Ben Johnson is founder and CTO of Obsidian Security and formerly of Carbon Black and the National Security Agency. We met in San Francisco while Ben was in town for RSA 2018. In the interview we discuss his work and how the movie Enemy of the State inspired him to join the NSA. We also discuss GDPR and other cybersecurity related stuff.
Benjamin Caudill and Spencer Gietzen of Rhino Security Labs join me to discuss their research on Amazon Web Services privilege escalation vulnerabilities. Spencer recently revealed their AWS research on the Rhino Security Labs blog. Rhino is also rolling out a new open source AWS post-exploitation framework, designed for offensive security testing against AWS environments called Pacu. We also discuss how Ben and Spencer both found their way into the information security industry, pet peeves and more!
My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!