RSA Conference | Vince in the Bay

Jul 05 2018

Cyber Security, DefCon, GDPR, Giovanni Vigna, hacking, infosec, RSA Conference, technology

PODCAST: Giovanni Vigna

giovanni_vigna_square

Giovanni is a co-founder and CTO of Lastline, Inc., a company which develops solutions to detect and mitigate advanced malware and targeted threats. He is a Professor in the Department of Computer Science at the University of California in Santa Barbara and director of the Center for CyberSecurity at UCSB. He is co-director of the Security Lab, which is part of the iSeclab group and founder of the Shellphish hacker group which has annually competed in the DEFCON CTF (won in 2005) and also The DARPA Cyber Grand Challenge (3rd place). He also organizes the International Capture The Flag (iCTF), one of the world’s largest attack-defense hacking competitions.

Giovanni’s research focuses on vulnerability analysis, web security, malware analysis, and mobile security. We met in San Francisco at RSAC 2018 this year where he presented two talks, one entitled How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days and also The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem.

This episode we discuss all these things plus GDPR, Santa Barbara hot springs and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Check out Giovanni at RSAC 2018:

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

Tagged computers, Cyber Grand Challenge, Cyber Security, DARPA, DEF CON, DEFCON CTF, GDPR, Giovanni Vigna, hacking, iCTF, Information Security, infosec, Internet, Lastline, podcast, Privacy, RSA Conference 2018, RSAC18, security, Security Research, Shellphish, technology, UCSB

Jun 19 2018

Leave a comment

Cyber Security, infosec, Old Lady Gangs, Privacy, RSA Conference, Social Engineering

PODCAST: RSAC 2018 – Jessy Irwin

Guest Jessy Irwin

This episode’s guest is Jessy Irwin, Head of Security at Tendermint. We spoke at RSAC 2018 in San Francisco where she presented Cracking the Security Communications Code: Talk about Security without FUD. She also did a talk at OURSA entitled Defense in Depth: Building An Old Lady Gang. Check out Jessy’s website!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged Cyber Security, hacking, Information Security, Jessy Irwin, Old Lady Gangs, OURSA, podcast, RSA Conference 2018, RSAC18, security, Tendermint

May 10 2018

Leave a comment

Cyber Security, hacking, infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, vishing

PODCAST: RSAC 2018 – Joe Gray

Guest Joe Gray

My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged ADVANCED PERSISTENT SECURITY, Cyber, Cyber Security, cybersecurity, hacking, Information Security, infosec, Internet, Joe Gray, OSINT, pen-testing, podcast, RSA Conference 2018, SECTF, security, Security Research, Social Engineering, tech, technology, vishing

Apr 29 2018

Leave a comment

Cyber Security, infosec, Internet Of Things, Privacy, RSA Conference, Social Engineering, technology

PODCAST: RSAC 2018 – Mark Nunnikhoven

Guest Mark Nunnikhoven

Mark is Vice President of Cloud Research at Trend Micro. He joined me at RSAC 2018 to discuss developing new email security gateway tools, operational technology in IoT, the new Cybersecurity Tech Accord, information security buzzwords and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged computers, Cyber Security, Cybersecurity Tech Accord, hacking, Internet, Internet Of Things, IoT, Mark Nunnikoven, operational technology, Phishing, podcast, security, technology, The Cyber, Trend Micro, VITB, Writing Style DNA

Apr 22 2018

Leave a comment

bug bounties, Cyber Security, Disclosure, Hackers, hacking, infosec, pen-testing, RSA Conference

PODCAST: RSAC 2018 – Katie Moussouris

Katie-M-RSAC2018

Guest Katie Moussouris

Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure entitled “Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark” at the RSA Conference last week in San Francisco. Check out her slides here.

After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.

This episode is the 1st in a series dedicated to RSA Conference 2018. Stay tuned for more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!!

Tagged bug bounties, Cyber Security, hacking, Information Security, infosec, Internet, Katie Moussouris, Luta Security, podcast, RSA Conference 2018, security, tech, technology, vulnerability disclosure

Apr 20 2018

1 Comment

infosec, OSINT, pen-testing, RSA Conference, SECTF, Social Engineering, social media, vishing

RSAC 2018 – Rachel Tobac & Joe Gray

Compromising a Fortune 500 Business without Hacking a Thing!

Rachel Tobac and Joe Gray present at RSAC2018!!

A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.

Learning Objectives:
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.

CLICK HERE FOR THE SLIDES FROM PRESENTATION

CLICK HERE TO DOWNLOAD MP3 FILE

Tagged hacking, Information Security, Internet, Joe Gray, OSINT, podcast, Rachel Tobac, RSA Conference 2018, security, Social Engineering, tech, technology

Mar 20 2017

2 Comments

botnets, business, crime, cyber crime, cyber espionage, Cyber Security, Cyber Security stocks, finance, Hackers, hacking, infosec, Internet Of Things, investing, Mirai, Privacy, RSA Conference, technology

PODCAST: RSA Conference 2017

LISTEN TO FULL PODCAST

Another year, another wave of security incidents and threat models to keep the cybersecurity industry busy. So there was plenty to discuss and share as the InfoSec community flocked to San Francisco for the annual RSA Conference last month.

