Category Archives: technology

Podcast: Malcolm Harkins

Malcom-Harkins-Twitter

Malcolm Harkins

Malcolm Harkins is the Chief Security and Trust Officer at Cylance Inc. He oversees information technology, information risk and security, as well as security and privacy policy. Harkins is also responsible for peer out reach activities to drive improvement across the world in the understanding of cyber-risks as well as best practices to manage and mitigate those risks. Previously Harkins was Vice President and Chief Security and Privacy Officer (CSPO) at Intel Corporation.

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Check out Malcolm’s talks at RSAC

Malcolm on panel at RSAC 2018:

Tagged , , , , , , ,

PODCAST: Giovanni Vigna

giovanni_vigna_square

Giovanni Vigna

Giovanni is a co-founder and CTO of Lastline, Inc., a company which develops solutions to detect and mitigate advanced malware and targeted threats. He is a Professor in the Department of Computer Science at the University of California in Santa Barbara and director of the Center for CyberSecurity at UCSB. He is co-director of the Security Lab, which is part of the iSeclab group and founder of the Shellphish hacker group which has annually competed in the DEFCON CTF (won in 2005) and also The DARPA Cyber Grand Challenge (3rd place). He also organizes the International Capture The Flag (iCTF), one of the world’s largest attack-defense hacking competitions.

Giovanni’s research focuses on vulnerability analysis, web security, malware analysis, and mobile security. We met in San Francisco at RSAC 2018 this year where he presented two talks, one entitled How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days and also The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem.

This episode we discuss all these things plus GDPR, Santa Barbara hot springs and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Check out Giovanni at RSAC 2018:

How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days

The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem

 

Tagged , , , , , , , , , , , , , , , , , , , , , ,

PODCAST: Ben & Spencer from Rhino Security Labs

Ben-Spencer-tiled

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs

Benjamin Caudill and Spencer Gietzen of Rhino Security Labs join me to discuss their research on Amazon Web Services privilege escalation vulnerabilities. Spencer recently revealed their AWS research on the Rhino Security Labs blog. Rhino is also rolling out a new open source AWS post-exploitation framework, designed for offensive security testing against AWS environments called Pacu. We also discuss how Ben and Spencer both found their way into the information security industry, pet peeves and more!

DIRECT DOWNLOAD OF PODCAST MP3 FILE

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , , , , , , , , , , ,

PODCAST: Amazon Key & HID Attacks with MG

WiRPfsLy_400x400

Guest: MG

This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.

Check out MG’s work here!

Amazon Key Attack

HID attack hardware

All-USB-devices-on-table

USB Rubber Ducky by Hak5

USB-rubber-ducky

MG’s HID attack platform for USB Type-A connectors

USBA-connector

PCB-boardwithUSBAconnector

Smoke-emitting USB drive

Smoke-USB

Exploding USB drive

Apple USB Lightning connector (MG’s HID attack cable on left)

Apple-lightningbolt2

Apple-lightningbolt-1

MG’s HID attack platform for USB Type-C connectors

USBC-connectors

DIRECT DOWNLOAD OF PODCAST MP3

Subscribe on iTunes, GooglePlay and Stitcher!

Tagged , , , , , , , ,

PODCAST: Judy Towers & Michael Goedekr

This episode is an interview with intelligence analyst Judy Towers and Michael Goedekr, CEO of hackdefnet, conducted over the summer at DEFCON 25 in Las Vegas (2017). Judy and Michael share their thoughts on threat intelligence, risk analysis, dealing with C suite executives and more.

Tagged , , , , , , , ,
%d bloggers like this: