www.backtrack-linux.org/

Netwitness
http://www.netwitness.com/products-services/investigator-freeware
http://www.netwitness.com/resources/videos/investigator-tutorial-1-overview-navigation

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 9 May 2011 | 5:55 am

Exotic Liability 73: A Bad Joke

Welcome to the first of many EL Podcasts to come.  We cover a ton of stuff, including some more details on the recent changes.  We hope you like the new format as much as we do! 

Previously known as EL 1: A New Era.  The name apparently confused people

Source: Exotic Liability | 7 May 2011 | 5:46 pm

Ep. 021 Special Edition BackTrack 5 and Infected Mushroom

Our favorite linux distribution is about to release its new version - BackTrack5. How better to announce the release than by a big ol’ podcast complete with Infected Mushroom and almost the whole dev crew - Release Date May 05 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 4 May 2011 | 2:16 pm

Episode 37 – AccessData Interview

This episode I had the pleasure of talking to Brian Karney and Lee Reiber about AD Triage, MPE+, and FTK version 4.

Source: Forensic 4cast » Forensic 4cast | 29 Apr 2011 | 1:44 pm

SecuraBit Episode 80: Our 8080 Episode

SecuraBit Episode 80:  Our 8080 Episode
April 20, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit
Tony Huffman – @myne_us
Dan Mitchell - @danmitchell

Guests:
int80 - @dualcoremusic
DualcoreMusic

General topics:
http://dualcoremusic.com/nerdcore/
http://www.youtube.com/watch?v=CMNry4PE93Y

NEWS:

Patch Tuesday April 2011 64 patched:
http://www.microsoft.com/technet/security/current.aspx
http://isc.sans.edu/diary.html?date=2011-04-11

Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Verizon 2011 Data Breach Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2011_en_xg.pdf

Barracuda
http://www.thetechherald.com/article.php/201115/7044/Malaysian-group-hits-Barracuda-Networks-Update?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+SecurityBloggersNetwork+%28Security+Bloggers+Network%29
http://blog.barracuda.com/pmblog/index.php/2011/04/12/waf-importance/
http://www.securecomputing.net.au/News/254601,barracuda-hack-shows-importance-of-defenceindepth.aspx?utm_source=twitterfeed&utm_medium=twitter
http://www.flyingpenguin.com/?p=11513
“Starting Saturday night at approximately 5pm Pacific time, an automated script began crawling our Web site in search of unvalidated parameters.  After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market.  As with many ancillary scripts common to Web sites, this customer case study database shared the SQL database used for marketing programs which contained names and email addresses of leads, channel partners and some Barracuda Networks employees.  The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later.  We have logs of all the attack activity, and we believe we now fully understand the scope of the attack.”

Texas
http://www.txsafeguard.org/
http://blogs.chron.com/texaspolitics/archives/2011/04/personal_inform.html
“Personal information of about 3.5 million Texans -- including names, mailing addresses and Social Security numbers -- was posted on a publicly accessible server at the state comptroller's office, much of it for more than a year, Comptroller Susan Combs said.”

Michigan Police taking your phones
http://www.thenewspaper.com/news/34/3458.asp
http://www.geekosystem.com/cellebrite-cellphone-hacker/
“The American Civil Liberties Union (ACLU) is currently engaged in a war of words and requests for information on a device used by the Michigan state police that can extract information from cellphones. The device, which has reportedly been in use since at least 2008, is apparently being used by the police during minor traffic violations.”

Wordpress
http://en.blog.wordpress.com/2011/04/13/security/
http://newenterprise.allthingsd.com/20110413/wordpress-com-suffers-security-breach/?mod=ATD_rss&utm_source=twitterfeed&utm_medium=twitter
http://threatpost.com/en_us/blogs/wordpress-hacked-source-code-stolen-041311

Georgian woman cuts off web access to whole of Armenia
http://www.guardian.co.uk/world/2011/apr/06/georgian-woman-cuts-web-access

Hacker Group Changes Millions of Passwords to "password"; Only 38% of Users Notice
http://www.f-secure.com/weblog/archives/00002134.html
“Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.”

Quick Mentions:
FBI take down botnet
http://threatpost.com/en_us/blogs/doj-shuts-down-botnet-disables-infected-systems-041411
Facebook adds 2 factor
http://threatpost.com/en_us/blogs/facebook-adds-two-factor-authentication-041911
Flash 0 day:
http://www.adobe.com/software/flash/about/
Anything below version 10.2.153.1 is vulnerable

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
http://dualcoremusic.com/nerdcore/

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 27 Apr 2011 | 5:00 am

Ep. 020 Rapid Rapport for Social Engineers

There are a lot of skills that a social engineer needs to be successful. With all the important skills out there, one of the most is building rapport.  We invited back one of our favorite guests, Robin Dreeke, to talk about how he builds rapport in 5 minutes or less. Release Date April 11 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 10 Apr 2011 | 6:49 pm

Episode 36 – EnCase Forensic 7

In this episode we’re joined by Steve Salinas and Ashley Stockdale from Guidance Software. They’ve taken time out of their busy schedules to talk about the upcoming release of EnCase Forensic Version 7.

Source: Forensic 4cast » Forensic 4cast | 10 Apr 2011 | 2:59 pm

SecuraBit Episode 79: Back to the basics with Marcus Carey!

SecuraBit Episode 79:  Back to the basics with Marcus Carey!
April 6, 2011

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman – @myne_us

Guests:
Marcus J Carey- @iFail
http://hackersforcharity.org/

General topics:

NEWS:
Epsilon:
http://www.pcworld.com/businesscenter/article/224192/epsilon_data_breach_expect_a_surge_in_spear_phishing_attacks.html
http://www.eweek.com/c/a/Security/Epsilon-Data-Breach-Highlights-Cloud-Computing-Security-Concerns-637161/
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411
http://www.epsilon.com/News%20&%20Events/Press_Releases_2011/Epsilon_Notifies_Clients_of_Unauthorized_Entry_into_Email_System/p1057-l3

"On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway," the statement said.

LizaMoon:
http://threatpost.com/en_us/blogs/counterspin-lizamoon-web-attacks-no-big-deal-040511
In a post on Cisco's security blog, senior security researcher Mary Landesman said that data from the company's ScanSafe Web security infrastructure suggests that just over 1,000 Web domains have been compromised using the SQL injection attack, not the 500,000 to 1.5 million cited in published reports.

https://threatpost.com/en_us/blogs/widespread-lizamoon-web-attacks-push-rogue-antivirus-040111
“Websense researchers wrote on Thursday that a Google search for Web sites hosting the malicious URLs identified over 1.5 million Web sites hosting the code”

Pandora.com data leak:
http://threatpost.com/en_us/blogs/pandora-mobile-app-transmits-gobs-personal-data-040611?utm_source=Home+Page&utm_medium=Top+Graphic+Bar&utm_campaign=Position+3
“The data included both the owner's GPS location and tidbits the owners gender, birthday and postal code information. There was evidence that the app attempted to provide continuous location monitoring - which would tell advertisers not just where the user accessed the application from, but also allow them to track that user's movement over time. “

RSA attack:
http://threatpost.com/en_us/blogs/rsa-securid-attack-was-phishing-excel-spreadsheet-040111
“"The attacker in this case sent two different phishing emails over a two-day period. The two emails were sent to two small groups of employees; you wouldn’t consider these users particularly high profile or high value targets. The email subject line read '2011 Recruitment Plan," Uri Rivner, head of new technologies in the identity protection division of RSA wrote in a post on the attack”
http://www.nsslabs.com/research/analytical-brief-rsa-breach.html

¾ Energy Firms Had Data Breach over last year:
http://threatpost.com/en_us/blogs/study-three-four-energy-firms-had-data-breach-last-year-040511
Long perceived to be beyond the attention of hackers, energy firms and utilities now report that they are being targeted. In the Ponemon study, 76% of the IT security staff interviewed reported that their organization had experienced "one or more data breaches" in the last 12 months. A similar number - 69% - said they felt a data breach was likely to occur in the next 12 months, Ponemon said.

Comodo what really happened:
https://threatpost.com/en_us/blogs/phony-ssl-certificates-issued-google-yahoo-skype-others-032311
http://pastebin.com/uSdKNDN5
“ I found out that TrustDll.dll takes care of signing. It was coded in C#.
Simply I decompiled it and I found username/password of their GeoTrust and Comodo reseller account. “

FBI asks for help on cracking code:
http://www.h-online.com/security/news/item/FBI-asks-for-help-cracking-a-code-in-unsolved-murder-case-1220007.html

Other Stories:
http://www.techdirt.com/articles/20110401/13241213732/exploit-hadopi-site-turns-it-into-pirate-bay-supporter.shtml
http://news.softpedia.com/news/Google-Chrome-to-Block-Malicious-Downloads-193386.shtml

Use our discount code "Connect_SecuraBit" to get $150.00 off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
ThotCon (15 Apr 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
CEIC Orlando (15 – 18 May 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
#BSidesStJohns St. John's, NL (10 Jun 2011)
#BSidesCT Meriden, CT (11 Jun 2011)
FIRST Austria (12 - 17 June 2011)
#BSidesVienna(18 June 2011)
Toorcon (18 - 19 June 2011)
#BSidesLasVegas (3-4 August 2011)
BlackHat Vegas (3 - 4 August 2011)
DEFCON 19 (4 - 7 August 2011)
#BSidesLA Los Angeles, CA (18 - 19 August 2011)
#BSidesMO(21 Oct 2011)
#BSidesNewDelhi (22 - 23 October 2011)
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 8 Apr 2011 | 8:43 pm

Exotic Liability 72: Cobwebs

Ladies and Gentleman, it grieves us to no end to announce that this will be the final episode of Exotic Liability.  It's been a blast, and we wish we could continue, but life and work have proven to be to big of an obstacle to over come.  We said we'd do this until we not having fun anymore and we've reached that point.  Organizing schedules has taken all the fun out of it.  We will keep our twitter presence, and www.exoticliability.com will stick around as a place where like minded individuals can get together.

Thank you to all of our listeners for the crazy amount of support you've given us.  With much sadness, we say goodbye.

-Exotic Liability

Source: Exotic Liability | 1 Apr 2011 | 12:25 pm

Securabit Episode 78: Comodogate and Social Penetration!

Securabit Episode 78:  Comodogate and Social Penetration!
March 23, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony Huffman (myne-us)  – @myne_us

Guests:
Dave Kennedy - @dave_rel1k
Carlos “Darkoperator” Perez - @Carlos_Perez

General topics:

Rogue SSL certificates ("case comodogate") http://www.f-secure.com/weblog/archives/00002128.html

PTES - Penetration Testing Execution Standard http://www.pentest-standard.org/
Social Enginer Toolkit
http://www.social-engineer.org/podcast/
http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_(SET)
BackTrack http://www.backtrack-linux.org/
DerbyCon http://www.derbycon.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events:
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)
SANS Orlando March 2011
CEIC Orlando April 2011
FIRST Austria June 2011
BlackHat Vegas August 2011
VB Barcelona October 2011

Links:
http://www.securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 30 Mar 2011 | 11:03 am

SecuraBit Episode 77: Return to the Rabbit Hole

Securabit Episode 77:  Return to the Rabbit Hole
March 9, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony Huffman (myne-us)  – @myne_us
Andrew Borel –  @andrew_secbit

Guests:
Rafal Los - @wh1t3Rabbit

General topics:
Preview the upcoming BlackHat EU talk "Defying Logic."

Researchers Build Tool That Roots Out Business Logic Flaws In Web Apps
http://www.darkreading.com/database-security/167901020/security/application-security/229300667/researchers-build-tool-that-roots-out-business-logic-flaws-in-web-apps.html

--News
-Malware on the andoid market place. (DroidDream)
List of infected app http://blog.mylookout.com/2011/03/security-alert-malware-found-in-official-android-market-droiddream/

-Google nukes 150,000 email accounts on accident
http://gmailblog.blogspot.com/2011/02/gmail-back-soon-for-everyone.html

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 13 Mar 2011 | 5:37 pm

Ep. 019 Truth, Facts and the Telling The Story

Reporters have an amazing knack of getting information from people.  That alone interests us, but then you mix in their ability to take that info and make it interesting, make it captivating and make it real - that is an art.  We talk to a, in our opinion, superb reporter that works with CNET news as well as CBS Interactive, Elinor Mills.  She helps us to uncover the secrets to this art and see what we can learn. Release Date March 07 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 6 Mar 2011 | 8:02 pm

Episode 35 – Anonymously Yours

Is today’s show we discuss the HBGary v Anonymous issues, the opening of the CFCE to non-law enforcement, the future of digital forensics tools, and the 2011 Forensic 4cast Awards.

Source: Forensic 4cast » Forensic 4cast | 2 Mar 2011 | 1:11 pm

SecuraBit Episode 76: E-viting you to your demise!

SecuraBit Episode 76: E-viting you to your demise!
February 23, 2011

SecuraBit would like to apologize for the audio issues in this episode. We were not able to use the normal recording method due to a complete power failure.  Thanks for understanding!

Hosts:
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Tony – @myne_us
Dan Mitchell - @danmitchell
Andrew Borel –  @andrew_secbit

Guests:
Bill Swearingen - @hevnsnt

Trent Lo - @surbo

General topics:

History of i-hacked

[HackerRun] - @HackerRun
http://hackerrun.com/doku.php

Messing with evites

http://www.i-hacked.com/content/view/293/2/

http://www.csoonline.com/article/661365/evite-program-easily-tampered-with-researcher-says

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 2 Mar 2011 | 7:11 am

Ep. 018 Keeping Volunteers Motivated - Live at Shmoo 2011

Getting people to put their heart into their work can be achieved through many motivations.  If you have a job your employer does this through fair compensation and benefits. But how does one motivate volunteers when there is no money involved?  Not only that but keep them motivated day after day and year after year?  Join us as we  discuss this topic and a very special announcement with Johny Long, DualCore and the crew live at Shmoo 2011.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Feb 2011 | 7:59 pm

Securabit Episode 75: Booze over IP

Securabit Episode 75:  Booze over IP
February 9, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit
Tony  (myne-us)  – @myne_us

Guests:
Mike Dahn
twitter:  @mikd

Joe Gottlieb
Twitter: joe_gottlieb

General topics:
Mike:Bsides origins and other.  http://chaordicmind.com/blog/
Joe: Open Security Intelligence http://www.opensecurityintelligence.com/

On Monday, February 14th, SIEM and log management vendor SenSage will introduce the Open Security Intelligence forum to the security community to become involved in. The concept of the community is to share best practices in open security analytics to improve our collective security defenses. Specifically, Joe Gottlieb, President and CEO of SenSage would like to discuss:
- Current challenges with today’s SIEM tools, which are a decade old
- Why security analytics needs to be ‘open’
- Why integrating business intelligence tools (i.e. Pentaho, Microsoft Exchange, Cognos, etc.) with SIEM tools can create useful dashboards that help security analysts mine huge data stores for the ‘needle in the haystack’ information they need
- Why ‘security quants’ (analysts that can look deep into the data and develop complex yet useful SQL queries) will become the next role in the SOC
- The benefits of joining the community and sharing best practices

The community will be hosted on a web portal – www.opensecurityintelligence.com – that is under development and will be discussed in our Feb. 14 release. Also, Joe is also giving a talk at Security BSides  SF on 2/14 at 3pm PT on this very topic.

--HBGary Federal
http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/

--Nasdaq
attack does not yet have reports of how they where attacked. The comment on the website was for the 1999 attack where someone defaced the nasdaq website.

Quotes from http://www.wallstreetandtech.com/technology-risk-management/229201267

The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.

"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.

--Bsides
http://www.securitybsides.com/w/page/12194156/FrontPage
to contact: info (at) securitybsides dot org -or- call 415-742-1739

--Exploit developers corner
Looking for exploit developers!

If you have recently published an exploit or have a previously published exploits you would like to talk about contact us at feedback@securabit.com or can contact Tony (myne-us) directly on IRC at freenode #securabit to have a small interview about your discovery.

List of common questions.

-How did you find the vulnerability?
-What is your goal in vulnerability research?
-How did you go about disclosing the vulnerability and how did the vendor respond?
-And more...

!!Caution!!:  No undisclosed vulnerabilities (0 day)! These vulnerabilities need to be reported to the vendor and patched or exceed a time period where vendor did not patch. If interested in releasing exploit on the show that is fine if can show proof you disclosed to vendor or see the proof of concept already posted on exploit-db or have a CVE.

Us:NetWitness Spectrum at RSA http://www.netwitness.com/products/spectrum.aspx

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 14 Feb 2011 | 9:16 am

Securabit Episode 74: Podcasting in the Dark with Brian Krebs

Securabit Episode 74: Podcasting in the Dark with Brian Krebs
January 26, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Brian Krebs - @briankrebs - http://krebsonsecurity.com/

General topics:

  • I recall reading about various greeting card based attacks over the years.  Do you think they've all been originated by the same folks who did this one?  Or at least, with the same goals in mind?
  • How prevalent do you think ATM skimmers are?  What are some ways the common person can look out for them?
  • Do you think financial institutions are getting better at educating their customers about the protections provided/not provided under Regulation E?
  • Do you anticipate payment processing centers becoming a bigger target for criminals vs the individual businesses?
  • Since many financials are under pressure from new reserve requirements, do you think new security requirements will force smaller financials to merge? How can they balance the need to offer more convenient services (such as mobile banking) with the need to improve security at the same time?
  • What do you think the top 3 stories for 2010 were? Why do you think they were the top stories?


Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
CanSecWest2011 (9 - 11 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
BlackHat Europe 2011 (17 - 18 Mar 2011)
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 5 Feb 2011 | 12:43 pm

Exotic Liability 71: 0-Day

Pure awesome, Nuff said.

 

Intro - "Bullet in the Head" by Rage Against the Machine

Outro - "Cop Killer" by Body Count

Source: Exotic Liability | 19 Jan 2011 | 4:45 pm

Securabit Episode 73: Eber Kneber and botnet stuntmen

Securabit Episode 73:  Eber Kneber and botnet stuntmen
January 12, 2011

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
We discuss Kneber and other fun security topics with Alex Cox of NetWitness
@perpetualsec http://www.networkforensics.com/

General topics:
Kneber Botnet
Mariposa
Responsible disclosure
Evil Virustotal
http://socialmediasecurity.com/downloads/Facebook_Privacy_and_Security_Guide.pdf

PROGRAMMABLE HID USB KEYSTROKE DONGLE: USING THE TEENSY AS A PEN TESTING DEVICE https://www.defcon.org/html/defcon-18/dc-18-speakers.html#Crenshaw

http://www.irongeek.com/i.php?page=videos/dojocon-2010-videos


Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
ShmooCon (28 - 31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14 - 15 Feb 2011)
#BSidesCleveland (18 Feb 2011)
#BSidesHalifax (5 Mar 2011)
#BSidesGSO Greensboro, NC (9 Mar 2011)
#BSidesAustin (11 - 12 March 2011) http://www.keepsecurityweird.org/
#BSidesChicago (16 - 17 Apr 2011)
#BSides London, (20 Apr 2011)
#BSidesROC Rochester, NY (21 May 2011)
#BSidesDetroit (3 - 4 Jun 2011)

Links:
http://www.securabit.com

Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 19 Jan 2011 | 4:11 pm

Ep. 017 Dissecting The Art of Human Hacking

There has been a lot of buzz about the new book, Social Engineering: The Art of Human Hacking.  Along with the “buzz” is some very positive reviews and feedback.  The team at Social-Engineer.Org decided to gather a selection from the community as well as the SEORG team and interview the author, their very own Chris Hadnagy. Release Date Jan 10 2011


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Jan 2011 | 8:00 pm

SecuraBit Episode 72: Take risks, get owned!