RSAC2017-escalator1

A view from the escalator as I descend into the bowels of RSAC 2017.

As always, the latest trends in the industry were addressed. Large data breaches, quickly growing threat models, security education, political hacking, and the risks posed by the Internet of Things were common threads throughout many of the keynotes, sessions, workshops, expos, and general chatter among attendees.

RSAC has more of a trade show feel compared to other security conferences so I’ve learned over the years that it’s best to approach the conference as an opportunity to meet and network with industry experts. This year I spent less time attending the talks and more time meeting with the players in the industry who are there to make deals and form partnerships.

However, I did catch several enlightening talks and panel discussions featuring the likes of ex-CIA operative Valerie Plame, security guru Bruce Schneier, researcher Rob Graham, people-security expert Masha Sedova, and security consultant Jeff Carr. Also enjoyed the entertaining keynotes by Late Night host Seth Meyers and astrophysicist Neil deGrasse Tyson.

This slideshow requires JavaScript.

CHECK OUT ROB GRAHAM’S TALK ON MIRAI AND IoT BOTNETS HERE!

Throughout the week I was lucky to catch up with several industry professionals representing some of the top tier firms in the cybersecurity sector who shared their take on the challenges and trends facing cybersecurity firms, their clients, and end users.

This episode of the podcast features interviews collected at RSAC 2017.

BIG THANKS TO THE GUESTS ON THIS EPISODE!!

Dave Lewis

Dave Lewis – Akamai

rob-graham

Rob Graham – Errata Security

Donald Meyer

Donald Meyer – Check Point Software

Dario Forte

Dario Forte – DFLabs

: Sebastian Bortnik

: Alex Horan

: Selena Proctor

Sebastian, Alex and Selena – Onapsis

Scott Bollinger

Scott Bollinger – Security Researcher

Jeffrey Carr

Jeffrey Carr – 20K League

DOWNLOAD FULL PODCAST MP3

SUBSCRIBE on iTunes, GooglePlay, Stitcher, and Soundcloud!!

Follow on Twitter!

Follow @VinceintheBay

Feb 15 2017

2 Comments

botnets, hacking, infosec, Internet Of Things, Mirai, RSA Conference

RSAC 2017: Rob Graham on Mirai and IoT Botnets

UPDATED WITH SLIDES (03/15/17)

“Mirai and IoT Botnet Analysis” MP3 AUDIO FILE

“Mirai and IoT Botnet Analysis” SLIDES – PDF FILE

At this year’s RSA security conference in San Francisco, researcher Rob Graham gave a presentation entitled “Mirai and IoT Botnet Analysis.” His talk examined the infamous “Mirai” Internet of Things botnet and shared details on how it operates. Graham also covered technical aspects of the cameras it infects and detailed his own experimentation with Mirai in the wild. He went on to discuss last year’s massive DDoS attacks on DNS provider Dyn, which involved variations of the Mirai IoT botnet.

No official AV video recording of this talk, but the audio and RSAC slides are all you need.

Enjoy!

Also, check out Rob’s blog!

-Vince

Follow me on Twitter!

Follow @VinceintheBay

Tagged botnets, cybersecurity, DDoS attacks, Dyn, Errata Security, Information Security, infosec, Internet Of Things, IoT, Mirai, RSA Conference 2016, technology

Nov 27 2016

Leave a comment

Debate, RSA Conference, technology

RSA Security Thunderdome Debate

As the glory of 2016 rolls to an end, I plan to empty my archive of some unreleased recordings which never made it on to any podcasts over the past year.

Rob Graham

I’m starting with this recording from the RSA Conference earlier this year in San Francisco, CA. It features Jen Ellis of Rapid7 moderating a “Security Thunderdome” debate between Rob Graham (Errata Security) and Josh Corman (Atlantic Council). It’s basically a debate about debating. A very spirited breakdown of the anatomy of a debate with a focus on cyber security.

The audio quality isn’t the best, but good enough to follow along. If you listen closely you’ll hear me ask a question from the audience toward the end. Big thanks to RSA, Jen, Rob, and Josh for allowing me to record the session. I hope this “Thunderdome Debate” format will return next year to RSA and possibly expand to at least another hour. Enjoy!

DIRECT DOWNLOAD OF MP3

Tagged Atlantic Council, Cyber, Debate, Errata Security, infosec, Jen Ellis, Josh Corman, Rob Graham, RSA Conference 2016, Security Research

Vince in the Bay

VITB 4 LYFE

Category Archives: RSA Conference

PODCAST: RSAC 2018 – Katie Moussouris

PODCAST: RSA Conference 2017

A view from the escalator as I descend into the bowels of RSAC 2017.

DOWNLOAD FULL PODCAST MP3

RSAC 2017: Rob Graham on Mirai and IoT Botnets

UPDATED WITH SLIDES (03/15/17)

RSA Security Thunderdome Debate

DIRECT DOWNLOAD OF MP3

VITB 4 LYFE

Category Archives: RSA Conference

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

Share this:

Share this:

Share this:

Like this:

Share this:

Share this:

Compromising a Fortune 500 Business without Hacking a Thing!

Share this:

A view from the escalator as I descend into the bowels of RSAC 2017.

Share this:

UPDATED WITH SLIDES (03/15/17)

Share this:

Share this: