Category Archives: hacking

PODCAST: RSAC 2018 – Joe Gray

Joe-Gray

Guest Joe Gray

My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!

DbKQ-n_U8AA4xcm

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

 

Tagged , , , , , , , , , , , , , , , , , , ,

PODCAST: RSAC 2018 – Katie Moussouris

Katie-M-RSAC2018

Guest Katie Moussouris

Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure entitled “Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark” at the RSA Conference last week in San Francisco. Check out her slides here.

After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.

This episode is the 1st in a series dedicated to RSA Conference 2018. Stay tuned for more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

 

Tagged , , , , , , , , , , , , ,

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , ,

PODCAST: Ray Watson

HFeL7OPC_400x400

Ray Watson

This episode’s guest is Ray Watson who presented at Black Hat 2017. He joins me to talk about hacker history and share some of his infosec pet peeves. We recorded this interview in July 2017 during the week of Black Hat and DEFCON in Las Vegas. His talk was entitled “Jedi Masters, Sith Lords, and Droids: 5 Generations of Hacking” and can be seen in it’s entirety below.

DFsvjCCUMAAC8dx

Ray and Vince hanging out after recording the podcast interview.

 

Tagged , , , , , ,

BrightTALK webinar: Google Docs Phishing Scam

What-is-google-docs-phishing-slide-2

ICYMI: I moderated a BrightTALK webinar on the recent Google Docs phishing attack.

Join BrightTALK and check out this informative panel discussion featuring myself along with panelists Nathan Wenzler and Kowsik Guruswamy.

This slideshow requires JavaScript.

A massive phishing campaign targeting Google accounts ripped through the internet on a Wednesday afternoon in early May. Phishing scams are pretty common. What sets this scam apart is that it is more convincing than most. The email takes users who click on the file to a legitimate Google sign-in screen to grant permissions. If you received the email or are concerned you might be targeted next, join this interactive Q&A panel to get the facts and protect your account and your organization.

We discuss:
– What is the Google Docs email scam?
– How is this scam different from other phishing scams?
– What’s the deal with Eugene Pupov?
– Who’s at risk and how can you avoid being a victim?
– What can we expect in the future?

Moderator:
– Vince Tocce, Vince in the Bay Podcast

Speakers:
– Nathan Wenzler, Chief Security Strategist at AsTech Consulting
– Kowsik Guruswamy, CTO for Menlo Security

Follow me on Twitter!

Tagged , , , , , , , , , , , , , , , , ,