SecuraBit  Episode 72:  Take risks, get owned!
Recorded on December 29, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Jason Mueller – @securabit_jay
Andrew Borel –  @andrew_secbit

Guests:
Jack Jones discusses Risk Assessment and the FAIR method http://riskmanagementinsight.com/

General topics:

Risk Management, Small biz vs Enterprise
Monte Carlo?
How to Measure Anything: Finding the Value of Intangibles in Business by Douglas W. Hubbard
http://www.amazon.com/How-Measure-Anything-Intangibles-Business/dp/0470539399/ref=tmm_hrd_title_0

OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (11-12 March 2011) http://www.keepsecurityweird.org/

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 6 Jan 2011 | 5:39 am

SecuraBit Episode 71: Managing our Careers with Lee Kushner

SecuraBit  Episode 71: Managing our Careers with Lee Kushner
December 15, 2010

Hosts:
Anthony Gartner – @anthonygartner http://anthonygartner.com
Chris Gerling  – @chrisgerling
Christopher Mills – @thechrisam
Andrew Borel –  @andrew_secbit

Guests:
Lee Kushner - @LJKush - http://www.ljkushner.com/ - http://www.infosecleaders.com/

General topics:
Discussion on Career Management
The importance of having a career plan.
It’s a very crowded market in information security, and it’s getting more so every day.

www.infosecleaders.com/2010-compensation-survey/
FAQ: Compromised Commenting Accounts on Gawker Media http://lifehacker.com/5712785/

OnePassword - http://agilewebsolutions.com/onepassword
KeePass - http://keepass.info/
LastPass - http://lastpass.com/

Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is good for all SANS courses in all formats.

Upcoming events
#BSidesBerlin (28-30 Dec 2010)
#BSidesMSP (7 Jan 2011)
ShmooCon (28-31 Jan 2011)
RSA Conference 2011 (14 -18 Feb 2011)
#BSidesSanFrancisco (14-15 Feb 2011)
#BSidesAustin (March 2011)

Links:
http://securabit.com
Chat with us on IRC at irc.freenode.net #securabit
iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405
iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

Source: SecuraBit | 19 Dec 2010 | 4:32 pm

Ep. 016 We Are Not The Jedi You Are Looking For…

In the movies a Jedi hand wave can force a target to think or act the way they want, but in real life what is needed to “influence” targets to think and act the way you want? Anchoring and Elicitation are two powerful tools of the social engineer. Join us as professional social engineer and FBI agent Robin Dreeke helps us to analyze these two powerful aspects of social engineering. Release Date Dec 12 2010


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 Dec 2010 | 10:34 pm

Exotic Liability 70: Port 79

- Mike Tyson

- Crazy Stories

- Lenny Zeltser Joins in

- Uncontrolable Laughter

- Port 79

 

http://www.kickstarter.com/projects/793929175/spoken-word-music-album-by-paulie-lipman

Intro: "Geek Love" by Paulie Lipman

Outro: "Atlas Quit" by Paulie Lipman

Source: Exotic Liability | 4 Dec 2010 | 8:17 pm

Ep. 015 Using Deception as a Social Engineer

Deception is very hard to understand.  What if we could write an algorithm that would dissect deception allow us to delve in at a molecular level?  This month’s podcast does that.  We talk with a psychologist and research that has dedicated his life to defining and understanding deception. Release Date Nov 8 2010


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Nov 2010 | 8:05 am

Exotic Liability 68: OpenDLP

-Andrew Gavin Joins in

-OpenDLP

-IDS/FUD stuff

-VAST/VOIP Stuff

-Random News

-No boobs in Australia

 

Intro: "Big girls need love too" by Blueprint

Outro: "The Spicy McHaggis Jig" by Dropkick Murphys

Source: Exotic Liability | 4 Nov 2010 | 1:12 am

Exotic Liability 67: Not 62

-The Return of stripper talk

-Cons

-Cool talks

-Random News

-Phone Creeper

-Sexting

-Some Voicemail

-And a Slew of other stuff

Intro: "Black Swan" By Thom Yorke

Outro: "Fuck You" By Cee Lo Green

Source: Exotic Liability | 20 Oct 2010 | 6:37 pm

Ep. 014 I S.E.e What You Are Thinking

Non-Verbal Communication is the way our bodys, faces, hands and feet tell the story about what our true thoughts are.  Join us this month as we talk with one of the world’s leading experts in non-verbal communications, Joe Navarro.  A 25 year veteran of the FBI and leading researcher into Body Language and Non-Verbal Communications, Joe helps us to see how these are used to both deceive and detect deception.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Oct 2010 | 9:01 am

Exotic Liability 66: Exploit Hub

-The boys actually talk security

-The Guys from NSS Labs join in

-Exploit Hub

-All kinds of other greatness

 

Intro: "Virus" By Deltron 3030

Outro: "Truth From Fiction" By Supreme Beings of Leisure

Source: Exotic Liability | 14 Sep 2010 | 7:32 pm

Ep. 013 Social Engineering The Hustle

Looking for social engineering skills in interesting jobs has always been a theme of our podcast since the beginning. Our guest this month made a career out of scamming people on camera, but with no malicious intent.  Paul Wilson is a magician, consultant to some of the biggest stars in the world as well as professional con artist.  Join us as we discuss his experiences and what he has learned.  Release Date 13 September 2010


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 13 Sep 2010 | 9:01 am

Exotic Liability 65: Screaming Pharaohs

-@shoebox joins in

-http://www.openlocksport.com

-Tip of the Day!

-Kinds of other Crazyness

 

Intro: "Passing By Behind Your Eyes" By Sunday School

Outro: "Rubber Vagina" By Unknown (Maybe Rodney Rude)

Source: Exotic Liability | 30 Aug 2010 | 5:58 pm

Ep. 012 Social-Engineer.Org Anniversary Edition at Defcon 18

WOW.  Our first year is just about over and here is our 1st year anniversary episode.We hope you enjoy the social-engineer crew live at Defcon with a room of about 100 people asking questions and getting involved in the fun. Thank you for the great year and we look forward to whats in store.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Aug 2010 | 9:04 pm

Exotic Liability 64: Ol' Grandpa

-Disaster Protocol Joins in for some shit talking

-Tools and News

-Pure Comedy

-BH.BSidesLV.DC talks

-@jsokoly joins in

- @myrcurial calls in

-http://freebyron.com

-EL Scares Marketing (and HR)

Intro: Ligatt Parody by the boys from Disaster Protocol (shitcast.co.uk)

Outro: "60 Revolutions" by Gogol Bordello

Source: Exotic Liability | 27 Jul 2010 | 5:08 pm

Exotic Liability 63: Branded

Sorry no time for Show notes... I'll try to get some up for this episode later.

 

Intro: "Lies" by Johnny Knows Karate

Outro: "Shrooms" by The Lonely Island

Source: Exotic Liability | 23 Jul 2010 | 12:15 pm

Ep. 011 Extreme Social Engineering - Defying Human Nature

What happens when the results of not being successful can cause jail time?  Is there a way to use SE skills to keep you from the slammer?  We talk to Dale Carson’s author of “Arrest Proof Yourself” about this very topic


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 Jul 2010 | 3:18 pm

Exotic Liability 62: The Ropes

-Social Networking

-Bad Articles

-Lameness

-F.U.D.

-Terrible Top 10

-Tons of other stuff

 

Intro: "Sofa King" by Dangerdoom

Outro: "Prince Charming" by Brother Ali

Source: Exotic Liability | 7 Jul 2010 | 4:14 pm

Exotic Liability 61: Maltego 3

-Rolaf  & Andrew from Paterva talk Maltego
-Fun with trucks and guns
-More Blue Lasers
-Tiger Team Rip-off
-Crazy dude tries to take out Bin Laden
-Drinking & Writing
-Eat Da Poo Poo!
-And more of the EL you love
Intro "Bottom Line" by Swollen Members
Outro "Eat Da Poo Poo AutoTune Remix" by BartBaKer (Youtube)

Source: Exotic Liability | 29 Jun 2010 | 5:00 pm

Exotic Liability 60: Metamorphosis

-Random News
-More Ligatt
-Book Troubles
-Screw Google, some more.
-Firing Squad

Intro: "Golden Brown" by The Stranglers
Outro: "Tennessee Wedding" by Jim Bianco

Source: Exotic Liability | 23 Jun 2010 | 2:26 pm

Exotic Liability 59: Infosec Slap Chop

-​Carlos Perez joins in
-SANS Pentesting Summit
-Pentesters need to learn business
-All kinds of Ligatt stuff
-@infosecmafia Joins in too
-Tons more

Intro "Let it off" by Phantogram
Outro "Shut the fuck up" by Cake

Source: Exotic Liability | 16 Jun 2010 | 5:02 pm

Ep. 010 Social Engineering - Past, Present and Future

A round table discussion with some of the brightest minds in social engineering. We will discuss future of social engineering and hear some really cool stories of actual exploits.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Jun 2010 | 3:15 pm

Exotic Liability 58: Nein Scheisse

No time for show notes, but Fucking Awesome!  Tons of tools and tons of stories!!!!!!!1111one!111!one1

Source: Exotic Liability | 10 Jun 2010 | 3:50 am

Ep. 009 Subliminal Persuasion for Social Engineers

Join us as we interview one of the world’s leading experts in unconscious persuasion.  Kevin helps us to analyze the methods that people are manipulated while on auto pilot. We dig deep and learn some of most amazing tips on persuasion you will ever hear.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 10 May 2010 | 2:25 pm

