Another return guest! Richard Henderson is Global Security Strategist for Absolute. He talked with me at RSA 2018 in San Francisco about dark endpoints, GDPR, Software Defined Radio, his DEF CON ham radio fox hunt and more!
ICYMI: Richard’s first appearance on the podcast last year.
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!
Giovanni is a co-founder and CTO of Lastline, Inc., a company which develops solutions to detect and mitigate advanced malware and targeted threats. He is a Professor in the Department of Computer Science at the University of California in Santa Barbara and director of the Center for CyberSecurity at UCSB. He is co-director of the Security Lab, which is part of the iSeclab group and founder of the Shellphish hacker group which has annually competed in the DEFCON CTF (won in 2005) and also The DARPA Cyber Grand Challenge (3rd place). He also organizes the International Capture The Flag (iCTF), one of the world’s largest attack-defense hacking competitions.
Giovanni’s research focuses on vulnerability analysis, web security, malware analysis, and mobile security. We met in San Francisco at RSAC 2018 this year where he presented two talks, one entitled How Automated Vulnerability Analysis Discovered Hundreds of Android 0-days and also The Good, the Bad and the Ugly of the Ultrasonic Communications Ecosystem.
This episode we discuss all these things plus GDPR, Santa Barbara hot springs and more!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!
Check out Giovanni at RSAC 2018:
Benjamin Caudill and Spencer Gietzen of Rhino Security Labs
Benjamin Caudill and Spencer Gietzen of Rhino Security Labs join me to discuss their research on Amazon Web Services privilege escalation vulnerabilities. Spencer recently revealed their AWS research on the Rhino Security Labs blog. Rhino is also rolling out a new open source AWS post-exploitation framework, designed for offensive security testing against AWS environments called Pacu. We also discuss how Ben and Spencer both found their way into the information security industry, pet peeves and more!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!
Guest Jessy Irwin
This episode’s guest is Jessy Irwin, Head of Security at Tendermint. We spoke at RSAC 2018 in San Francisco where she presented Cracking the Security Communications Code: Talk about Security without FUD. She also did a talk at OURSA entitled Defense in Depth: Building An Old Lady Gang. Check out Jessy’s website!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!
Guest Joe Gray
My guest this episode is social engineering guru Joe Gray. Joe is a Senior Security Architect at IBM and has his own blog and podcast called Advanced Persistent Security. Joe presented a talk at RSA this year with friend of the show Rachel Tobac on social engineering and OSINT which I posted the full audio of here. Joe spoke with me about Social Engineering, OSINT, vishing, SECTFs, password inspections and more!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!!
Guest Mark Nunnikhoven
Mark is Vice President of Cloud Research at Trend Micro. He joined me at RSAC 2018 to discuss developing new email security gateway tools, operational technology in IoT, the new Cybersecurity Tech Accord, information security buzzwords and more!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!!
Guest Katie Moussouris
Katie is the founder and CEO of Luta Security. She presented a talk on bug bounties, penetration testing and vulnerability disclosure entitled “Bug Bounty Buzzword Bingo—Deep Dive under a Jumped Shark” at the RSA Conference last week in San Francisco. Check out her slides here.
After her talk she spoke with me about the evolution of bug bounty programs, her work in developing ISO standards for vulnerability disclosure, her path to a career in information security and much more.
This episode is the 1st in a series dedicated to RSA Conference 2018. Stay tuned for more!
DIRECT DOWNLOAD OF PODCAST MP3 FILE
Subscribe on iTunes, GooglePlay and Stitcher!!
Rachel Tobac and Joe Gray present at RSAC2018!!
A simulated compromise of a Fortune 500 company as part of a social engineering competition will lead to discussion about how data was collected using open source intelligence (OSINT) beyond that of social media and tools. It will identify places to find data, providing insight for more valuable data sources. This will include a demo of OSINT techniques, phishing and a pretexting discussion.
Learning Objectives:
1: Learn how to defend against social engineering.
2: Understand the relative ease in collecting open source intelligence (OSINT).
3: Learn more about the tools and techniques used in social engineering.
Guest: MG
This episode’s guest is Bay Area based security researcher MG. He joins the podcast to share his work experimenting with various HID (Human Interface Devices) attacks using USB drives and cables. MG has also made news recently for disclosing a vulnerability in the Amazon Key smart lock technology and shares his experience developing the proof of concept and eventually sharing it with Amazon’s security team.
Check out MG’s work here!
Amazon Key Attack
HID attack hardware
MG’s HID attack platform for USB Type-A connectors
Smoke-emitting USB drive
Exploding USB drive
Apple USB Lightning connector (MG’s HID attack cable on left)
MG’s HID attack platform for USB Type-C connectors
DIRECT DOWNLOAD OF PODCAST MP3
Subscribe on iTunes, GooglePlay and Stitcher!
Guest – Rachel Tobac
Rachel is co-founder and CEO of Social Proof Security and Chair of the Board of Women In Security and Privacy.
Rachel discusses (and demonstrates) the art of “vishing” and social engineering. She placed 2nd twice in the Social Engineering Capture the Flag competition at DEFCON 24 and DEFCON 25 and has become a popular speaker and advocate for personal and organizational safety through social engineering awareness.
Subscribe via iTunes, GooglePlay and/or Stitcher!
DIRECT DOWNLOAD MP3 OF PODCAST
Vince in the Bay 