Exotic Liability 57: Historic Hard Dicks

-Happy Mothers Day

-our 13 month aniversary

-A whole lot of wrong

-A little bit of security

-A few fun tools

-Second big red button

-A bunch of other crap

Intro: "Mr. Shiny Cadillackness" by Clutch

Outro: "Gatman & Robbin'" by 50 Cent ft. Eminem

Source: Exotic Liability | 9 May 2010 | 11:58 pm

Exotic Liability 56: BBQ'd Bag-o-Dicks

-Thotcon

-National CCDC

-Source Boston

-Mexico City

-War Stories

-Tons of other stuff!

 

Intro - "Fuck you" by Lily Allen

Outro - "Fuck song" from Disaster Movie

Source: Exotic Liability | 30 Apr 2010 | 11:33 am

Ep. 008 The Social Engineering Zero Day Revealed!

The information contained in this podcast is some of the most mind blowing we have ever released.  An intimate talk with someone who has detailed knowledge of how to perform identity theft. He outlines, details and shows how these attacks are performed then talks with us how we can mitigate these attacks.  You will not want to miss this one.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 12 Apr 2010 | 2:09 pm

Exotic Liability 55: Honeyvag

I'm running way short on time, so sorry for the lacking show notes.  I promise it's a great one though!

 

-Confessions of a sec addict

-M$/RSA's NEW!!! findings

-A Ton more

 

Intro - Shame of Life by The Butthole Surfers

Outro - My Dick by Mickey Avalon

Source: Exotic Liability | 12 Apr 2010 | 11:20 am

Exotic Liability 54: Letter 3

-TJX Hacker

-Viper Car Alarms

-319753 Mute

-Voice Mail

-Drunk Dialed by our intern

-Tons and Tons more

 

Intro/Outro - "Typical" by Mute Math

Source: Exotic Liability | 28 Mar 2010 | 3:33 pm

Exotic Liability 53: Kos Continued

-Kos Interview Part 2

-Eurotrash + Jason Street Join in

-Ton more

Intro - "The Worst Day Since Yesterday" by Flogging Molly

Outro - "DUI #1" by Mac Lethal

Source: Exotic Liability | 23 Mar 2010 | 1:01 pm

Exotic Liability 52: The Kos

-Part 1 of 2

-Battery Trojan

-Kos Joins in

-More Goog vs China

-Tons more.

 

Intro - "Cause = Time" by Broken Social Scene

Outro - Natalie Portman Rap from SNL

 

Source: Exotic Liability | 15 Mar 2010 | 5:12 pm

Ep. 007 Using Persuasion on the Mindless Masses

Join the Social-Engineer.org team as we discuss the topics of persuasion and mindlessness with Harvard psychologist and world renowned persuasion expert, Ellen Langer.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Mar 2010 | 1:16 pm

Exotic Liability 51: Hungover w/ Ian Amit

-More Tech Problems

-Ian Amit joins in

-http://www.securityandinnovation.com/

-Cyberwar Jedi mind trick

-Nerd Thunderdome and BSidesLV 2010

-Botnet Fun

-Legalities

-ExcaliberCon

-A bunch more

 

Intro: Cyborg Love by Mac Lethal

Outro: Dirty Girl by Felt 2

Source: Exotic Liability | 8 Mar 2010 | 12:11 am

Exotic Liability 50: Double Stuffed w/ Joe Grand

-EL's 50th Episode Double the length

-Joe Grand joins in

-Tons of fun Hardware hacking stuff

-Technical Problems

-Badges, that shit ain't easy

-TV Sucks

-Jhaddix drops in

-CN goes to Jail

-Wet your noodle for the EFF

-Lady Laz3r show in Vegas

-A ton more

 

Intro: Closer to the Club by NIN vs 50 Cent

Outro: Poker Face Cover by Chris Daughtry

Source: Exotic Liability | 28 Feb 2010 | 6:58 pm

Exotic Liability 49: Misogyny

-First live stream(ish)!

-Rickrolled Live

-EL Android/iPhone Apps

-Boyscout, It's magic

-nmap String of Doom

-Unexpected Guests

-A ton of security stuff!

-Shmoocon

-Hackcon

Intro/Outro - Put it in Your Mouth by Akinyele

Source: Exotic Liability | 22 Feb 2010 | 2:27 am

Ep. 006 Using the Information We Gather As Social Engineers

A live edition of the podcast done at Shmoo Con. We had a very lively topic on how we use the information that is gathered on our social engineering audits. We invited TWO special guests, Tom Eston from Security Justice as well as Shawn Moyer. Both are experienced and seasoned pentesters and social engineers. We rip apart the information security field as well as policies, education and user relation in this podcast.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 8 Feb 2010 | 1:09 pm

Exotic Liability 48: Benevolent

-iPad -Only in Vegas

-Tech Crunch

-Joomla

-Laz3r is useless

-Addictomatic.com

-Socialmention.com

-Entitycube.research.microsoft.com

-Yasni.com

Intro - What's the Story Morning Glory by Oasis

Outro - El Chupa Nibre by Dangerdoom

Source: Exotic Liability | 7 Feb 2010 | 11:27 pm

Exotic Liability 47: Fast Forward

-Aluc joins in (@thealuc)

-Useful/Cool phone apps

-Give credit where it's due

-Red Teaming

-Much More

Source: Exotic Liability | 1 Feb 2010 | 12:14 am

Exotic Liability 46: Ninja Grillz

-Rafal Los is a Ninja Gangsta
-Web Scanners
-US getting hacked isn't new
-iQuake, app for quake victims
-Tons, I do mean tons, more

Source: Exotic Liability | 25 Jan 2010 | 2:21 am

Ep. 005 Exclusive Interview with the BackTrack 4 Development Team

Have you ever wondered where BackTrack came from?  Want to know how new editions of our favorite pentesting tool come about?  Join us as we talk with muts, balding_parrot, pure_hate as well our panel and special guest and web developer DigiP.

This exclusive will be one to remember.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 18 Jan 2010 | 1:00 pm

Exotic Liability 45: The Couch

-The Goog vs China
-Haiti
-Vegas
-CES
-Dogs Invade
-Porn and plot lines
-Upcoming Cons
-Tons More

Source: Exotic Liability | 17 Jan 2010 | 7:35 pm

Ep. 004 NLP, SE and Manipulation Secrets Revealed

Join us as we reveal some of the secrets that are widely used in marketing.  From social engineering tactics, NLP secrets and manipulation strategies are now unmasked.  We join forces with NLP and SE Expert Brad Smith to discuss these hot topics.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 11 Jan 2010 | 11:59 am

Exotic Liability 44: A New Year of Terrorism

-Hezbolla
-Epic failures
-TSA
-The system works
-Voicemail
-Facebook Apps
-A TON more

Source: Exotic Liability | 4 Jan 2010 | 10:06 am

Exotic Liability 43: An Exotic Christmas

- Brittney Murphy
- Sky Hacking
- Gates calls in
- Security, it's nothing new
- Bad Santa
- And more

Source: Exotic Liability | 23 Dec 2009 | 4:18 pm

Ep. 003 Framing - Alter the Reality Frame

We discuss the aspect of framing from a very unique perspective.  Join us as we delve into the depths of framing and see how we use it in our daily lives and what we can learn from a Harvard Math Genius.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 14 Dec 2009 | 10:44 am

Exotic Liability 42: Tom Brennan

-Delchi starts off the show
-Tom Brennan talks OWASP Top10
-And more of the offensive security you love

Source: Exotic Liability | 14 Dec 2009 | 1:42 am

Exotic Liability 41: That's My Face

-Cyborg Bruce
-Passwords are easy
-7 Scam Principles
-SE
-and more!

Source: Exotic Liability | 7 Dec 2009 | 3:08 am

Exotic Liability 40: The CN vs .cn

- China stories galore
- Walmart, No questions asked
- France takes it again
- ELCon?!?! We need your input!

Source: Exotic Liability | 15 Nov 2009 | 11:26 pm

Ep. 002 Pretexting - Not just for social engineers anymore

Pretexting is one of the key components of social engineering.  When we decided to search out a professional radio host we never thought we would meet one as dynamic and intriguing as Tom Mischke.  Join us as Tom helps us to analyze a side of pretexting we rarely consider.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 9 Nov 2009 | 9:54 am

Exotic Liability 39: Marcus J. Carey

Marcus J. Carey joins us
DojoSec/DojoCon
Mitnick bashing
Tigerteam is bullshit
Giving earns respect
A new meaning to ATM

Source: Exotic Liability | 9 Nov 2009 | 1:42 am

Exotic Liability 38: Jayson Street

- Jayson E. Street
- Dissectingthehack.com
- The return of Skype
- Dale and Delchi call in
- Tech problems make Laz3r cry
- Infosec Camps
- Sharing Info
- It's a community
- Strippers to hackers program

Source: Exotic Liability | 1 Nov 2009 | 11:21 pm

Exotic Liability 37: Social Security Engineer

-Tool Runners
-Information Gathering
-Social Security Engineers
-Mistreating Strippers

Source: Exotic Liability | 25 Oct 2009 | 11:57 pm

Ep. 001 Interrogation and Social Engineering

This month we are interviewing ex-Law Enforcement agent Matt Churchill.  He has experience in interrogation and interview tactics.


Download Standard Podcasts

Source: Social-Engineer.Org PodCast | 5 Oct 2009 | 10:36 am

InfoSec Daily Podcast Episode 799

Episode 799 - Stuxnet at Chevron, MW3 vulns, Google Info Requests, CSA 2012 reprise, and Blizzard sued

Source: InfoSec Daily Podcast |

This page is heavly modified from this example

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast